Has anyone seen issues with 4.0.2 on linux where a config using an extension has issues creating /var/run/osquery.em ? boxes were all running 3.3.0 with same config/flags/extension fine prior to upgrading. moving the extension socket location to another location that is not tmpfs fixes it /var/run is not read only

is this what you’re seeing? Error creating extension: waiting for unix socket to be available: /var/osquery/osquery.em: context deadline exceeded

it was Extension socket not available i will have to double check if the context sub message was there or not. will report back later