Multiple pods are failing with "permission denied" errors in OCP 4 with Dynatrace
Issue
-
The cluster pods are getting in
CrashLoopBackOff
state with the below error, irrespective of the nature of pods. Also the impacted pod runs with expected SCC:standard_init_linux.go:219: exec user process caused: permission denied
-
The hosting node is filled with denied
avc
messages in the audit log:Thu Aug 5 07:16:24 2021 type=AVC msg=audit(1628147784.931:14314): avc: denied { entrypoint } for pid=123645 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="nvme0n1p2" ino=94245343 scontext=system_u:system_r:container_t:s0:c0,c20 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0 ---- time->Thu Aug 5 07:21:31 2021 type=AVC msg=audit(1628148091.950:14315): avc: denied { entrypoint } for pid=2004905 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="nvme0n1p3" ino=94245343 scontext=system_u:system_r:container_t:s0:c0,c20 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Clusters deployed with dynatrace-operator, dynatrace-agents are impacted.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.