January 22, 2023, 11:33pm
I’m trying to set up a systemd service that runs a script that calls
insmod on a kernel module.
When I try running it, I get:
insmod: ERROR: could not insert module <module>.ko: Permission denied.
If I run the script that calls
insmod as sudo, it works just fine. It only fails when running the service. The service is in
/etc/systemd/system so it’s not a local user service.
It’s just a
oneshot that runs the script with
ExecStart . Anyone got a clue why
insmod specifically has issues running in an authenticated systemd service?
January 22, 2023, 11:35pm
Can you post the service and the script?
January 22, 2023, 11:38pm
Here’s the script, and here’s the service. I’ve tried writing it a couple of different ways (e.g. not compiling it at all, just loading the module) and it still fails. Running the script manually works fine.
January 23, 2023, 2:18am
Here’s what’s being compiled in case you want to test it:
January 23, 2023, 7:59am
Make sure to disable Secure Boot in BIOS/EFI and then build the modules with DKMS:
sudo dnf install git dkms kernel-devel openssl
sudo git clone https://github.com/hannesmann/gcadapter-oc-kmod.git \
sudo sed -e "/^MAKE/d;/^CLEAN/d
| sudo tee /usr/src/gcadapter-oc-git/dkms.conf > /dev/null
sudo dkms add gcadapter-oc/git
sudo systemctl restart dkms.service
sudo tee /etc/modules-load.d/gcadapter-oc.conf << EOF > /dev/null
sudo systemctl restart systemd-modules-load.service
January 23, 2023, 11:09pm
Thanks for that! I used to do something like that before but the I had was that every time there was a kernel update I had to recompile for that kernel version. This seems to work. Still curious as to why
insmod failed but this is better!
January 23, 2023, 11:54pm
journalctl --no-pager -b -g "avc.*insmod"