I'm running Arch linux on LTS kernel (4.19.75). I've checked with more recent kernels, same issue.
I do have debugfs mounted, and as root I can see this file :
/sys/kernel/debug/tracing/kprobe_events
I try to fix/run/fork (name it as you like, original code is here https://github.com/evilsocket/opensnitch) a Go program that accesses it. Here's what it does :
const (
systemProbesFile = "/sys/kernel/debug/tracing/kprobe_events"
)
func writeFile(filename string, data string) error { return ioutil.WriteFile(filename, []byte(data), 0755) }
// create the custom kprobe consumer
if err = writeFile(systemProbesFile, p.descriptor); err != nil {
return fmt.Errorf("Error while enabling probe descriptor for %s: %s", p.name, err)
}
It gives me this error (running as root)
write /sys/kernel/debug/tracing/kprobe_events: no such file or directory
I also cannot write to it using basic shell commands (as root). The 'no such file' is weird since the file is there.
I can't find many informations regarding these special files, I ended up reading this : https://www.kernel.org/doc/html/latest/trace/kprobetrace.html ... I didn't find any reason why I could not access the file. Be it by simple "echo" or by programs.
No idea what could be missing / blocking me on my system.
I'm running with UEFI boot, and secure boot is disabled (seen somewhere that it could matter), I'm totally clueless.
thanks to anyone wih an idea as to where to look.
kind regards
