https://github.com/osquery/osquery logo
Powered by
#arm-architecture
Title
# arm-architecture
n

Nico

09/01/2021, 11:34 AM
Hi everyone! I am not sure where to put this. I built Osquery from a Ubuntu/arm64 machine in order to run it on arm64 devices. When the Linux kernel version is equal to 4.9, the binary runs fine. But when the kernel is older, then I get : "FATAL : kernel too old". I gess I have to indicate the kernel version to CMake, but I don't know how. It this normal? And if it is normal, how can we make a binary run with old Linux kernel?
a

alessandrogario

09/01/2021, 11:47 AM
Hey Nico! Can you show us the full output of osquery, with --verbose?
n

Nico

09/01/2021, 11:53 AM
Hello Alessandro! Unfortunately it happens just as I run the binary. I get 'FATAL: kernel too old' and 'Segmentation fault (core dumped)'
And --verbose doesn't bring more info
a

alessandrogario

09/01/2021, 11:55 AM
What kind of distros are you using? I think we relied on whatever was available from AWS for Graviton instances
๐Ÿ‘ 1
n

Nico

09/01/2021, 11:59 AM
For instance, I want to run it on Ubuntu 16.04 server (on ARM64 machine). The Linux kernel is v4.4.0. It brings the error message I showed above. But when I run it on my Android 10 smartphone with v4.9.190 Linux kernel, it runs fine!
And the funny part, I build Osquery from the ARM64/Ubuntu16.04server machine. But the binary genereted does not work on this machine. It works on my Android device, but not on my ubuntu16.04 machine..
Is there specific modification to build the binary for graviton 2? What is needed to buid the code? A arm64-Linux machine? There is an option to add?
a

alessandrogario

09/01/2021, 12:09 PM
Probably in the osquery-toolchain, then you would have to update all the pre-generated config files for all libraries
I don't think it makes sense for upstream to support distributions that are no longer supported and marked as end of life
The reason that the x64 version supports old (but still supported) distributions is for backward compatibility
given that osquery was never deployed on Ubuntu 16 ARM before, I think it's not a regression
๐Ÿ‘ 1
but it should work on ARM distributions that are still supported, so this is a bug
the reference distributions are what AWS + Graviton supports though (at least for now)
The reason is that it was the only development environment most of us could get access to
n

Nico

09/01/2021, 12:17 PM
Ok I understand
I thought I could get through with CMake that should indicate the options to the compiler. And I added '--enable-kernel=3.3.0' in the file flags.cmake' for the compiler options. But it is useless
I will try to build the code from a different machine
s

Stefano Bonicatti

09/01/2021, 8:02 PM
By the way itโ€™s not a matter of where the code is compiled from, but the fact that the osquery-toolchain uses kernel headers for the version 4.9 and most importantly (which is the cause of the error) targets glibc version 2.23.
n

Nico

09/02/2021, 7:08 AM
Hi Stefano. Thank you very much for your answer
65 Views
Powered by