[Pkg-nagios-devel] Bug#1111782: nagios-nrpe-server: systemd PrivateTmp taints NRPE check_disk

Bill Carlson bill-debian at wkks.org
Thu Aug 21 21:47:17 BST 2025 

Subject: nagios-nrpe-server: systemd PrivateTmp taints NRPE check_disk
Package: nagios-nrpe-server
Version: 4.1.0-1+b1
Severity: normal

Dear Maintainer,


    * What led up to the situation? Alerts indicated filesystems that
    * don't exist, such as /tmp/, /var/tmp or both.
    * What exactly did you do (or not do) that was effective (or
      ineffective)? Overrode PrivateTmp to false for nagios-nrpe-server
    * What was the outcome of this action? Worked as expect.
    * What outcome did you expect instead? This should be default.

Example:
root at croaker:~# /usr/lib/nagios/plugins/check_nrpe -H pickles -c 
check_all_disk
DISK OK| /=0B;858993459;966367641;0;1073741824 
/usr=2147483648B;2576980377;2899102924;0;3221225472 /tmp=0B;0;0;0;0 
/var=0B;858993459;966367641;0;1073741824 /var/log=0B;0;0;0;0 
/boot=0B;0;0;0;0 /var/tmp=0B;858993459;966367641;0;1073741824

The pickles system does NOT have a /var/tmp filesystem. On systems
without /tmp, both /tmp and /var/tmp were reported. Noted in
/proc/_PID_/mounts:
...
/dev/mapper/system-var /var/tmp ext4 rw,relatime 0 0
...

/dev/mapper/system/var is mounted as /var at the system-level.

-- System Information:
Debian Release: 12.11
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-37-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nagios-nrpe-server depends on:
ii  adduser                    3.134
ii  init-system-helpers        1.65.2
ii  libc6                      2.36-9+deb12u10
ii  libssl3                    3.0.16-1~deb12u1
ii  libwrap0                   7.6.q-32
ii  lsb-base                   11.6
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages nagios-nrpe-server recommends:
ii  monitoring-plugins-basic  2.3.3-5+deb12u2

Versions of packages nagios-nrpe-server suggests:
pn  xinetd | inetd  <none>

-- Configuration Files:
/etc/nagios/nrpe.cfg changed [not included]
/etc/nagios/nrpe_local.cfg changed [not included]

-- no debconf information

-- 

Bill Carlson

Anything is possible, given Time and Money.

More information about the Pkg-nagios-devel mailing list