This article describes how to rebuild the ACC kernel driver for unsupported Linux kernels.
For a list of supported kernels, see
KB91985 - Linux kernel support for Application and Change Control 6.x.
If you need to install ACC on a kernel that's not listed in the KB, you can perform one of these tasks:
- Create a build file for the target kernel on a testbed, and manually deploy the build to other production endpoints.
- Submit an Unsupported Kernel Request through Support.
Expected new kernel support guidelines and availability
- ACC follows the standard release channels for kernel support and can take up to 60 days to support new kernels. In the meantime, use the Kernel Compatibility Checker (KCC) on the newer kernels to allow them to be automatically supported on day zero in 80–90% of cases.
- If you request a kernel that's not listed in the standard channels for the supported operating systems, it's understood that ACC most likely doesn't support the kernel at all.
- On non-standard kernels: If you submit the required kernel source files with your unsupported kernel request with business justification and the number of total systems supported, support might be considered even though the expected results are limited to non-standard kernel release channels.
What are the possible deployment scenarios?
The installation workflow on the Linux operating system varies based on whether the target kernel is supported or not. See KB91985 - Linux kernel support for Application and Change Control 6.x and verify whether support is already available for the required kernel version.
How do I install when the target kernel is supported?
|
Query
|
Response
|
|
Has anything changed for me since the previous release?
|
No. If the target kernel is supported, direct installation occurs on the kernel.
|
|
Do I need to take care of any prerequisites?
|
No.
|
|
How do I install?
|
Perform the steps listed in the "Install on the Linux platform" section of the Installation Guide.
|
How do I install when the target kernel isn't supported?
The capability to create kernel modules for targets has been updated in the ACC 6.3.0-714 (July 2019) release. You can create the needed build on a testbed and manually deploy the kernel module to production endpoints running the same kernel.
To create a kernel module package for an unsupported kernel locally, perform the steps below:
- Run the build tool included in the installation package build_target.sh.
This script tries to download all the needed dependencies and recompile the ACC kernel module sources against the kernel version that you want to support. After the new kernel module package is successfully built, run the master installer script again.
- Run the master installer script, mapkg_install.sh, again. This step installs the new kernel module package and those packages supported in the current ACC version.
NOTE: The ACC driver package for the new kernel is built only once, and then distributed among the endpoints. The system or testbed where kernel support is to be performed must be allowed to install development packages from the Linux distribution repositories. The reason is that a full recompilation of the kernel module is needed for this method.
Building the new kernel module
If the current kernel isn't supported, running the master installer in the target system fails with the error below. The current kernel is the kernel running in the system where the installation is performed.
# ./mapkg_install.sh
Installing build solidifier-kmod-6.3.0-724.LSES12.x86_64.rpm...
Could not find built-in support for kernel 4.4.73-5-default.
Run ‘./build_target.sh’ to configure your system for rebuilding the kernel module including support for kernel 4.4.73-5-default.
As the message states, the current kernel isn't included in the ACC package. Recompilation of the kernel module, including support for the current kernel, can solve this issue.
Run the build_target.sh script:
# sh ./build_target.sh
This script has the following features:
- It downloads development tools to perform a kernel module compilation.
- It downloads kernel development packages and code source files (current running kernel).
- It prepares ACC driver sources for recompilation.
- It rebuilds the ACC driver with support for the new kernel.
- It creates an rpm / deb file containing the newly compiled kernel module assets.
Redistributing to other endpoints
For the moment, distribution of the self-supported kernel modules isn't automated. The resulting ACC folder, including the newly created kernel module rpm / deb, must be manually compressed and redistributed to the corporate endpoints. At the corporate endpoints, the master installer script must be run to fulfill installation. If the latest ACC version is installed and provides self-support for a new kernel, you must uninstall the current version first. Reinstallation on top of the same version isn't supported.
We'll continue to regularly add kernel support and provide built-in support of new kernel releases. Eventually, you can update to a newer ACC Linux version including the involved kernel versions in the regular way.
Example:
How to build an unsupported kernel:
- Log on to the VM with the Kernel that you want to run.
