Hi, Top-posting a quick update to this: it has magically started working with linux 5.6.10. Didn't on 5.5.13 nor 5.4.35-lts. So the problem has been solved, even though I never got to trace it to its source. -- Pol Quoting Pol Van Aubel (2020-02-15 17:16:14) > Hi, > > Quoting Pol Van Aubel (2020-01-21 23:41:48) > > Hi, > > > > Quoting Pavel Hrdina (2020-01-21 12:53:49) > > > Thanks for the logs, but it did not help to figure out where the issue > > > is. I was hoping to see some error output from the syscall but the line > > > that should contain it is empty: > > > > > > 2020-01-20 19:47:15.589+0000: 8579: debug : virBPFLoadProg:78 : > > > > > > Can you please check system logs and output of dmesg? > > > > > > I've managed to run into this article [1] that explains that even if you > > > have all permissions and no SELinux you can still be blocked by > > > something called kernel_lockdown and it should appear in dmesg. > > > > > > Pavel > > > > > > [1] <https://gehrcke.de/2019/09/running-an-ebpf-program-may-require-lifting-the-kernel-lockdown/> > > > > Unfortunately, nothing related to kernel lockdowns. My kernel sysrq also > > doesn't seem to recognize x, and neither dmesg nor system journal > > indicate the system is even booted with lockdowns. I don't run > > Secure Boot, so that makes sense. I do get an audit message but that > > doesn't really enlighten me any further; there's only 4 messages in the > > journal related to this action. > > > > <snip> > > > > I honestly don't know how to even begin debugging what's happening, what > > the reason for the rejection is. > > I've spent a long afternoon reading into BPF, checking that I'm really > running this as root, with CAP_SYS_ADMIN, etc, and am drawing a blank. > Everything I'm looking at is telling me this *should* work, but it > doesn't. > > Does anyone have a suggestion of how to either efficiently debug this > issue (I'm not too familiar with tracing, but figuring out where the > rejection actually happens might help?), or where to put the question > instead? > > -- Pol > >
