Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use correct kernel headers version #25

Open
Smjert opened this issue Oct 20, 2021 · 0 comments
Open

Use correct kernel headers version #25

Smjert opened this issue Oct 20, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@Smjert
Copy link
Member

Smjert commented Oct 20, 2021

The arm64 and x86 toolchain should use the same kernel headers version as found on the oldest distro version we want to support. Not newer, not older.

Currently the x86 toolchain targets CentOS 6.10, glibc 2.12.2, which has a kernel version 2.6.32, but we use kernel headers for 4.7.

This causes problems when configuring the third party libraries for the target system, because they can detect features that aren't actually present.
At the same time the kernel data structures used might not be in sync with what the actual underlying kernel is using (think of audit, netlink, perf etc), which could result in errors, access to invalid memory, crashes.

What we should do instead is to have the toolchain use the correct headers and then have osquery create it's own copy of defines or data structures where necessary, and switch between them depending on the version of kernel it's running on.
@Smjert Smjert added the bug Something isn't working label Oct 20, 2021
@Smjert Smjert changed the title Use correct kernel header version Use correct kernel headers version Oct 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Smjert