Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in opening device /dev/scap0 #2011

Closed
lobsec opened this issue Aug 3, 2023 · 8 comments
Closed

Error in opening device /dev/scap0 #2011

lobsec opened this issue Aug 3, 2023 · 8 comments

Comments

@lobsec
Copy link

lobsec commented Aug 3, 2023

Hi community.
I've just installed sysdig on a fresh Almalinux 9.2 by using the rpm in the github repo.
The installation process seems to be ok

# rpm -i sysdig-0.32.1-x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:sysdig-0.32.1-1                  ################################# [100%]
Creating symlink /var/lib/dkms/scap/5.0.1+driver/source -> /usr/src/scap-5.0.1+driver
Sign command: /lib/modules/5.14.0-284.18.1.el9_2.x86_64/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module:
Cleaning build area...
make -j4 KERNELRELEASE=5.14.0-284.18.1.el9_2.x86_64 -C /lib/modules/5.14.0-284.18.1.el9_2.x86_64/build M=/var/lib/dkms/scap/5.0.1+driver/build....
Signing module /var/lib/dkms/scap/5.0.1+driver/build/scap.ko
Cleaning build area...

scap.ko.xz:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/5.14.0-284.18.1.el9_2.x86_64/extra/
Adding any weak-modules
depmod......

but if I try to run sysdig as root I receive the error message below.

error opening device /dev/scap0. Make sure you have root credentials and that the scap module is loaded: No such file or directory

If I try to run modprobe scap I receive an error messagge like

modprobe: ERROR: could not insert 'scap': Key was rejected by service

Here's my system information:
Kernel: 5.14.0-284.18.1.el9_2.x86_64
Installed kernel packages:

kernel-modules-core-5.14.0-284.11.1.el9_2.x86_64
kernel-core-5.14.0-284.11.1.el9_2.x86_64
kernel-modules-5.14.0-284.11.1.el9_2.x86_64
kernel-5.14.0-284.11.1.el9_2.x86_64
kernel-modules-core-5.14.0-284.18.1.el9_2.x86_64
kernel-core-5.14.0-284.18.1.el9_2.x86_64
kernel-modules-5.14.0-284.18.1.el9_2.x86_64
kernel-tools-libs-5.14.0-284.18.1.el9_2.x86_64
kernel-tools-5.14.0-284.18.1.el9_2.x86_64
kernel-5.14.0-284.18.1.el9_2.x86_64
kernel-headers-5.14.0-284.18.1.el9_2.x86_64
kernel-devel-5.14.0-284.18.1.el9_2.x86_64
kernel-srpm-macros-1.0-12.el9.noarch
kernel-devel-matched-5.14.0-284.18.1.el9_2.x86_64

Thanks to anyone can help me.
@therealbobo
Copy link
Contributor

Hi @lobsec! Probably it's a secure boot issue. You can try to do something like:

sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n xpad)

However, have you ever tried modern bpf (sysdig --modern-bpf)? It should work with out the kernel module! 😄

@lobsec
Copy link
Author

lobsec commented Aug 3, 2023

Hi @therealbobo and thanks for your time.
Yes, secure boot is enabled.

$ sudo mokutil --sb-state
SecureBoot enabled

I create the keys with

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -days 36500 -subj "/CN=Sysdig/"

and then I sign them with

$ sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n scap)
$ sudo mokutil --import MOK.der

After that I reboot and I enrolled the keys but nothing has changed.

@therealbobo
Copy link
Contributor

Did you enrolled the mok? 🤔

@lobsec
Copy link
Author

lobsec commented Aug 3, 2023

Yes I did.
Tomorrow I'll try to disable secure boot feature and try again.
If that doesn't work, maybe it's not compatible with Almalinux.

@therealbobo
Copy link
Contributor

I'm pretty sure that it's compatible. I'll fire up a vm and give it a try! 😄

@lobsec
Copy link
Author

lobsec commented Aug 8, 2023

I can confirm that is a secure boot related issue: I've tried to disable it, reboot and then it runs perfectly.

@therealbobo
Copy link
Contributor

I close this but feel to reopen if anything new comes up! 😄

@lobsec
Copy link
Author

lobsec commented Aug 9, 2023

Hi everyone, I finally found the solution on Almalinux 9.x with secure boot on.

  1. Uninstall sysdig if already installed with sudo dnf remove sysdig
  2. Install OpenSCAP if it is not installed with sudo dnf install openscap openscap-utils scap-security-guide
  3. Install again sysdig with sudo dnf install sysdig
  4. Import the mok file generated with sudo mokutil --import /var/lib/dkms/mok.pub (path of the MOK file will be shown during the sysdig installation
  5. Reboot and enroll the key
  6. Done

@lobsec lobsec mentioned this issue Apr 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@therealbobo @lobsec