Os/exec Operation Not Permitted when beats is imported


#1

Hi!

It looks like when importing os/exec and using it to spawn command, on linux amd64, it fails with an Operation not permitted.

This is a code sample https://play.golang.com/p/kriZT9RpYlr that you should be able to reproduce after loading the beater from main.
I used a docker container on the alpine image after installing musl-dev, git, go

If I remove the import github.com/elastic/beats/libbeats/beat with the same os/exec it works. I suspect, there is a vendored library that is messing something.

The issue is located here:

[pid 27396] syscall_18446744073709551615(0xc000032160, 0xc00002e230, 0xc00045e0b0, 0, 0, 0) = -1 (errno 1)
[pid 27396] write(9, "\1\0\0\0\0\0\0\0", 8) = 8
[pid 27396] exit(253)                   = ?
[pid 27396] +++ exited with 253 +++

if I systrace it but I don't know how to dig further.

Let me know how I can help, I was trying to upgrade the libbeat for my cmdlinebeat project: https://github.com/tehmoon/cmdlinebeat

Regards,


#2

I did not see this post before posting: Operation not permitted <= New Beat


#3

Well -E seccomp.enabled=false did it... I feel so bad, I've tried a lot of things and could not figure it out...