Failed to install Sysdig in Fedora 42 #2165
Description
Hi,
I trying to install Sysdig in Fedora 42 but fail.
In Fedora 42 the secure boot and security lockdown are enable by default. I turn them off to be able to install Sysdig but still after that I cant.
Installation output:
**> sudo dnf install sysdig**
Updating and loading repositories:
Repositories loaded.
Package Arch Version Repository Size
Installing:
sysdig x86_64 0.40.1_rc2-1 draios 46.5 MiB
Transaction Summary:
Installing: 1 package
Total size of inbound packages is 15 MiB. Need to download 15 MiB.
After this operation, 47 MiB extra will be used (install 47 MiB, remove 0 B).
Is this ok [y/N]: y
[1/1] sysdig-0:0.40.1_rc2-1.x86_64 100% | 21.7 MiB/s | 14.9 MiB | 00m01s
------------------------------------------------------------------------------------------------
[1/1] Total 100% | 21.6 MiB/s | 14.9 MiB | 00m01s
Running transaction
[1/3] Verify package files 100% | 12.0 B/s | 1.0 B | 00m00s
[2/3] Prepare transaction 100% | 2.0 B/s | 1.0 B | 00m00s
[3/3] Installing sysdig-0:0.40.1_rc2-1.x86_64 100% | 6.7 MiB/s | 46.6 MiB | 00m07s
>>> Running post-install scriptlet: sysdig-0:0.40.1_rc2-1.x86_64
>>> Non-critical error in post-install scriptlet: sysdig-0:0.40.1_rc2-1.x86_64
>>> Scriptlet output:
>>> Creating symlink /var/lib/dkms/scap/8.0.0+driver/source -> /usr/src/scap-8.0.0+driver
>>> Sign command: /lib/modules/6.15.9-201.fc42.x86_64/build/scripts/sign-file
>>> Signing key: /var/lib/dkms/mok.key
>>> Public certificate (MOK): /var/lib/dkms/mok.pub
>>>
>>> Building module(s)...(bad exit status: 2)
>>> Failed command:
>>> make -j2 KERNELRELEASE=6.15.9-201.fc42.x86_64 -C /lib/modules/6.15.9-201.fc42.x86_64/build M
>>>
>>> Error! Bad return status for module build on kernel: 6.15.9-201.fc42.x86_64 (x86_64)
>>> Consult /var/lib/dkms/scap/8.0.0+driver/build/make.log for more information.
>>> Sign command: /lib/modules/6.15.9-201.fc42.x86_64/build/scripts/sign-file
>>> Signing key: /var/lib/dkms/mok.key
>>> Public certificate (MOK): /var/lib/dkms/mok.pub
>>>
>>> Building module(s)...(bad exit status: 2)
>>> Failed command:
>>> make -j2 KERNELRELEASE=6.15.9-201.fc42.x86_64 -C /lib/modules/6.15.9-201.fc42.x86_64/build M
>>>
>>> Error! Bad return status for module build on kernel: 6.15.9-201.fc42.x86_64 (x86_64)
>>> Consult /var/lib/dkms/scap/8.0.0+driver/build/make.log for more information.
>>>
>>> [RPM] %post(sysdig-0.40.1_rc2-1.x86_64) scriptlet failed, exit status 10
Complete!
then i check sysdig version and see that it installed the version i excpected:
# sysdig --version
sysdig version 0.40.1-rc2
and then when i try to run sysdig in kernel mode or even ebpf mode i get this errors:
# sysdig
Unable to load the driver
error opening device /dev/scap0. Make sure you have root credentials and that the scap module is loaded: No such file or directory
# sysdig --modern-bpf
Initialization issues during scap_init
more info:
Environment:
Distro: Fedora 42 (x86_64)
Kernel: 6.15.9-201.fc42.x86_64
Secure Boot: enabled initially (later changed; see notes)
Lockdown: initially confidentiality, later changed to none [integrity] confidentiality
Sysdig: 0.40.1-rc2
falcosecurity/libs: 0.20.0 (sysdig --libs-version)
BTF: OK (sanity test)
Ringbuf: OK (sanity test)
kernel.perf_event_paranoid: 2 (also tried 1)
ldd $(which sysdig) only shows glibc (libc, libm, libpthread, libdl), i.e. no dynamic libbpf/libscap/libsinsp linked.
Notes / what I already tried
I prefer --modern-bpf and understand DKMS is not required for that, but eBPF still fails to initialize.
Secure Boot & lockdown:
Initially Secure Boot enabled, lockdown = confidentiality.
Switched lockdown to include [integrity]; sanity tests show BTF OK and ringbuf OK.
Kernel settings tried:
kernel.perf_event_paranoid=2 (default on this box), also tried =1.
net.core.bpf_jit_enable=1.
Ensured bpffs mounted at /sys/fs/bpf.
dmesg contained: Spectre V2 : WARNING: Unprivileged eBPF is enabled ... data leaks possible via Spectre v2 BHB attacks! (just a warning).
please help me to fix it, thanks