Skip to content

Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. #40339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 12, 2021
Merged

Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. #40339

merged 2 commits into from
Oct 12, 2021
+0 −2

Conversation

kminehart
Copy link
Contributor

What is ProcSubset?

Basically it limits what folders in the /proc directory the program can access. In LXC environments this option can prevent Grafana from starting, though in other environments this is a pretty benign option.

@kminehart
update rpm service file

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
8ef4dc3
@kminehart
Update grafana-server.service

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
dca03c3
@kminehart kminehart added the old backport v8.2.x Mark PR for automatic backport to v8.2.x label Oct 12, 2021
@kminehart kminehart requested a review from marefr October 12, 2021 16:16
marefr
marefr approved these changes Oct 12, 2021
View reviewed changes
Copy link
Contributor

@marefr marefr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kminehart kminehart merged commit fe5e494 into main Oct 12, 2021
@kminehart kminehart deleted the km/remove-proc-subset branch October 12, 2021 16:18
@grafanabot grafanabot mentioned this pull request Oct 12, 2021
Merged
grafanabot pushed a commit that referenced this pull request Oct 12, 2021
@kminehart @grafanabot
Packaging: Remove ProcSubset option in systemd (#40339)
fa9579d 
* update rpm service file

* Update grafana-server.service

(cherry picked from commit fe5e494)
kminehart added a commit that referenced this pull request Oct 12, 2021
@grafanabot @kminehart
Packaging: Remove ProcSubset option in systemd (#40339) (#40340)

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
49aadec 
* update service file

(cherry picked from commit fe5e494)

Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
@marefr marefr added this to the 8.2.2 milestone Oct 13, 2021
@chri2547 chri2547 changed the title Packaging: Remove ProcSubset option in systemd Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. Oct 20, 2021
@erdnaxe erdnaxe mentioned this pull request Oct 23, 2021
Merged
12 tasks
Ma27 pushed a commit to NixOS/nixpkgs that referenced this pull request Oct 23, 2021
@erdnaxe
nixos/grafana: fix systemd unit

Verified

This commit was signed with the committer’s verified signature. The key has expired.
erdnaxe
GPG key ID: 6C79278F3FCDCC02
Expired
Verified
Learn about vigilant mode
8d55967 
Remove MemoryDenyWriteExecute hardening as it breaks image rendering
plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed.
Remove PrivateUsers and ProcSubset as upstream choose to remove it.

Upstream changes: <grafana/grafana#40219>,
<grafana/grafana#40178>,
<grafana/grafana#40339> and
<grafana/grafana#40815>.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marefr marefr

Assignees
No one assigned
Labels
add to changelog old backport v8.2.x Mark PR for automatic backport to v8.2.x type/build-packaging
Projects
None yet
Milestone
8.2.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kminehart @marefr @grafanabot