1

We are deploying the node_exporter on all of our servers to monitor resources. Some servers are spamming the logs with the following :

/sys/devices/system/cpu/cpu0/cpufreq: permission denied

or 

could not get ARP entries: open /proc/net/arp: permission denied

On these servers I am also getting permission denied when I want to cat /proc/net/arp (as an example) as a regular user. When executing this as sudo, I am able to see the contents. This however is only the case on some of our servers, most of them are able to read the contents of proc and sys as a regular user. The read/write permission and owners of these files are exactly the same on both servers (working and not-working):

-r--r--r-- 1 root root 0 Oct 23 14:04 arp

/proc is mounted the same way on both servers as well (in /etc/fstab). I tried unmounting and remounting /proc on the failing servers but no luck. Anyone has an idea?

Improve this question

1 Answer 1

Reset to default
1

Try to verify if there isn't any SELinux policy in place preventing the regular user from reading these files.

This post can help you to verify if it is the case.

Improve this answer
1
  • Thanks. I use Ubuntu; these use AppArmor instead. However, on the failing servers aa-status shows that the apparmor module is not loaded. Some of the working servers have apparmor enabled. So it doesn't look like this is the issue.
    – imJoJe
    Commented Oct 23, 2019 at 13:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .