[receiver/statsdreceiver] Add ability to customize permissions of socket when using UDS server #37807

thomas-gouveia · 2025-02-10T13:47:08Z

Component(s)

receiver/statsd

Is your feature request related to a problem? Please describe.

We have some apps deployed in Kubernetes configured to send metrics to Datadog through the unix datagram socket managed by the Datadog agent in /var/run/datadog/dsd.socket. We're currently exploring a solution to deploy a drop-in replacement of the Datadog agent using a combination of statsdreceiver and datadogreceiver in the collector.

We have a PoC deployed and that works properly, but we have a little issue with the permissions of the socket bind by the statsdreceiver. If the application doesn't run with the same user than the collector, it won't be able to write to the socket because of the following permissions on the socket (default one I assume):

ls -l /var/run/

total 0
srwx-w--w- 1 root root 0 Feb  10 13:53 statsd-receiver.sock

So only owner of the socket is able to write (in that case, root). In comparison the Datadog agent socket has the following permissions:

ls -l /var/run/datadog 

total 0
srwx-w--w- 1 root root 0 Jan  3 15:53 dsd.socket

Describe the solution you'd like

To solve the issue, I propose to call a chmod with 0622 right after the bind call to ensure permissions of the socket are managed by the receiver itself.

If needed, we can also introduce in the configuration a new attribute to allow customization of permissions, and make 0622 as default :

config:
  receivers:
    statsd:
      transport: unixgram
      endpoint: /path/to/statsd.socket
      perms: 0622

Describe alternatives you've considered

Usage of initContainers running as root to run chmod/chown: it works but if the collector restarts, permissions are reset when it binds again.
Usage of fsGroup, not working

Additional context

I can propose a fix for this issue 👍

The text was updated successfully, but these errors were encountered:

github-actions · 2025-02-10T13:47:24Z

Pinging code owners:

receiver/statsd: @jmacd @dmitryax

See Adding Labels via Comments if you do not have permissions to add labels yourself.

jmacd · 2025-02-21T21:21:27Z

Looks good to me, please go ahead!

thomas-gouveia · 2025-03-06T10:22:47Z

Sorry for my late response @jmacd, missed the notification! Will open the PR 👍

… when transport is unixgram (open-telemetry#37807) Signed-off-by: thomas-gouveia <[email protected]>

… when transport is unixgram (open-telemetry#37807) (open-telemetry#38420) #### Description This PR introduces a new configuration key `socket_permissions` used when `transport: unixgram` to control permissions of the bind socket. #### Link to tracking issue Fixes open-telemetry#37807 #### Testing Unit tests #### Documentation Readme updated with new configuration Signed-off-by: thomas-gouveia <[email protected]>

thomas-gouveia added enhancement New feature or request needs triage New item requiring triage labels Feb 10, 2025

github-actions bot added the receiver/statsd statsd related issues label Feb 10, 2025

This was referenced Feb 11, 2025

Weekly Report: 2025-02-04 - 2025-02-11 #37818

Closed

Weekly Report: 2025-02-11 - 2025-02-18 #37985

Closed

github-actions bot mentioned this issue Feb 25, 2025

Weekly Report: 2025-02-18 - 2025-02-25 #38152

Closed

github-actions bot mentioned this issue Mar 4, 2025

Weekly Report: 2025-02-25 - 2025-03-04 #38321

Closed

thomas-gouveia mentioned this issue Mar 6, 2025

[receiver/statsdreceiver] add ability to customize socket permissions when transport is unixgram (#37807) #38420

Merged

github-actions bot mentioned this issue Mar 11, 2025

Weekly Report: 2025-03-04 - 2025-03-11 #38503

Closed

github-actions bot mentioned this issue Mar 18, 2025

Weekly Report: 2025-03-11 - 2025-03-18 #38702

Closed

This was referenced Mar 23, 2025

Weekly Report: 2025-03-16 - 2025-03-23 LucaLanziani/opentelemetry-collector-contrib#16

Closed

Weekly Report: 2025-03-16 - 2025-03-23 LucaLanziani/opentelemetry-collector-contrib#17

Closed

github-actions bot mentioned this issue Mar 25, 2025

Weekly Report: 2025-03-18 - 2025-03-25 #38935

Closed

github-actions bot mentioned this issue Apr 1, 2025

Weekly Report: 2025-03-25 - 2025-04-01 #39070

Closed

github-actions bot mentioned this issue Apr 8, 2025

Weekly Report: 2025-04-01 - 2025-04-08 #39228

Closed

github-actions bot mentioned this issue Apr 15, 2025

Weekly Report: 2025-04-08 - 2025-04-15 #39396

Closed

atoulme closed this as completed in #38420 Apr 19, 2025

atoulme closed this as completed in 8f40000 Apr 19, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[receiver/statsdreceiver] Add ability to customize permissions of socket when using UDS server #37807

[receiver/statsdreceiver] Add ability to customize permissions of socket when using UDS server #37807

thomas-gouveia commented Feb 10, 2025

github-actions bot commented Feb 10, 2025

Uh oh!

jmacd commented Feb 21, 2025

Uh oh!

thomas-gouveia commented Mar 6, 2025

Uh oh!