Agent Privilege Model
Capabilities Required
| Capability | Why | How acquired |
|---|---|---|
CAP_PERFMON | perf_event_open | systemd |
CAP_SYS_ADMIN | Pin BPF maps to /sys/fs/bpf | systemd (often implicit) |
CAP_SYS_PTRACE | /proc/<pid>/io | systemd |
CAP_NET_ADMIN | NIC sysfs, qdisc | systemd |
CAP_DAC_READ_SEARCH | Read /proc/kmsg restricted | systemd |
Capabilities NOT Required
CAP_DAC_OVERRIDE— we shouldn't bypass file ACLs.CAP_CHOWN— never need to chown.CAP_FOWNER— no business writing to foreign users.CAP_KILL— we never send SIGKILL to other users' processes.CAP_NET_RAW— no raw sockets; we use reqwest + rpc.
Filesystem Privileges
| Path | Mode | Reason |
|---|---|---|
/var/lib/denpex/agent/ | 0750 denpex:denpex | State |
/var/log/denpex/ | 0755 root:denpex | Logs (write) |
/sys/fs/bpf/denpex/ | 0755 root:denpex | BPF pinned objects |
/run/denpex/ | 0755 root:denpex | Runtime sockets |
Network Privileges
- Outbound HTTPS (denpex-collector): only to the CP via TLS 1.3.
- Outbound DCGM: only via UDS or localhost TCP.
- Inbound listening:
127.0.0.1:9091/metrics(Prometheus scrape) and127.0.0.1:9092/healthz.
Process Privileges
- The agent runs as user
denpex-agent. - The agent has a separate group for talking to NVML/DCGM groups.
- All subprocesses inherit
no_new_privs. - No setuid binaries are shipped.
Failure Modes
| Failure | Detection | Recovery |
|---|---|---|
| NVML DSO missing | nvml_unavailable event | Disable GPU polling |
| DCGM DSO missing | dcgm_unavailable event | Fall back to NVML |
| BPF program load fails | ebpf_load_failed event | Fall back to /proc |
| KMS unreachable | kms_unreachable event | Cache-only mode |