It looks like when importing os/exec and using it to spawn command, on linux amd64, it fails with an Operation not permitted.
This is a code sample https://play.golang.com/p/kriZT9RpYlr that you should be able to reproduce after loading the beater from main.
I used a docker container on the
alpine image after installing
musl-dev, git, go
If I remove the import
github.com/elastic/beats/libbeats/beat with the same
os/exec it works. I suspect, there is a vendored library that is messing something.
The issue is located here:
[pid 27396] syscall_18446744073709551615(0xc000032160, 0xc00002e230, 0xc00045e0b0, 0, 0, 0) = -1 (errno 1) [pid 27396] write(9, "\1\0\0\0\0\0\0\0", 8) = 8 [pid 27396] exit(253) = ? [pid 27396] +++ exited with 253 +++
if I systrace it but I don't know how to dig further.
Let me know how I can help, I was trying to upgrade the
libbeat for my
cmdlinebeat project: https://github.com/tehmoon/cmdlinebeat