I’m trying to set up a systemd service that runs a script that calls
insmod on a kernel module.
When I try running it, I get:
insmod: ERROR: could not insert module <module>.ko: Permission denied.
If I run the script that calls
insmod as sudo, it works just fine. It only fails when running the service. The service is in
/etc/systemd/system so it’s not a local user service.
It’s just a
oneshot that runs the script with
ExecStart . Anyone got a clue why
insmod specifically has issues running in an authenticated systemd service?
Can you post the service and the script?
Here’s the script, and here’s the service. I’ve tried writing it a couple of different ways (e.g. not compiling it at all, just loading the module) and it still fails. Running the script manually works fine.
Here’s what’s being compiled in case you want to test it:
Make sure to disable Secure Boot in BIOS/EFI and then build the modules with DKMS:
sudo dnf install git dkms kernel-devel openssl
sudo git clone https://github.com/hannesmann/gcadapter-oc-kmod.git \
sudo sed -e "/^MAKE/d;/^CLEAN/d
| sudo tee /usr/src/gcadapter-oc-git/dkms.conf > /dev/null
sudo dkms add gcadapter-oc/git
sudo systemctl restart dkms.service
sudo tee /etc/modules-load.d/gcadapter-oc.conf << EOF > /dev/null
sudo systemctl restart systemd-modules-load.service
Thanks for that! I used to do something like that before but the I had was that every time there was a kernel update I had to recompile for that kernel version. This seems to work. Still curious as to why
insmod failed but this is better!
journalctl --no-pager -b -g "avc.*insmod"