Feature #10259
closedMissing linux_common and linprocfs kernel modules
0%
Description
I'm currently working on an updated FreeBSD Port for Beats (https://www.freshports.org/sysutils/beats/ - it’s not yet posted, but will be soon), bringing it up to the latest version (7.5.2). The idea is that I then work on a new “Beats” pfSense package that will include FileBeat, HeartBeat, MetricBeat and PacketBeat. I’ve done quite a bit of testing of this new port on pfSense 2.4.4, and noticed that MetricBeat doesn’t work well due to the fact that it depends on the “linprocfs” and “procfs” mount points (which depend on the “linux_common” and “linprocfs” kernel modules); see the FreeBSD notes here: https://github.com/elastic/gosigar. Once these kernel modules and mount points are manually configured, MetricBeats works really well.
Is there any reason why these two kernel modules aren’t natively included in pfSense? If not, would it be something that we could include in future releases of pfSense (I don’t believe this is something that I could install/configure, or should do, during the installation of my new Beats package)? Would anyone have any suggestions on how to properly address this? Ideally, I’d want to make the installation of this new Beats package as easy as possible, but having these missing kernel modules is complicating things a bit.
Updated by Jim Pingle about 4 years ago
- Category set to Operating System
- Status changed from New to Rejected
The Linux emulation system is not suitable for use in a firewall appliance. It isn't something we would consider adding. There have been a number of difficult-to-solve security problems with it over the years, and there is nothing that warrants its inclusion, and the potential problems it brings, on a firewall.
Updated by Paul Godard about 4 years ago
Understood, thanks Jim. I will leave the port as-is for now and look at re-working the gosigar module used in Beats to pull the metrics using native FreeBSD methods, when I have time (it'll require a lot of changes). The current port displays a message after installation about requiring these modules for full MetricBeat functionality; this will be something that will get displayed when installing the pfSense package. Seeing as you're recommending against doing this kind of change on pfSense, would it be advisable for me to skip (or maybe re-work it) displaying this message as it might mislead users in doing just that?
For reference purposes, here's the current message displayed after installation:
MetricBeat (and the built-in monitoring in all of the Beats) depends
on the "linprocfs" and "procfs" mount points, which in turn depends
on the "linux_common" and "linprocfs" kernel modules.If you wish to use this functionality, please ensure that the kernel
modules are properly loaded, and the mount points are properly
configured. Please refer to the "gosigar" fork for more information:
https://github.com/elastic/gosigar
Updated by Jim Pingle about 4 years ago
There are other packages which display messages like that which are not necessarily relevant to pfSense. It may not matter ultimately since the output and message from the pfSense package port would be displayed after packages installed as dependencies, so they may not even see/notice that kind of message.