Skip to content

fix(doctor): elevate root-only checks (btrfs, podman) via sudo when not root#580

Merged
passcod merged 1 commit into
mainfrom
doctor-btrfs-skip-unprivileged
Jun 25, 2026
Merged

fix(doctor): elevate root-only checks (btrfs, podman) via sudo when not root#580
passcod merged 1 commit into
mainfrom
doctor-btrfs-skip-unprivileged

Conversation

@passcod

@passcod passcod commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Member

🤖 Running bestool tamanu doctor as an unprivileged user produces two false warnings:

WARN  btrfs          /: `btrfs device stats /` exited 1: ... Operation not permitted
WARN  version_drift  `podman ps` failed ... newuidmap ... (rootless)

Both are privilege artifacts, not faults — and the data is obtainable, just needs root:

  • btrfs device stats / subvolume list need CAP_SYS_ADMIN.
  • version_drift — the deployment uses rootful podman, so the containers are only visible to root; as a normal user podman ps runs rootless and errors.

So rather than skip (go blind), elevate: when not running as root (euid != 0, read from /proc/self/status), run those commands via sudo. The alertd daemon runs the sweep as root and invokes them directly — this only changes the interactive non-root case, which now collects the same data instead of warning. Assumes passwordless sudo where used; otherwise sudo's own failure surfaces in the check.

podman elevation lives in the shared running_versions_linux, so tamanu status gets the same fix.

Note: this addresses the interactive case. The separate report that the root daemon itself gets EPERM on btrfs device stats is a sandbox/caps issue in the deployed unit, still being diagnosed — elevation doesn't apply there (already root).

@passcod passcod force-pushed the doctor-btrfs-skip-unprivileged branch from fd89da1 to e957406 Compare June 25, 2026 13:07
@passcod passcod changed the title fix(doctor): skip the btrfs check when unprivileged instead of warning fix(doctor): skip root-only checks (btrfs, version_drift) when not root Jun 25, 2026
@passcod @claude
fix(doctor): elevate root-only checks via sudo when not running as root
12b41c3 
btrfs (device stats / subvolume list need CAP_SYS_ADMIN) and version_drift
(rootful podman is only visible to root) both failed for an unprivileged
interactive `bestool tamanu doctor`: btrfs returned EPERM and podman ran
rootless and errored. Rather than report blind, elevate those commands via
sudo when not root. The alertd daemon runs the sweep as root and invokes
them directly, so this only affects interactive non-root runs (assumes
passwordless sudo where used; otherwise sudo's failure surfaces in-check).

podman elevation goes in the shared running_versions_linux, so `tamanu
status` benefits too.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@passcod passcod force-pushed the doctor-btrfs-skip-unprivileged branch from e957406 to 12b41c3 Compare June 25, 2026 13:14
@passcod passcod changed the title fix(doctor): skip root-only checks (btrfs, version_drift) when not root fix(doctor): elevate root-only checks (btrfs, podman) via sudo when not root Jun 25, 2026
@passcod passcod added this pull request to the merge queue Jun 25, 2026
Merged via the queue into main with commit d2e90eb Jun 25, 2026
11 checks passed
@passcod passcod deleted the doctor-btrfs-skip-unprivileged branch June 25, 2026 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@passcod