Access to journal files running in container on k8s

[omri-cavnue]

Component(s)

receiver/journald

What happened?

Description

I was able to set up my own custom docker image that has the journalctl binary for arm64. However, I now get the following error:

journalctl command failed (exit status 1): No journal files were opened due to insufficient permissions.

I tried running the container as privileged, but the error is still there. What permission is required to read it from a container? I am mounting /run/log/journal.

On host I can run journalctl as user without any root auth needed

Steps to Reproduce

Expected Result

Actual Result

Collector version

arm64:latest

Environment information

Environment

Jetson Jetpack 35.4.1
Compiler(if manually compiled): (e.g., "go 14.2")

OpenTelemetry Collector configuration

journald:
    directory: /run/log/journal
    units:
      - ssh
    priority: info

Log output

No response

Additional context

No response

[github-actions]

Pinging code owners:

• receiver/journald: @sumo-drosiek @djaglowski

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[sumo-drosiek]

Could you run ls -al /run/log/journal inside the container?

[omri-cavnue]

Running ps faux | grep otel shows that the container is running with user 1001 (likely random user). However, when I try to build with USER root or create a user and add it to systemctl group, the container goes into crashloop. This is definitely the problem though as likely 1001 doesn't have permission

Not really sure why setting user as root causes it to fallover

[omri-cavnue]

Looks like it's from the base otel image . Otel base image has no shell since it's from scratch, so having trouble getting around this

[omri-cavnue]

I was finally able to figure out by building a custom image. This doesn't seem very scalable IMO

[sumo-drosiek]

@omri-cavnue Did you try to run container with the root user (using --user argument)?

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

• receiver/journald: @sumo-drosiek @djaglowski

See Adding Labels via Comments if you do not have permissions to add labels yourself.