Error writing file /root/.kube/config: unable to open /tmp/juju : permission denied (sysctl fs.protected_regular)

[alexeadem]

💣 update config: writing kubeconfig: Error writing file /root/.kube/config: failed to acquire lock for /root/.kube/config: {Name:mk72a1487fd2da23da9e8181e16f352a6105bd56 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}: unable to open /tmp/juju-mk72a1487fd2da23da9e8181e16f352a6105bd56: permission denied

I'm running minikube with:

sudo minikube --vm-driver=none

This issue didn't happen in v1.3.1. The issue was discovered in v1.8.2.

Removing the /tmp/juju-* files fixes the problem but it happens every time you run sudo minikube stop or sudo minikube --vm-driver=none

Issue #5660 was opened and closed after the workaround above

[afbjorklund]

The ancient minikube probably used a different method, like not locking at all and hoping for the best.

Do you have any selinux rules or otherwise that prevents opening temporary files ? Maybe systemd ?

[alexeadem]

Yup. The ancient minikube didn't have delete.go and context.go. selinux is disabled.

getenforce Disabled

But I'm using

--extra-config=kubelet.cgroup-driver=systemd

Alex

[alexeadem]

I think the problem here is that the files /tmp/juju-mk* are written as user instead of root even is sudo is used.

-rw------- 1 alex alex 0 Mar 15 10:41 /tmp/juju-mk061e272a59a4a72388b0d6272ab1df9bf2f30b -rw------- 1 alex alex 0 Mar 15 10:41 /tmp/juju-mk19004591210340446308469f521c5cfa3e1599

If I change the owner to sudo chown root:root /tmp/juju-mk* it works. Not sure why files are written under user $USER

[alexeadem]

I think the problem is related to

https://github.com/juju/mutex/blob/master/mutex_flock.go

and how sudo is handled

[alexeadem]

changing this

fd, err := syscall.Open(flockName, syscall.O_CREAT|syscall.O_RDONLY|syscall.O_CLOEXEC, 0600)

to

fd, err := syscall.Open(flockName, syscall.O_RDWR, 0)
in
https://github.com/juju/mutex/blob/master/mutex_flock.go
fixes the problem

[afbjorklund]

Thanks for confirming the problem is with systemd, then it's the same as #6391

[alexeadem]

thanks so much. sudo sysctl fs.protected_regular=0 works.
Never mind modifying juju :)

[afbjorklund]

Never mind modifying juju :)

I guess long term it will have to change, as long as systemd keeps on making breaking changes...

Thanks for opening a bug report: juju/mutex#7

[naseercs91]

When I start K8S with minikube over my local ubuntu 20.04 LTS with the command $ minikube start --force --driver=docker (I user --driver=docker unless I use minikube start will not work for me)
stderr:
error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io "minikube-rbac" already exists

x Exiting due to HOST_JUJU_LOCK_PERMISSION: Failed kubeconfig update: unable to acquire lock for {Name:mk19004591210340446308469f521c5cfa3e1599 Clock:{} Delay:500ms Timeout:1m0s Cancel:}: unable to open /tmp/juju-mk19004591210340446308469f521c5cfa3e1599: permission denied
bulb Suggestion: Run 'sudo sysctl fs.protected_regular=0', or try a driver which does not require root, such as '--driver=docker'
popcorn Related issue: #6391
can you guys please help me to fix the issue permanently I used $ sudo sysctl fs.protected_regular=0 also but still the issue remains same.