- Download the manual installer ZIP file to the new system:
SOLIDCOR641-135_LNX.zip
- Extract or unzip the downloaded manual installer ZIP file:
sudo unzip SOLIDCOR641-135_LNX.zip
- Change permissions to build_target.sh and mapkg_install.sh:
- sudo chmod 700 build_target.sh
- sudo chmod 700 mapkg_install.sh
- Run the build at target:
sudo ./build_target.sh
- If the build is successful, retrieve the files from /usr/local/mcafee/Solidcore/dks:
- solidifier-ksrc-6.4.1-135.tgz
- solidifier-kmod-6.4.1-135.LEL7.x86_64.rpm
- solidifier-kmod-6.4.1-135.LEL7.3.10.0-1062.9.1.el7.x86_64.x86_64.rpm
- If the build fails, manually download kernel src and copy to /usr/src, and then re run buid_target.sh
- After the build_target script completes, rerun sudo mapkg_install.sh
To validate your install, perform the steps below:
- Create a fresh install of Centos7:
Try to use the base kernel Kernel – 3.10.0-327.el7.x86_64 (verify by running "uname -r" after you log on).
- Install the kernel that you created the install from the first section.
Example: sudo yum install kernel-3.10.0-1062.9.1.el7
- Reboot and select the kernel that you just installed.
- Download the manual installer zip to the new system:
SOLIDCOR641-135_LNX.zip
- Extract or unzip the downloaded manual installer ZIP file:
sudo unzip SOLIDCOR641-135_LNX.zip
- Copy the three packages from your working system to the extracted installer folder:
- solidifier-kmod-6.4.1-135.LEL7.3.10.0-1062.9.1.el7.x86_64.x86_64.rpm
- solidifier-kmod-6.4.1-135.LEL7.x86_64.rpm
- solidifier-ksrc-6.4.1-135.tgz
- Change permissions to execute mapkg_install.sh:
sudo chmod 700 mapkg_install.sh
- Run the installer as root:
sudo ./mapkg_install.sh
- Verify the status:
sadmin status
Troubleshooting kernel support process
Self-support for new kernels involves a kernel module compilation, and a precise set of dependencies to work. If the compilation process fails, contact Technical Support for assistance. Run the build_target.sh tool, collect the compilation output, and share it with Technical Support. Run the command below:
# sudo sh ./build_target.sh 2>&1 | tee build_target.log
If any of the following issues are encountered, run the recommended commands and try to rebuild the target process:
- Red Hat systems might require that you enable more repositories to install the needed dependencies: optional-rpms and sources-rpms.
Example: In RHEL 7 Server, sources-rpms and optional-rpms repositories can be enabled as follows:
# subscription-manager repos --enable rhel-7-server-optional-rpms
# subscription-manager repos --enable rhel-7-server-sources-rpms
- Red Hat 6 systems might be missing rpm build tools. They can be installed manually by running the command below:
# sudo yum install rpm-build
- Some YUM-based systems might not have the yumdownloader utility by default. This utility is needed to download the required packages. It can be installed by running the command below:
# sudo yum install yum-utils
To download Kernel Sources for BTT tool:
For LEL6:
- Install the kernel-devel package:
# yum -y install kernel-devel-`uname -r`
- Run the Built target tool again.
For UEK6:
- Download and install the kernel source rpm:
# cd ~/
# yumdownloader --source kernel-uek-`uname -r`
Or, download it manually as follows:
# KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
# rpm -i kernel-uek-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
- Run the Built target tool again.
For LEL7:
- Download and install the kernel source rpm:
# cd ~/
# yumdownloader --source kernel-`uname -r`
Or, download it manually as follows:
# KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
# rpm -i kernel-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
- Run the Built target tool again.
For UEK7:
- Download and install the kernel source rpm:
# cd ~/
# yumdownloader --source kernel-uek-`uname -r`
Or, download it manually as follows:
# KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
# rpm -i kernel-uek-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
- Run the Built target tool again.
For LEL8:
- Download and install the kernel source rpm:
# mkdir -p /tmp/mcafee (if /tmp/mcafee already exists delete the /tmp/mcafee dir)
# cd /tmp/mcafee
# cd ~/
# yumdownloader --source kernel-`uname -r`
Or, download it manually:
# KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
# rpm -i kernel-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
- Run the Built target tool again.
