Issue
You are trying to install the agent on a host running Google's Container optimised OS and it is in a restart loop, or the installation is failing
/usr/bin/docker run --restart always --name datacollector --net=host --pid=host --privileged d --volume /var/lib/lacework:/var/lib/lacework --volume /var/log:/var/log --volume /var/run:/var/run --volume /etc/passwd:/etc/passwd:ro --volume /etc/group:/etc/group:ro --env ACCESS_TOKEN=<token> --env SERVER_URL=https://api.fra.lacework.net (https://api.fra.lacework.net/) lacework/datacollector:latest
/var/lib/backup/datacollector_wrap.sh: 40: /var/lib/lacework/datacollector: Permission denied
Environment
Google's container optimised OS installing any version of the Lacework agent
Key words
- COS
- Lacework agent
- Agent
- Installation
Resolution
The root cause of this issue is that the /var/lib/ volume is mounted as no exec on COS
To remedy this, you need to update the custom metadata option on each COS host to mount this volume with exec privileges
#cloud-config
mounts:
-[/var/lib/lacework, /var/lib/lacework, "none:, "bind", "0", "0"]
-[/var/lib/lacework, /var/lib/lacework, "auto:, "remount,exec", "0", "1"]
After this change is made restart the host and reattempt the installation.