Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Falcon-sensor-injector: runningError: container has runAsNonRoot and image has non-numeric user (root) #333

Open
bhagtrajaram opened this issue Nov 5, 2024 · 6 comments
Open

Falcon-sensor-injector: runningError: container has runAsNonRoot and image has non-numeric user (root) #333

bhagtrajaram opened this issue Nov 5, 2024 · 6 comments

Comments

@bhagtrajaram
Copy link

bhagtrajaram commented Nov 5, 2024
edited
Loading

Hi,

Currently getting the below error message (using falcon-sensor as sidecar):

Error: container has runAsNonRoot and image has non-numeric user (root), cannot verify user is non-root (pod: "falcon-sensor-injector-54d7dc487-fjgl7_falcon-system(64ddfe7b-5844-4c47-82bc-2841e2d2d2ba)", container: falcon-sensor-injector)

using the below properties (using version 1.29.1 of falcon-sensor helm-chart):

set {
    name  = "falcon.cid"
    value = "some_number"
  }

  set {
    name  = "node.enabled"
    value = "false"
  }

  set {
    name  = "container.enabled"
    value = "true"
  }

  set {
    name  = "container.image.repository"
    value = "<myRegistry>/falcon-sensor"
  }

  set {
    name  = "container.image.digest"
    value = "<myDigest>"
  }

  set {
    name  = "falcon.trace"
    value = "err"
  }

Using:

AWS EKS v1.31 with Fargate/EC2 nodes.

On the namespace falcon-system i have added the annotation:

"pod-security.kubernetes.io/enforce" = "privileged"

Please advise.
@redhatrises
Copy link
Contributor

You can try to use the baseline pod security standard to see if that works instead of privileged, but this is not an issue with the helm chart.

@bhagtrajaram
Copy link
Author

now using the annotation on the falcon-system pod:

pod-security.kubernetes.io/enforce=baseline

getting the same:

Error: container has runAsNonRoot and image has non-numeric user (root), cannot verify user is non-root (pod: "falcon-sensor-injector-8cccfdc77-ftfpx_falcon-system(b31227d2-afc8-48dc-b6a8-625b6625f6f0)", container: falcon-sensor-injector)

Where can i drop this issue?

@redhatrises
Copy link
Contributor

What sensor image are you using for this? falcon-container or falcon-linux?

@redhatrises
Copy link
Contributor

Basically, make sure that you are running the right image for the sidecar and that you are not attempting to use the node sensor as the sidecar image.

@bhagtrajaram
Copy link
Author

i'm using the falcon-sensor image, followed the steps in this README.md

@redhatrises
Copy link
Contributor

Sounds like you might be using the wrong sensor image. Should be using the sensor image from registry.crowdstrike.com/falcon-container/us-1/release/falcon-sensor which has a tag like 7.19.0-5806.container.x86_64.Release.US-1 which is meant for fargate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@redhatrises @bhagtrajaram