This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

talpa, skip list not patching kernel on linux

I get the following errors on Ubuntu uname -a Linux desktop 4.10.0-33-lowlatency #37-Ubuntu SMP PREEMPT Fri Aug 11 12:59:32 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

They are in dmesg on login and I presume they are partly due to the compilation of the kernel module at boot time.

[ 8.069512] talpa_syscallhook: loading out-of-tree module taints kernel.
[ 8.069551] talpa_syscallhook: module verification failed: signature and/or required key missing - tainting kernel
[ 8.082285] talpa-pedevice: Attached
[ 8.087272] talpa-vfshook: rootfs is on the skip list, not patching
[ 8.089771] talpa-vfshook: Patching devtmpfs
[ 8.089876] talpa-vfshook: devpts is on the skip list, not patching
[ 8.089892] talpa-vfshook: mqueue is on the skip list, not patching
[ 8.089893] talpa-vfshook: Patching hugetlbfs
[ 8.089986] talpa: Failed to open initial directory: -13
[ 8.089989] talpa: Failed to open initial directory /run/user/111/gvfs: -13
[ 8.089991] talpa-vfshook: sysfs is on the skip list, not patching
[ 8.089992] talpa-vfshook: securityfs is on the skip list, not patching
[ 8.090042] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090043] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090044] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090044] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090045] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090046] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090046] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090047] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090048] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090048] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090049] talpa-vfshook: cgroup is on the skip list, not patching
[ 8.090050] talpa-vfshook: Patching pstore
[ 8.090066] talpa-vfshook: Patching efivarfs
[ 8.090086] talpa-vfshook: debugfs is on the skip list, not patching
[ 8.090087] talpa-vfshook: fusectl is on the skip list, not patching
[ 8.090087] talpa-vfshook: proc is on the skip list, not patching
[ 8.090088] talpa-vfshook: autofs is on the skip list, not patching
[ 8.090089] talpa-vfshook: binfmt_misc is on the skip list, not patching
[ 8.102296] talpa-cache: Enabled
[ 14.045272] talpa-vfshook: Enabled

I am unable to imagine a situation in which I would want some of these items on a 'skip list', in a realtime protection scenario, although, without checking the code closely I cannot be sure what they are properly referring to.  What prompted me to notice them was a slow down in log in time, presumably as the kernel module is recompiled, and I think this may have occurred after I used savdctl to enable boot startup. 

Also, am I able to recompile my kernel to include an available sophos kernel module?

Please advise.  Thank you.



This thread was automatically locked due to age.
Parents
  • Hi,

    1) The filesystems that are skipped don't contain 'real' files, but instead are ways to access kernel data structures.

    2) Talpa is re-compiled at boot time or when on-access is enabled, it shouldn't delay login. It will only re-compile when the kernel changes.

    3) Talpa can't be integrated into the kernel build, I'm afraid.

     

    Thanks,

    Douglas.

Reply
  • Hi,

    1) The filesystems that are skipped don't contain 'real' files, but instead are ways to access kernel data structures.

    2) Talpa is re-compiled at boot time or when on-access is enabled, it shouldn't delay login. It will only re-compile when the kernel changes.

    3) Talpa can't be integrated into the kernel build, I'm afraid.

     

    Thanks,

    Douglas.

Children
No Data