You are not logged in.
Hi,
I've spent some times googling around, you're my only hope ...
I've tried 'opensnitch' available on AUR. I used to compile it manually (years ago).
Build works fine but runtime fails with following message :
write /sys/kernel/debug/tracing/kprobe_events: no such file or directory
The file DOES exist, in chmod 644 and I run the program as root with no difference.
I've checked here : https://www.kernel.org/doc/html/latest/ … trace.html, which confirm I don't understand much about all that
/proc/config.gz shows that kernel is correctly compiled.
CONFIG_KPROBE_EVENTS=y
I'm using 4.19.75-1-lts but have the same problem on 5.4
I have absolutely no idea what to try, what I could le missing.
From what I read on stackoverflow and so on, there has been a change regarding kprobe around kernel 4.19, bu with no further clue.
There was a story of 'debugfs' having to be mounted, it is mounted.
Failing code is fairly simple. It's go :
const (
systemProbesFile = "/sys/kernel/debug/tracing/kprobe_events"
)
if err = writeFile(systemProbesFile, p.descriptor); err != nil {
return fmt.Errorf("Error while enabling probe descriptor for %s: %s", p.name, err)
}
That's the error I get.
If anyone knowing about kernel secrets, kprobe etc has a clue .... mey he be thanks thousandfold
regards
Offline
What does writeFile do? Where does it come from?
Offline
you're right, forgot to include it
It's almost the primitive call. .... but the file permissions hidden there may be the key (or not) to my problems
func writeFile(filename string, data string) error {
return ioutil.WriteFile(filename, []byte(data), 0755)
}
EDIT : did chmod whatever on target file, same error. The permissions in go primitive is used tocreate the file in case it does not exist.... in my case the file exists, yet the errors states that it does not. It's a special kind of file so I dont know any better.
debugfs is mounted like this
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
Last edited by squalou (2020-01-06 20:01:29)
Offline