Unable to unload kcare kmod 1
Posted: Fri Jun 23, 2017 1:37 am
With Kernel Care installed, I should be able to apply kernel patch by executing
`kcarectl --update`
However, it gives this error:
Updates already downloaded
Updates already downloaded
rmmod: ERROR: could not remove 'kcare': Operation not permitted
rmmod: ERROR: could not remove module kcare: Operation not permitted
Unable to unload kcare kmod 1
Below is my kernel configuration from /etc/asl/config, please advise what needs to change to allow `kcarectl` to work.
# Kernel configuration.
ALLOW_kmod_loading="yes"
MAX_USER_WATCHES="16384"
GRKERNSEC_DISABLE_PAX="no"
GRKERNSEC_DETER_BRUTEFORCE="no"
GRKERNSEC_CONSISTENT_SETXID="yes"
ENABLE_TPE="yes"
TPE_GROUP_POLICY="untrusted"
TPE_UNTRUSTED_USERS=""
TPE_TRUSTED_USERS=""
DISABLE_PRIVILEGED_IO="no"
AUDIT_MOUNT="no"
AUDIT_CHDIR="no"
AUDIT_PTRACE="yes"
AUDIT_TEXTREL="no"
CHROOT_CAPS="yes"
CHROOT_DENY_CHMOD="yes"
CHROOT_DENY_CHROOT="yes"
CHROOT_DENY_FCHDIR="yes"
CHROOT_DENY_MKNOD="yes"
CHROOT_DENY_MOUNT="yes"
CHROOT_DENY_PIVOT="yes"
CHROOT_DENY_SHMAT="yes"
CHROOT_DENY_SYSCTL="yes"
CHROOT_DENY_UNIX="yes"
CHROOT_ENFORCE_CHDIR="yes"
CHROOT_EXECLOG="no"
CHROOT_FINDTASK="yes"
CHROOT_RESTRICT_NICE="yes"
EXEC_LOGGING="no"
EXEC_LOG_USERS=""
DMESG="yes"
EXECVE_LIMITING="yes"
FIFO_RESTRICTIONS="yes"
FORKFAIL_LOGGING="yes"
HARDEN_PTRACE="yes"
IP_BLACKHOLE="yes"
LASTACK_RETRIES="4"
LINKING_RESTRICTIONS="yes"
RESOURCE_LOGGING="yes"
ROMOUNT_PROTECT="no"
RWXMAP_LOGGING="yes"
SIGNAL_LOGGING="yes"
SOCKET_ALL="yes"
SOCKET_USERS=""
SOCKET_CLIENT="yes"
SOCKET_CLIENT_USERS=""
SOCKET_SERVER="yes"
SOCKET_SERVER_USERS=""
TIMECHANGE_LOGGING="yes"
`kcarectl --update`
However, it gives this error:
Updates already downloaded
Updates already downloaded
rmmod: ERROR: could not remove 'kcare': Operation not permitted
rmmod: ERROR: could not remove module kcare: Operation not permitted
Unable to unload kcare kmod 1
Below is my kernel configuration from /etc/asl/config, please advise what needs to change to allow `kcarectl` to work.
# Kernel configuration.
ALLOW_kmod_loading="yes"
MAX_USER_WATCHES="16384"
GRKERNSEC_DISABLE_PAX="no"
GRKERNSEC_DETER_BRUTEFORCE="no"
GRKERNSEC_CONSISTENT_SETXID="yes"
ENABLE_TPE="yes"
TPE_GROUP_POLICY="untrusted"
TPE_UNTRUSTED_USERS=""
TPE_TRUSTED_USERS=""
DISABLE_PRIVILEGED_IO="no"
AUDIT_MOUNT="no"
AUDIT_CHDIR="no"
AUDIT_PTRACE="yes"
AUDIT_TEXTREL="no"
CHROOT_CAPS="yes"
CHROOT_DENY_CHMOD="yes"
CHROOT_DENY_CHROOT="yes"
CHROOT_DENY_FCHDIR="yes"
CHROOT_DENY_MKNOD="yes"
CHROOT_DENY_MOUNT="yes"
CHROOT_DENY_PIVOT="yes"
CHROOT_DENY_SHMAT="yes"
CHROOT_DENY_SYSCTL="yes"
CHROOT_DENY_UNIX="yes"
CHROOT_ENFORCE_CHDIR="yes"
CHROOT_EXECLOG="no"
CHROOT_FINDTASK="yes"
CHROOT_RESTRICT_NICE="yes"
EXEC_LOGGING="no"
EXEC_LOG_USERS=""
DMESG="yes"
EXECVE_LIMITING="yes"
FIFO_RESTRICTIONS="yes"
FORKFAIL_LOGGING="yes"
HARDEN_PTRACE="yes"
IP_BLACKHOLE="yes"
LASTACK_RETRIES="4"
LINKING_RESTRICTIONS="yes"
RESOURCE_LOGGING="yes"
ROMOUNT_PROTECT="no"
RWXMAP_LOGGING="yes"
SIGNAL_LOGGING="yes"
SOCKET_ALL="yes"
SOCKET_USERS=""
SOCKET_CLIENT="yes"
SOCKET_CLIENT_USERS=""
SOCKET_SERVER="yes"
SOCKET_SERVER_USERS=""
TIMECHANGE_LOGGING="yes"