Allow CAP_DAC_OVERRIDE for the smart collector

[chef.git] / cookbooks / hardware / recipes / default.rb

diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb
index 6095cceeb4f939c70fd311b6fe8c9e5954d991aa..48e8f28889d3286069cada8c68ce92bd47a7e213 100644 (file)
--- a/cookbooks/hardware/recipes/default.rb
+++ b/cookbooks/hardware/recipes/default.rb
@@ -186,6 +186,8 @@ if File.exist?("/etc/default/grub")
   end
 end
 
+package "initramfs-tools"
+
 execute "update-initramfs" do
   action :nothing
   command "update-initramfs -u -k all"
@@ -536,7 +538,7 @@ if disks.count.positive?
   prometheus_collector "smart" do
     interval "15m"
     user "root"
-    capability_bounding_set "CAP_SYS_ADMIN"
+    capability_bounding_set %w[CAP_DAC_OVERRIDE CAP_SYS_ADMIN CAP_SYS_RAWIO]
     private_devices false
     private_users false
     protect_clock false
@@ -700,7 +702,7 @@ prometheus_collector "ohai" do
   interval "15m"
   user "root"
   proc_subset "all"
-  capability_bounding_set "CAP_SYS_ADMIN"
+  capability_bounding_set %w[CAP_DAC_OVERRIDE CAP_SYS_ADMIN]
   private_devices false
   private_users false
   protect_clock false