Unable to load the driver. Error opening device /dev/scap0

[CS-Alpha]

OS: Ubuntu 22.04.3 LTS (Jammy Jellyfish)

Kernel: 6.2.0-1018-azure

I followed the sysdig setup guide for linux but am not able to figure out how to resolve this.

Post installation, if I run sysdig or sudo sysdig;

Unable to load the driver error opening device /dev/scap0. Make sure you have root credentials and that the scap module is loaded: No such file or directory

It looks like scap kernal module is not loaded, but where do I get it from and load it?

Also, I did not get this issue when installing on Ubuntu 16.04.

[CS-Alpha]

Update:

I am following the "Linux - Manual installation" method for installing sysdig:

curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | sudo apt-key add -  
sudo curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/stable/deb/draios.list  
sudo apt-get update
sudo apt-get -y install linux-headers-$(uname -r)
sudo apt-get -y install sysdig

I have got this setup working on Azure VM which does not have secure boot enabled. I think, while installing with secure boot enabled, the scap.ko module is not installed during the sudo apt-get install sysdig and if I tried to install the scap.ko kernal module using insmod like;

sudo insmod /lib/modules/6.2.0-1018-azure/updates/dkms/scap.ko

I am getting the errorinsmod: ERROR: could not insert module scap.ko: Key was rejected by service

The goal is to setup sysdig as a daemonset on AKS!

[therealbobo]

Hey @CS-Alpha! Could you please attached the dmesg log so we can have more insights on why insmod is failing?

[lobsec]

@CS-Alpha I was in your situation, please take a look how I solved. Hope this helps