Gregory's Server@james my understanding is that that affected people still using the old kernel driver (eg, if your os is too old to have the new ebpf hotness)
|
7 comments
https://blog.fefe.de/?ts=9864a262 @nilz @TonyYarusso @mjg59 @james The "user mode" mentioned as the workaround in that post is eBPF, as opposed to the old driver in "kernel mode". @mjg59 @james Probably relates to this Redhat issue - https://access.redhat.com/solutions/7068083 Apparently their latest releases still ship with 5.14, which they apparently maintain as their own branch (mainline considered it EOL back in November 2021). Do wonder WTF there rationale is for that one. @StryderNotavi @mjg59 @james That's how Redhat has always worked, they pick a kernel version and stick with it for the entire life cycle of that release, backporting features and bugfixes as needed. It isn't like a vanilla 5.14 kernel at all. EL6 was officially 100% EOL just last July, and that was 2.6.32. @astraleureka @mjg59 @james That makes sense, although it does get me that RHEL 9.0 was released May 2022 with a Kernel that had already been EOL for six months. I can get why you'd avoid upgrading subsequent releases to keep things stable for enterprise customers, but surely you'd want to start off up to date? @StryderNotavi @astraleureka @mjg59 @james A package freeze occurs before GA, and at that point in time CentOS Stream had 5.14. The term backporting is commonly used, but it makes things sound minor. RHEL engineering rebases entire subsystems in the kernel, it's why the version number can't be used for comparisons. It only marks the starting point; the RHEL 9.4 kernel is more like a 6.5/6.6 kernel today than 5.14. |
@mjg59 @james As anecdotal support for this, we do indeed have Linux systems running falcon-sensor, and I don’t recall any issues in April/May/June with it.