Unable to run commands using exec.Command from Beat ( Linux )

I have a working beat created using Beats framework. However i am not able to execute bash commands from inside using exec.Command().

Build process of this beat is same that is listed on beats framework.

[root@10.142.41.140 nvidiagpubeat]$ make
go build -i -ldflags "-X github.com/elastic/beats/libbeat/version.buildTime=2019-02-06T21:48:53Z -X github.com/elastic/beats/libbeat/version.commit=0e2fe4d23b6393ab6782e7eb703715bc3d56112d"

[root@10.142.41.140 nvidiagpubeat]$ ./nvidiagpubeat -c nvidiagpubeat.yml -e -d "*"

func command() {
gpucount := "ls /dev | grep nvidia | grep -v nvidia-uvm | grep -v nvidiactl | wc -l"
cmd := exec.Command("bash", "-c", gpucount)
out, err := cmd.Output()
if err == nil {
fmt.Println(string(out))
}
}

//Run Contains the main application loop that captures data and sends it to the defined output using the publisher
func (bt *Nvidiagpubeat) Run(b *beat.Beat) error {
command()
...
}

This throws an error

2019-02-06T14:52:31.261-0700 ERROR beater/nbeat.go:65 ********** Unable to run command , error: fork/exec /usr/bin/bash: operation not permitted

I can run the same code in a simple test.go file and run it but not from beat.

For security purposes the libbeat framework by default drops the ability to fork/exec. So if you are developing your own Beat that needs to do those things you should programmatically register your own less restrictive policy or you can disable the protections from your config by setting seccomp.enabled: false (or on the CLI with -E seccomp.enabled=false).

• https://github.com/elastic/beats/tree/master/libbeat/common/seccomp#package-seccomp
• https://www.elastic.co/guide/en/beats/filebeat/6.6/linux-seccomp.html

Hello Andrew,
Thanks for you response. I see that you have answered similar questions in past.

I have similar questions

I tried seccomp.enabled in nvidiagpubeat.yml

nvidiagpubeat:
period: 1s
query: "utilization.gpu,utilization.memory"
env: "production"
seccomp.enabled: false

and it did not work.

However command line option worked like a charm.

./nvidiagpubeat -c nvidiagpubeat.yml -e -d "*" -E seccomp.enabled=false

Regards,
Deepak

I even tried

nvidiagpubeat:
period: 1s
query: "utilization.gpu,utilization.memory,memory.total,memory.free,memory.used,temperature.gpu,pstate"
env: "production"

libbeat:
seccomp.enabled: "false"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.