System.UnauthorizedAccessException: Access to the path '/proc/1/map_files' is denied.

[vadiml77]

Describe the bug

While deploying bridge to kubernetes to debug a container, the remote agent crashes in K8S upon startup. The issue is access control violation shown below

kubectl describe pod ssp-dev-ssp-azserver-77d6756cf-28ffq

Events: Type Reason Age From Message

---

Normal Scheduled Successfully assigned dev/ssp-dev-ssp-azserver-77d6756cf-28ffq to lvndev002414.bpc.broadcom.net Normal Pulled 3m19s kubelet, lvndev002414.bpc.broadcom.net Successfully pulled image "bridgetokubernetes.azurecr.io/lpkremoteagent:0.1.7" in 990.636282ms Normal Pulled 3m17s kubelet, lvndev002414.bpc.broadcom.net Successfully pulled image "bridgetokubernetes.azurecr.io/lpkremoteagent:0.1.7" in 912.628437ms Normal Pulled 3m4s kubelet, lvndev002414.bpc.broadcom.net Successfully pulled image "bridgetokubernetes.azurecr.io/lpkremoteagent:0.1.7" in 917.04075ms Normal Created 2m33s (x4 over 3m19s) kubelet, lvndev002414.bpc.broadcom.net Created container ssp-azserver Normal Started 2m33s (x4 over 3m19s) kubelet, lvndev002414.bpc.broadcom.net Started container ssp-azserver Normal Pulled 2m33s kubelet, lvndev002414.bpc.broadcom.net Successfully pulled image "bridgetokubernetes.azurecr.io/lpkremoteagent:0.1.7" in 852.750572ms Warning BackOff 2m4s (x8 over 3m16s) kubelet, lvndev002414.bpc.broadcom.net Back-off restarting failed container Normal Pulling 110s (x5 over 3m20s) kubelet, lvndev002414.bpc.broadcom.net Pulling image "bridgetokubernetes.azurecr.io/lpkremoteagent:0.1.7"

[~/ssp/AuthHub] $ k logs ssp-dev-ssp-azserver-77d6756cf-28ffq System.UnauthorizedAccessException: Access to the path '/proc/1/map_files' is denied. ---> System.IO.IOException: Operation not permitted --- End of inner exception stack trace --- at System.IO.Enumeration.FileSystemEnumerator1.FindNextEntry(Byte* entryBufferPtr, Int32 bufferLength) at System.IO.Enumeration.FileSystemEnumerator1.MoveNext() at System.IO.FileSystemWatcher.RunningInstance.AddDirectoryWatchUnlocked(WatchedDirectory parent, String directoryName) at System.IO.FileSystemWatcher.RunningInstance.AddDirectoryWatchUnlocked(WatchedDirectory parent, String directoryName) at System.IO.FileSystemWatcher.RunningInstance.AddDirectoryWatchUnlocked(WatchedDirectory parent, String directoryName) at System.IO.FileSystemWatcher.RunningInstance.AddDirectoryWatchUnlocked(WatchedDirectory parent, String directoryName) at System.IO.FileSystemWatcher.RunningInstance..ctor(FileSystemWatcher watcher, SafeFileHandle inotifyHandle, String directoryPath, Boolean includeSubdirectories, NotifyFilters notifyFilters, CancellationToken cancellationToken) at System.IO.FileSystemWatcher.StartRaisingEvents() at System.IO.FileSystemWatcher.StartRaisingEventsIfNotDisposed() at System.IO.FileSystemWatcher.set_EnableRaisingEvents(Boolean value) at Microsoft.Extensions.FileProviders.Physical.PhysicalFilesWatcher.TryEnableFileSystemWatcher() at Microsoft.Extensions.FileProviders.Physical.PhysicalFilesWatcher.CreateFileChangeToken(String filter) at Microsoft.Extensions.FileProviders.PhysicalFileProvider.Watch(String filter) at Microsoft.Extensions.Configuration.FileConfigurationProvider.<.ctor>b__1_0() at Microsoft.Extensions.Primitives.ChangeToken.ChangeTokenRegistration1..ctor(Func1 changeTokenProducer, Action1 changeTokenConsumer, TState state) at Microsoft.Extensions.Primitives.ChangeToken.OnChange(Func1 changeTokenProducer, Action changeTokenConsumer) at Microsoft.Extensions.Configuration.FileConfigurationProvider..ctor(FileConfigurationSource source) at Microsoft.Extensions.Configuration.Json.JsonConfigurationSource.Build(IConfigurationBuilder builder) at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() at Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration() at Microsoft.Extensions.Hosting.HostBuilder.Build() at Microsoft.BridgeToKubernetes.DevHostAgent.Program.CreateHost(String[] args) in /src/devhostagent/Program.cs:line 29 at Microsoft.BridgeToKubernetes.Common.AspNetCoreRunner.RunHost(Assembly webhostAssembly, Func`2 hostBuilder, String[] args, String userAgent) in /src/common/AspNetCoreRunner.cs:line 32

A clear and concise description of what the bug is.

To Reproduce Steps to follow to reproduce this issue.

**Expected behavior** remote agent loaded cleanly **Logs** Attach logs from the following directory: For Windows: %TEMP%/Bridge to Kubernetes For OSX/Linux: $TMPDIR/Bridge to Kubernetes If you are a Visual Studio user, - Set the environment variable MS_VS_AZUREDEVSPACES_TOOLS_LOGGING_ENABLED=true - Open Visual Studio and run your scenario - Provide logs from: %temp%\Microsoft.VisualStudio.Kubernetes.Debugging **Environment Details** Client used (**VS Code**): Version: 1.65.0 Commit: b5205cc8eb4fbaa726835538cd82372cc0222d43 Date: 2022-03-02T11:11:20.886Z Electron: 13.5.2 Chromium: 91.0.4472.164 Node.js: 14.16.0 V8: 9.1.269.39-electron.0 OS: Darwin x64 21.1.0 **Bridge to Kubernetes: v1.0.120220125** Client's version: Operating System: **Additional context** Add any other outputs from the clients or context you would like to share.

[vadiml77]

I verified that the approach mentioned in issue # 218 to use devhostagent 20210909.01 does solve this problem

set the environment variable and start Code.

export BRIDGE_DEVHOSTIMAGENAME="lolodi/devhostagent:20210909.1"

[vadiml77]

Sorry for reopening this but we need to understand why the latest macos vscode still exhibits the issue with /proc/... since macos does not expose /proc on the file system.

And while using the older image (export BRIDGE_DEVHOSTIMAGENAME="lolodi/devhostagent:20210909.1") does get through the issue with /proc, that image is almost a year old, and what we're seeing with that image is that it does not seem to proxy traffic to the application being debugged.

So we can neither use the latest (due to /proc issue), nor the proposed solution (20210909.1) to the /procs issue due to the traffic issue.

Any help is greatly appreciated! Thanks