Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 4905 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to load module talpa_syscallhook

QC

Hello all (and especially  [:)]),

installed the managed SAV for Linux on Fedora 27, evrything looked fine but Talpa fails.

Talpaselect.log:
[Talpa-select]
Copyright 1989-2018 Sophos Limited. All rights reserved.
2018-07-19 11:05:40 CEST /opt/sophos-av/engine/_/talpa_select selectexisting /opt/sophos-av
[Talpa-select]
Copyright 1989-2018 Sophos Limited. All rights reserved.
2018-07-19 11:05:42 CEST /opt/sophos-av/engine/_/talpa_select load --hook talpa_vfshook --wait 10
Linux distribution: [fedora]
Product: [Fedora release 27 (Twenty Seven)]
Kernel: [4.17.3-100.fc27.x86_64]
Multiprocessor support enabled.
Searching for source pack...
Searching for suitable binary pack...
No suitable binary pack available.
Preparing for build...
Extracting sources...
Configuring build of version 1.24.1...
configuring checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking whether gcc and cc understand -c and -o together... yes
checking for ld... ld
checking for egrep... grep -E
checking whether ln -s works... yes
checking for cat... /usr/bin/cat
checking for cut... /usr/bin/cut
checking for sed... /usr/bin/sed
checking for uname... /usr/bin/uname
checking for rm... /usr/bin/rm
checking for xargs... /usr/bin/xargs
checking for Talpa version... 1.24.1
checking for operating system... Linux
checking for kernel headers layout... /lib/modules/4.17.3-100.fc27.x86_64/build/include:/lib/modules/4.17.3-100.fc27.x86_64/build/arch/x86/include:/lib/modules/4.17.3-100.fc27.x86_64/build/arch/x86/include/generated:/lib/modules/4.17.3-100.fc27.x86_64/source/include:/lib/modules/4.17.3-100.fc27.x86_64/source/arch/x86/include:/lib/modules/4.17.3-100.fc27.x86_64/build/include/generated/uapi:/lib/modules/4.17.3-100.fc27.x86_64/build/include/uapi:/lib/modules/4.17.3-100.fc27.x86_64/source/include/uapi
checking for linux/version.h... yes
checking for linux/magic.h... yes - /lib/modules/4.17.3-100.fc27.x86_64/build/include/uapi
checking for uapi/linux/magic.h... yes - /lib/modules/4.17.3-100.fc27.x86_64/build/include
checking for linux/uidgid.h... for uidgid strict type checking header
checking for linux/compiler.h... yes - /lib/modules/4.17.3-100.fc27.x86_64/build/include
checking for uapi/asm/unistd.h... yes - /lib/modules/4.17.3-100.fc27.x86_64/build/arch/x86/include
checking for asm/unistd_64_x32.h... yes - /lib/modules/4.17.3-100.fc27.x86_64/build/arch/x86/include/generated
checking for kernel configuration... done
checking for compilation environment... ok
checking for kernel architecture... x86_64
checking for kernel version code... 266499
checking for kernel version string... 4.17.3-100.fc27.x86_64
checking for RHEL release code... not found
checking for linux/sched.h... yes
checking for unused task flag... 0x1
checking for System.map... /boot/System.map-4.17.3-100.fc27.x86_64
checking for printk address... 0xffffffff8110fe9e
checking for do_truncate address... 0xffffffff8129c050
checking for linux/fs.h... yes
checking for do_truncate type... type 3
checking for linux/fs.h... yes
checking for vfs_unlink type... with inode
checking for linux/string.h... yes
checking for strndup_user... present
checking for tasklist_lock export... not available
checking for tasklist_lock address... 0xffffffff822050c0
checking for linux/uaccess.h... yes
checking for probe_kernel_read... present
checking for appropriate build system... 2.6 build system detected
checking for linux/dcache.h... yes
checking for __d_path prototype... available
checking for exported __d_path... undetectable
checking for linux/dcache.h... yes
checking for 2.6.38 style locking... post 2.6.38 style locking
checking for __d_path address... 0xffffffff812d73f0
checking for __d_path type... struct path
checking for vfsmount and br lock... vfsmount lock is mount_lock seqlock
checking for __lookup_mnt_last address... not found
checking for __lookup_mnt address... 0xffffffff812c3150
assuming system does not have get_fs_root_and_pwd
checking for linux/mount.h... yes
checking for vfsmount mnt_namespace element... assuming vfsmount has mnt_ns
checking for syscallhook module execve support... available (0xffffffff812a86f0)
checking for nested mutexes... present
checking for f_dentry in fs struct member... not detected
checking for smbfs... not present
checking for system call table hooking support... yes; shadow mapping
checking for LSM support... disabled
checking for exported hrtimers... missing
checking for struct filename... present
checking for asm-generic/fcntl.h... yes
checking for correct getname... passed
checking for securityfs support... present
checking for binary sysctl support... disabled
checking for legacy configuration support... included
checking for IMA... present
checking for ima_path_check... not present
checking for putname... putname present but not exported
checking for getname... getname present but not exported
checking typedef ctl_table... not detected
checking for X workaround... enabled
configure: creating ./config.status
config.status: creating makefile
config.status: creating clients/Makefile
config.status: creating tests/Makefile
config.status: creating tests/modules/makefile
config.status: creating tests/benchmark/Makefile
config.status: creating config.h
config.status: executing depfiles commands

Building...
Installing binaries...
Creating local binary pack...
NOTE: You are running Sophos Anti-Virus on a kernel for which Sophos does not provide binary kernel modules. Therefore the kernel modules have been locally compiled. Please see KBA14377 for supported platforms and kernels.
Loading Talpa kernel modules version 1.24.1...
/sbin/insmod /opt/sophos-av/talpa/current/talpa_syscallhook.ko hook_mask=mu
Failed to load module talpa_syscallhook
insmod: ERROR: could not insert module /opt/sophos-av/talpa/current/talpa_syscallhook.ko: Permission denied

Error: Failed to load module talpa_syscallhook
Traceback (most recent call last):
  File "talpa_select.py", line 2216, in _action
  File "talpa_select.py", line 1091, in load
  File "talpa_select.py", line 1017, in tryLoadModules
  File "talpa_select.py", line 955, in loadModule
SelectException: exc-load-failed

What could be the cause or how to troubleshoot this (NB: No problem on another Twenty Seven, but that has Kernel 4.17.6-100.fc27.x86_64)

Christian



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML