[BUG] kernel symbols not loaded correctly

[AsafEitani]

Prerequisites

• [x] This affects latest released version.
• [x] This affects current development tree (origin/HEAD).
• [x] There isn't an issue describing the bug.

Select one OR another:

• [ ] I'm going to create a PR to solve this (assign to yourself).
• [x] Someone else should solve this.

Bug description

This is how I'm executing tracee (cmdline):

dist/tracee-ebpf -t e=hooked_syscalls,hooked_seq_ops,hooked_proc_fops,do_init_module,finit_module,security_kernel_read_file

This is the error I'm getting:

TIME             UID    COMM             PID     TID     RET              EVENT                ARGS

End of events stream
Stats: {EventCount:0 EventsFiltered:0 NetEvCount:0 ErrorCount:0 LostEvCount:0 LostWrCount:0 LostNtCount:0}
{"level":"fatal","ts":1669541110.5893548,"msg":"app","error":"error initializing Tracee: kernel symbols were not loaded currectly"}

Steps to reproduce

I have no idea what caused it.

Context

Relevant information about my setup:

• Linux version: ubuntu 20.04
• Linux kernel version: 5.15.0
• Tracee version (or commit id of your tree): main
• LLVM version: 12
• Golang version: 1.18

Additional Information (files, logs, etc)

[yanivagman]

See this recent change: https://github.com/aquasecurity/tracee/pull/2370

[AsafEitani]

--caps bypass=false fixes this issue as I was not running with privileges.