Exiting: error loading config file: open filebeat.yml: permission denied

I try to specifiy the config file for filebeat, but all the time I get a permission denied error in the container. User root is set and strict.perms=false too.

I'm using following versions:

[root@mschindl-lnx1 config-dir]# docker version

Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
Go version: go1.10.3
Git commit: 64e9980/1.13.1
Built: Tue Apr 28 14:43:01 2020
OS/Arch: linux/amd64

Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
Go version: go1.10.3
Git commit: 64e9980/1.13.1
Built: Tue Apr 28 14:43:01 2020
OS/Arch: linux/amd64
Experimental: false

[root@mschindl-lnx1 config-dir]# cat /etc/redhat-release

CentOS Linux release 7.8.2003 (Core)

[root@mschindl-lnx1 config-dir]# docker run -d
> -h filebeat
> -u root
> --name filebeat
> -v /mnt/auditlogs/:/mnt/audit/
> --volume="/config-dir/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"
> --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro"
> --volume="/var/run/docker.sock:/var/run/docker.sock:ro"
> docker.elastic.co/beats/filebeat:7.8.0 filebeat -e -strict.perms=false
> -E output.elasticsearch.hosts=["elasticsearch:9200"]
cee692103573ad316b9a60ab082f0d6d227a146be24f5a4ce23e121236b80232

[root@mschindl-lnx1 config-dir]# docker logs filebeat

Exiting: error loading config file: open filebeat.yml: permission denied

[root@mschindl-lnx1 config-dir]# ls -lisah filebeat.yml

69806038 4.0K -rw-r--r--. 1 root root 359 Jul 1 14:39 filebeat.yml

Workaround in a another thread didn't work:

[root@mschindl-lnx1 config-dir]# docker exec -it filebeat bash -l
[root**@filebeat** filebeat]# ls -lnR /usr/share/filebeat/filebeat.yml

-rw-r-----. 1 0 1000 319 Jun 14 18:19 /usr/share/filebeat/filebeat.yml

[root**@mschindl-lnx**1 config-dir]# ls -n filebeat.yml

-rw-r-----. 1 0 1000 359 Jul 1 14:39 filebeat.yml

Any help is appreciated :slight_smile:

(I want to use filebeat to filter an audit.log file for a specific error code and sent it to elasticsearch.)

The issue was selinux. For testing I disabled it now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.