Hi everyone! I am not sure where to put this. I bu...
# arm-architecturen
Nico
09/01/2021, 11:34 AMHi everyone! I am not sure where to put this. I built Osquery from a Ubuntu/arm64 machine in order to run it on arm64 devices. When the Linux kernel version is equal to 4.9, the binary runs fine. But when the kernel is older, then I get : "FATAL : kernel too old". I gess I have to indicate the kernel version to CMake, but I don't know how. It this normal? And if it is normal, how can we make a binary run with old Linux kernel?
a
alessandrogario
09/01/2021, 11:47 AM
Hey Nico! Can you show us the full output of osquery, with --verbose?
n
Nico
09/01/2021, 11:53 AMHello Alessandro! Unfortunately it happens just as I run the binary. I get 'FATAL: kernel too old' and 'Segmentation fault (core dumped)'
Nico
09/01/2021, 11:53 AMAnd --verbose doesn't bring more info
a
alessandrogario
09/01/2021, 11:55 AM
What kind of distros are you using? I think we relied on whatever was available from AWS for Graviton instances
๐ 1
n
Nico
09/01/2021, 11:59 AMFor instance, I want to run it on Ubuntu 16.04 server (on ARM64 machine). The Linux kernel is v4.4.0. It brings the error message I showed above. But when I run it on my Android 10 smartphone with v4.9.190 Linux kernel, it runs fine!
Nico
09/01/2021, 12:02 PMAnd the funny part, I build Osquery from the ARM64/Ubuntu16.04server machine. But the binary genereted does not work on this machine. It works on my Android device, but not on my ubuntu16.04 machine..
Nico
09/01/2021, 12:05 PMIs there specific modification to build the binary for graviton 2? What is needed to buid the code? A arm64-Linux machine? There is an option to add?
a
alessandrogario
09/01/2021, 12:09 PM
Probably in the osquery-toolchain, then you would have to update all the pre-generated config files for all libraries
alessandrogario
09/01/2021, 12:10 PM
I don't think it makes sense for upstream to support distributions that are no longer supported and marked as end of life
alessandrogario
09/01/2021, 12:12 PM
The reason that the x64 version supports old (but still supported) distributions is for backward compatibility
alessandrogario
09/01/2021, 12:13 PM
given that osquery was never deployed on Ubuntu 16 ARM before, I think it's not a regression
๐ 1
alessandrogario
09/01/2021, 12:13 PM
but it should work on ARM distributions that are still supported, so this is a bug
alessandrogario
09/01/2021, 12:14 PM
the reference distributions are what AWS + Graviton supports though (at least for now)
alessandrogario
09/01/2021, 12:14 PM
The reason is that it was the only development environment most of us could get access to
n
Nico
09/01/2021, 12:17 PMOk I understand
Nico
09/01/2021, 12:22 PMI thought I could get through with CMake that should indicate the options to the compiler. And I added '--enable-kernel=3.3.0' in the file flags.cmake' for the compiler options. But it is useless
Nico
09/01/2021, 12:31 PMI will try to build the code from a different machine
s
Stefano Bonicatti
09/01/2021, 8:02 PMBy the way itโs not a matter of where the code is compiled from, but the fact that the osquery-toolchain uses kernel headers for the version 4.9 and most importantly (which is the cause of the error) targets glibc version 2.23.
n
Nico
09/02/2021, 7:08 AMHi Stefano. Thank you very much for your answer
71 Views