Skip to main content

Kernel Requirements

Minimum

Currently Pulsar requires at least kernel version 5.5 with BPF and BTF enabled.

We're requiring 5.5 because we use BPF_CORE_READ, which under the hood uses bpf_probe_read_kernel. To support older kernel versions we may use the older and generic bpf_probe_read.

The following kernel configurations must be enabled:

CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_BTF=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_FUNCTION_TRACER=y
CONFIG_FTRACE_SYSCALLS=y

For best results we recommend a kernel 5.7 or above with all the above configuration enabled plus the following to enable LSM: 

CONFIG_BPF_LSM=y
info

This configuration is only available from kernel 5.7.

When this configuration is enabled, Pulsar uses the more powerful and stable BPF LSM hooks. If BPF_LSM are disabled, Pulsar uses Kprobes as a fallback.

What is LSM

LSM stands for Linux Security Modules which is a framework which allows developers to write security systems on top of the Linux kernel. It's also briefly described in the Linux kernel documentation.

LSM is used by kernel modules or (since kernel 5.7) by eBPF programs. The most popular modules that make use of LSM are AppArmor, SELinux, Smack and TOMOYO. eBPF LSM programs allow developers to implement the same functionality implemented by the modules just mentioned, using eBPF APIs.

Ensure that BPF LSM is enabled

Before proceeding further and trying to write a BPF LSM program, please make sure that:

  • Your kernel version is at least 5.7.
  • BPF LSM is enabled.

The second point can be checked with:

cat /sys/kernel/security/lsm
capability,lockdown,landlock,yama,apparmor,bpf

The correct output should contain bpf. If it doesn't, BPF LSM has to be manually enabled by adding it to kernel config parameters. It can be achieved by editing the GRUB config in /etc/default/grub and adding the following to the kernel parameters:

GRUB_CMDLINE_LINUX="lsm=[YOUR CURRENTLY ENABLED LSMs],bpf"

Then rebuilding the grub configuration with:

grub-mkconfig -o /boot/grub/grub.cfg

And finally, rebooting the system.