Closed miguelconde91 closed 3 years ago
Running 4.18
kernel on one of my machines running an 18.04 LTS
Ubuntu
flavor called popOS
. Last time the machine was used was early December (opensnitch worked fine then) turned on today and updated. Had similar issue around accessing that kprobe_events
file. In my case log says no such file or directory
although the file is present.
I have referred to this issue, this does not appear to be that: https://github.com/evilsocket/opensnitch/issues/184
I have another 18.04 box that uses 4.15 kernel on which opensnitch
works fine. I haven't tried using grub
to try the older kernel.
Ah. I ran into this issue again. In my case after digging through syslogs I noticed this message: Lockdown: opensnitchd: Use of kprobes is restricted; see man kernel_lockdown.7
Since kernel 4.17 if you have UEFI Secure Boot enabled then kernel does lockdown - using kernel probes, 3rd party kernel modules (even signed), etc is restricted. So if you want to use opensnitch there are two options either disable Secure Boot or use pre-4.17 kernel.
I can not use kernel <4.18 because my laptop hardware is not well supported in pre-4.18, is a new model of gaming laptop of June 2018. I'm go to check the Secure Boot.
So basically: opensnitch will not work with a modern kernel or with secure boot?
@1kenthomas see #276 The other options are 1) listen to audit events 2) add eBPF.
Fixed with latest version.
For a compatibility issue of my hardware I was working with a non stable version of kernel 4.20 using this kernel I installed opensnitch and it worked fine, recently I deleted the non stable kernels and I kept the last one signed in Kubuntu repos 18.10 (4.18) and now not the opensnitch works, I have this error: Error while enabling probe descriptor for opensnitch_exec_probe: write /sys/kernel/debug/tracing/kprobe_events: operation not permitted How I can fix it?