在过去的几天里,我已经进行了几次尝试,尝试在我的 Lamobo R1 中的 Armbian 5.0/Debian Jessie 8.0 中安装和运行 sysdig。
安装后:
apt-get install -t jessie-backports sysdig sysdig-dkms dkms
运行时出现如下错误:
# sysdig
Unable to load the driver
error opening device /dev/sysdig0. Make sure you have root credentials and that the sysdig-probe module is loaded.
在几天前的第一次尝试中,我注意到该模块没有被放入/lib/modules/4.4.1-sunxi/updates/dkms/sysdig-probe.ko并评论了 asm-offsets.h 的包含/var/lib/dkms/sysdig/0.5.1/build/main.c。
我还必须make scripts在内核目录中运行/usr/src/linux-headers-4.4.1-sunxi。
之后,我运行/usr/lib/dkms/dkms_autoinstaller start并编译了模块。但是运行时错误是一样的。
运行 insmod 说:
#insmod /lib/modules/4.4.1-sunxi/updates/dkms/sysdig-probe.ko
insmod: ERROR: could not insert module /lib/modules/4.4.1-sunxi/updates/dkms/sysdig-probe.ko: Invalid module format
运行modinfo:
modinfo /lib/modules/4.4.1-sunxi/updates/dkms/sysdig-probe.ko
输出:
filename: /lib/modules/4.4.1-sunxi/updates/dkms/sysdig-probe.ko
author: sysdig inc
license: GPL
depends:
vermagic: 4.4.1 SMP mod_unload ARMv7 p2v8
parm: max_consumers:Maximum number of consumers that can simultaneously open the devices (uint)
parm: verbose:Enable verbose logging (bool)
显然该模块的内核版本错误。
现在即使在安装时,它也会说:
#apt-get install -t jessie-backports sysdig sysdig-dkms dkms
Reading package lists... Done
Building dependency tree
Reading state information... Done
sysdig is already the newest version.
The following NEW packages will be installed:
dkms sysdig-dkms
0 upgraded, 2 newly installed, 0 to remove and 9 not upgraded.
Need to get 0 B/137 kB of archives.
After this operation, 821 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Selecting previously unselected package dkms.
(Reading database ... 72251 files and directories currently installed.)
Preparing to unpack .../dkms_2.2.0.3-2_all.deb ...
Unpacking dkms (2.2.0.3-2) ...
Selecting previously unselected package sysdig-dkms.
Preparing to unpack .../sysdig-dkms_0.5.1-1~bpo8+1_all.deb ...
Unpacking sysdig-dkms (0.5.1-1~bpo8+1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up dkms (2.2.0.3-2) ...
Setting up sysdig-dkms (0.5.1-1~bpo8+1) ...
Loading new sysdig-0.5.1 DKMS files...
First Installation: checking all kernels...
Building only for 4.4.1-sunxi
Building initial module for 4.4.1-sunxi
Done.
sysdig-probe:
Running module version sanity check.
- Original module
- No original module exists within this kernel
- Installation
- Installing to /lib/modules/4.4.1-sunxi/updates/dkms/
depmod....
DKMS: install completed.
再次强调,尽管有消息称 sysdig-probe.ko 正在编译为 4.4.1-sunxi,但它是针对 4.4.1 内核而不是 4.4.1-sunxi 进行编译的。
我的uname -r输出:4.4.1-sunxi。我既没有安装 4.4.1 内核,也没有安装 4.4.1 源代码。
root@ruir:/usr/src# ls -la
total 16
drwxr-xr-x 4 root root 4096 Apr 3 11:06 .
drwxr-xr-x 11 root root 4096 Oct 23 21:04 ..
drwxr-xr-x 25 root root 4096 Mar 30 21:29 linux-headers-4.4.1-sunxi
drwxr-xr-x 2 root root 4096 Apr 3 11:06 sysdig-0.5.1
所以我的问题是,Linux 中是否有任何文件/配置项我可以更改以使其编译为 4.4.1-sunxi 而不是 4.4.1?
答案1
我必须将/lib/modules/4.4.1-sunxi/build以下出现的4.4.1更改为4.4.1-sunxi
include/generated/utsrelease.h:#define UTS_RELEASE "4.4.1"
include/config/auto.conf.cmd:ifneq "$(KERNELVERSION)" "4.4.1"
include/config/kernel.release:4.4.1
之后,我能够sysdig-probe.ko使用正确的版本安装 sysdig/compile。
因此,虽然某些脚本执行uname -r(或接受其他内核版本)并输出,但它们正在执行正确的工作,但似乎在幕后,模块编译的至少一部分会查阅相应的内核版本文件以调整编译后的模块。