Multiple pods are failing with "permission denied" errors in OCP 4 with Dynatrace

Solution Verified - Updated -

Issue

  • The cluster pods are getting in CrashLoopBackOff state with the below error, irrespective of the nature of pods. Also the impacted pod runs with expected SCC:

    standard_init_linux.go:219: exec user process caused: permission denied

  • The hosting node is filled with denied avc messages in the audit log:

    Thu Aug 5 07:16:24 2021 type=AVC msg=audit(1628147784.931:14314): avc: denied { entrypoint } for pid=123645 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="nvme0n1p2" ino=94245343 scontext=system_u:system_r:container_t:s0:c0,c20 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0 ---- time->Thu Aug 5 07:21:31 2021 type=AVC msg=audit(1628148091.950:14315): avc: denied { entrypoint } for pid=2004905 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="nvme0n1p3" ino=94245343 scontext=system_u:system_r:container_t:s0:c0,c20 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Clusters deployed with dynatrace-operator, dynatrace-agents are impacted.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content