From fefe30ec51d078a0133b851b9d7a50162b0406c9 Mon Sep 17 00:00:00 2001
From: Christoffer Martinsson <cm@cmtec.se>
Date: Thu, 27 Nov 2025 12:35:38 +0100
Subject: [PATCH] Remove sudo from docker commands - use docker group
 membership instead

Agent changes:
- Changed docker ps and docker images commands to run without sudo
- cm-agent user is already in docker group, so sudo is not needed
- Fixes "unable to change to root gid: Operation not permitted" error
- Systemd security restrictions were blocking sudo gid changes

This fixes Docker container and image collection on systems with
systemd security hardening enabled.

Updated to version 0.1.178
---
 agent/Cargo.toml                |  2 +-
 agent/src/collectors/systemd.rs | 12 ++++++------
 dashboard/Cargo.toml            |  2 +-
 shared/Cargo.toml               |  2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/agent/Cargo.toml b/agent/Cargo.toml
index 855f92a..e858a2d 100644
--- a/agent/Cargo.toml
+++ b/agent/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-agent"
-version = "0.1.177"
+version = "0.1.178"
 edition = "2021"
 
 [dependencies]
diff --git a/agent/src/collectors/systemd.rs b/agent/src/collectors/systemd.rs
index 73a2a3a..29ac0fe 100644
--- a/agent/src/collectors/systemd.rs
+++ b/agent/src/collectors/systemd.rs
@@ -779,10 +779,10 @@ impl SystemdCollector {
     fn get_docker_containers(&self) -> Vec<(String, String)> {
         let mut containers = Vec::new();
 
-        // Check if docker is available (use sudo for permissions)
+        // Check if docker is available (cm-agent user is in docker group)
         // Use -a to show ALL containers (running and stopped)
-        let output = Command::new("sudo")
-            .args(&["docker", "ps", "-a", "--format", "{{.Names}},{{.Status}}"])
+        let output = Command::new("docker")
+            .args(&["ps", "-a", "--format", "{{.Names}},{{.Status}}"])
             .output();
 
         let output = match output {
@@ -826,9 +826,9 @@ impl SystemdCollector {
 
         info!("Collecting Docker images");
 
-        // Check if docker is available (use sudo for permissions)
-        let output = Command::new("sudo")
-            .args(&["docker", "images", "--format", "{{.Repository}}:{{.Tag}},{{.Size}}"])
+        // Check if docker is available (cm-agent user is in docker group)
+        let output = Command::new("docker")
+            .args(&["images", "--format", "{{.Repository}}:{{.Tag}},{{.Size}}"])
             .output();
 
         let output = match output {
diff --git a/dashboard/Cargo.toml b/dashboard/Cargo.toml
index 3ee54c4..3f86e1f 100644
--- a/dashboard/Cargo.toml
+++ b/dashboard/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard"
-version = "0.1.177"
+version = "0.1.178"
 edition = "2021"
 
 [dependencies]
diff --git a/shared/Cargo.toml b/shared/Cargo.toml
index 24409aa..8a01c90 100644
--- a/shared/Cargo.toml
+++ b/shared/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-shared"
-version = "0.1.177"
+version = "0.1.178"
 edition = "2021"
 
 [dependencies]