insmod: ERROR: could not insert module ...: Operation not permitted

Product support balenaOS
1

Hello,

Hello, I have a problem that stems from a kernel module ExarKernelDrivers -> xr_usb_serial_common.ko kernel module.

The module builds fine with the help of balena tool: kernel-module-build. However when running the script below, 'insmod ./xr_usb_serial_common.ko fails with an Operation Not Permitted as shown below.

Seems like a privilege issues, I did set the ‘privileged: true’ setting in docker-compose.yml.

Does anybody know, what I should look at next? Thanks!!!

Error message following ‘balena push …’…

[firmware] Step 29/31 : RUN ./run.sh
[firmware] —> Running in eea1e98ffc81
[firmware] OS Version is
[firmware] insmod: ERROR: could not insert module ExarKernelDriver_raspberry-pi2_2.43.0+rev1.dev/xr_usb_serial_common.ko: Operation not permitted
[firmware]
[firmware] Removing intermediate container eea1e98ffc81
[firmware] The command ‘/bin/sh -c ./run.sh’ returned a non-zero code: 1
[Info] Uploading images
[Success] Successfully uploaded images
[Error] Some services failed to build:
[Error] Service: firmware
[Error] Error: The command ‘/bin/sh -c ./run.sh’ returned a non-zero code: 1
[Info] Built on arm03
[Error] Not deploying release.
Remote build failed

2

OK, After thinking about this a bit, I think I solved my own problem.?. It is during the build, on a build server that I get the operation not permitted error. I did ssh into my container, and ‘insmod …’ in the running container and it took fine.

So I there is probably a difference between the kernel on the build server vs. the kernel of the balenaOS device I am running on. Hence, the kernel module can only be installed in a running container.

Now that I hear myself say it outload, it does make sense. Can somebody confirm or correct my statements/understanding!

Thanks,

  • rusty
3

Hi,
Yes, your conclusion is correct, you should run the module installation from your app container, and not during the build process since you need to install the module on a kernel of the target device.

The run.sh script you see in our example is supposed to be called from your container entry point. You could replace that endless loop we have in the example with executing your application.

5

Sorry for the belated thanks, but Thanks! for the reply :slight_smile: