Allow CAP_SYS_RAWIO for the smart collector

[chef.git] / cookbooks / hardware / recipes / default.rb

diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb
index d8bfadbe5d18dc50c1821f086582fee4be1be738..3d1d8aa1986d2ea53842eb7a3c141bdda550883f 100644 (file)
--- a/cookbooks/hardware/recipes/default.rb
+++ b/cookbooks/hardware/recipes/default.rb
@@ -536,7 +536,7 @@ if disks.count.positive?
   prometheus_collector "smart" do
     interval "15m"
     user "root"
-    capability_bounding_set "CAP_SYS_ADMIN"
+    capability_bounding_set %w[CAP_SYS_ADMIN CAP_SYS_RAWIO]
     private_devices false
     private_users false
     protect_clock false
@@ -704,4 +704,5 @@ prometheus_collector "ohai" do
   private_devices false
   private_users false
   protect_clock false
+  protect_kernel_modules false
 end