summaryrefslogtreecommitdiffstats
path: root/collectors/diskspace.plugin
diff options
context:
space:
mode:
Diffstat (limited to 'collectors/diskspace.plugin')
-rw-r--r--collectors/diskspace.plugin/plugin_diskspace.c33
-rw-r--r--collectors/diskspace.plugin/plugin_diskspace.h2
2 files changed, 33 insertions, 2 deletions
diff --git a/collectors/diskspace.plugin/plugin_diskspace.c b/collectors/diskspace.plugin/plugin_diskspace.c
index 311b55adf..2e7d18909 100644
--- a/collectors/diskspace.plugin/plugin_diskspace.c
+++ b/collectors/diskspace.plugin/plugin_diskspace.c
@@ -83,6 +83,28 @@ int mount_point_cleanup(void *entry, void *data) {
return 0;
}
+// for the full list of protected mount points look at
+// https://github.com/systemd/systemd/blob/1eb3ef78b4df28a9e9f464714208f2682f957e36/src/core/namespace.c#L142-L149
+// https://github.com/systemd/systemd/blob/1eb3ef78b4df28a9e9f464714208f2682f957e36/src/core/namespace.c#L180-L194
+static const char *systemd_protected_mount_points[] = {
+ "/home",
+ "/root",
+ "/usr",
+ "/boot",
+ "/efi",
+ "/etc",
+ NULL
+};
+
+int mount_point_is_protected(char *mount_point)
+{
+ for (size_t i = 0; systemd_protected_mount_points[i] != NULL; i++)
+ if (!strcmp(mount_point, systemd_protected_mount_points[i]))
+ return 1;
+
+ return 0;
+}
+
static inline void do_disk_space_stats(struct mountinfo *mi, int update_every) {
const char *family = mi->mount_point;
const char *disk = mi->persistent_id;
@@ -190,7 +212,12 @@ static inline void do_disk_space_stats(struct mountinfo *mi, int update_every) {
if(unlikely(m->do_space == CONFIG_BOOLEAN_NO && m->do_inodes == CONFIG_BOOLEAN_NO))
return;
- if(unlikely(mi->flags & MOUNTINFO_READONLY && !m->collected && m->do_space != CONFIG_BOOLEAN_YES && m->do_inodes != CONFIG_BOOLEAN_YES))
+ if (unlikely(
+ mi->flags & MOUNTINFO_READONLY &&
+ !mount_point_is_protected(mi->mount_point) &&
+ !m->collected &&
+ m->do_space != CONFIG_BOOLEAN_YES &&
+ m->do_inodes != CONFIG_BOOLEAN_YES))
return;
struct statvfs buff_statvfs;
@@ -389,6 +416,10 @@ void *diskspace_main(void *ptr) {
if(unlikely(mi->flags & (MOUNTINFO_IS_DUMMY | MOUNTINFO_IS_BIND)))
continue;
+ // exclude mounts made by ProtectHome and ProtectSystem systemd hardening options
+ if(mi->flags & MOUNTINFO_READONLY && !strcmp(mi->root, mi->mount_point))
+ continue;
+
do_disk_space_stats(mi, update_every);
if(unlikely(netdata_exit)) break;
}
diff --git a/collectors/diskspace.plugin/plugin_diskspace.h b/collectors/diskspace.plugin/plugin_diskspace.h
index 7c9df9d13..1f9670879 100644
--- a/collectors/diskspace.plugin/plugin_diskspace.h
+++ b/collectors/diskspace.plugin/plugin_diskspace.h
@@ -3,7 +3,7 @@
#ifndef NETDATA_PLUGIN_PROC_DISKSPACE_H
#define NETDATA_PLUGIN_PROC_DISKSPACE_H
-#include "../../daemon/common.h"
+#include "daemon/common.h"
#if (TARGET_OS == OS_LINUX)