Insmod permission error when being ran from systemd service

I’m trying to set up a systemd service that runs a script that calls insmod on a kernel module.

When I try running it, I get: insmod: ERROR: could not insert module <module>.ko: Permission denied.

If I run the script that calls insmod as sudo, it works just fine. It only fails when running the service. The service is in /etc/systemd/system so it’s not a local user service.

It’s just a oneshot that runs the script with ExecStart . Anyone got a clue why insmod specifically has issues running in an authenticated systemd service?

1 Like

Can you post the service and the script?
Thanks

Here’s the script, and here’s the service. I’ve tried writing it a couple of different ways (e.g. not compiling it at all, just loading the module) and it still fails. Running the script manually works fine.

Thanks!

Here’s what’s being compiled in case you want to test it:

Make sure to disable Secure Boot in BIOS/EFI and then build the modules with DKMS:

sudo dnf install git dkms kernel-devel openssl
sudo git clone https://github.com/hannesmann/gcadapter-oc-kmod.git \
/usr/src/gcadapter-oc-git
sudo sed -e "/^MAKE/d;/^CLEAN/d
/^DEST_MODULE_LOCATION/s|/extramodules|/extra|" \
/usr/src/gcadapter-oc-git/packaging/arch/dkms.conf \
| sudo tee /usr/src/gcadapter-oc-git/dkms.conf > /dev/null
sudo dkms add gcadapter-oc/git
sudo systemctl restart dkms.service
sudo tee /etc/modules-load.d/gcadapter-oc.conf << EOF > /dev/null
gcadapter_oc
EOF
sudo systemctl restart systemd-modules-load.service
3 Likes

Thanks for that! I used to do something like that before but the I had was that every time there was a kernel update I had to recompile for that kernel version. This seems to work. Still curious as to why insmod failed but this is better!

1 Like
journalctl --no-pager -b -g "avc.*insmod"
1 Like