How do I access certain (all) files?

[qwerty10110]

When I shell into the container I can't access /opt/splunk/var/run, even when I use sudo cd run/

sudo: unable to send audit message: Operation not permitted

Why is it that I can't access all directories, even while I'm a sudo user?

Thanks

PS: since I'm using this in the context of a containerized deployment (kubernetes) I'm also posting this question in docker-splunk. I apologize if this is the wrong place.

[qwerty10110]

I need to research this more

[nwang92]

The $SPLUNK_HOME directory is owned by the Splunk user ($SPLUNK_USER env var). This should be splunk by default, so you can do something like:

docker exec -it -u splunk mycontainername bash

or

ansible@mycontainername$ sudo -u splunk bash

[qwerty10110]

Ok, this did help. Thanks!