Hi,
Top-posting a quick update to this: it has magically started working
with linux 5.6.10. Didn't on 5.5.13 nor 5.4.35-lts. So the problem has
been solved, even though I never got to trace it to its source.
-- Pol
Quoting Pol Van Aubel (2020-02-15 17:16:14)
Hi,
Quoting Pol Van Aubel (2020-01-21 23:41:48)
> Hi,
>
> Quoting Pavel Hrdina (2020-01-21 12:53:49)
> > Thanks for the logs, but it did not help to figure out where the issue
> > is. I was hoping to see some error output from the syscall but the line
> > that should contain it is empty:
> >
> > 2020-01-20 19:47:15.589+0000: 8579: debug : virBPFLoadProg:78 :
> >
> > Can you please check system logs and output of dmesg?
> >
> > I've managed to run into this article [1] that explains that even if you
> > have all permissions and no SELinux you can still be blocked by
> > something called kernel_lockdown and it should appear in dmesg.
> >
> > Pavel
> >
> > [1]
<
https://gehrcke.de/2019/09/running-an-ebpf-program-may-require-lifting-th...
>
> Unfortunately, nothing related to kernel lockdowns. My kernel sysrq also
> doesn't seem to recognize x, and neither dmesg nor system journal
> indicate the system is even booted with lockdowns. I don't run
> Secure Boot, so that makes sense. I do get an audit message but that
> doesn't really enlighten me any further; there's only 4 messages in the
> journal related to this action.
>
> <snip>
>
> I honestly don't know how to even begin debugging what's happening, what
> the reason for the rejection is.
I've spent a long afternoon reading into BPF, checking that I'm really
running this as root, with CAP_SYS_ADMIN, etc, and am drawing a blank.
Everything I'm looking at is telling me this *should* work, but it
doesn't.
Does anyone have a suggestion of how to either efficiently debug this
issue (I'm not too familiar with tracing, but figuring out where the
rejection actually happens might help?), or where to put the question
instead?
-- Pol