Crowdsec IPS unprivileged?

Domino · June 7, 2024, 2:34pm

Hello

I tried to install an IPS, Crowdsec, in a container, but it failed. I have a permission problem. I think it’s due to the unprivileged mode, it would require privileged mode? Has anyone tried to install this IDS in a container or in a VM?

install agent

 incus launch images:debian/12/amd64 crowdsec

 curl -s https://install.crowdsec.net | sudo sh

 apt install crowdsec

root@crowdsec:~# systemctl start crowdsec.service
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.

root@crowdsec:~# journalctl -xe
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0000:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0000:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0100:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0100:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0103:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0103:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0B00:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0B00:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0C02:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0C02:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0C02:01: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0C02:01/uevent': Permis
sion denied

ashni · June 11, 2024, 10:54am

Domino:

install agent

 incus launch images:debian/12/amd64 crowdsec

 curl -s https://install.crowdsec.net | sudo sh

 apt install crowdsec

root@crowdsec:~# systemctl start crowdsec.service
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.

root@crowdsec:~# journalctl -xe
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0000:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0000:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0100:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0100:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0103:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0103:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0B00:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0B00:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0C02:00: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0C02:00/uevent': Permis
sion denied
Jun 07 14:20:12 crowdsec udevadm[130]: PNP0C02:01: Failed to write 'add' to '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:06/PNP0C02:01/uevent': Permis
sion denied

Hey there,
I totally got you, I can understand that you are having trouble installing Crowdsec IPS in a container due to permission issues. The error messages show that some operations are being denied permission.
One possible solution is to run the container in privileged mode, which grants it more permissions. However, this might have security risks.
Alternatively, you could explore other options like adjusting the container’s capabilities or permissions.
Have others in the community faced similar issues when installing Crowdsec IPS in a container or VM? Their experiences might provide helpful insights.