This article describes how to rebuild the MACC kernel driver for unsupported Linux kernels.

IMPORTANT: This self-support tool is not for use with RHEL8 and Oracle 7 UEKR5 systems.

For a list of supported kernels, see KB91985. If you need to install MACC on a kernel that is not listed in the KB, you can perform one of these tasks:

• Create a build file for the target kernel on a testbed, and manually deploy the build to other production endpoints.
• Submit an Unsupported Kernel Request through support.

Expected new kernel support guidelines and availability

• MACC follows the standard release channels for kernel support and can take up to 60 days to support new kernels. In the meantime, use the Kernel Compatibility Checker (KCC) on the newer kernels to allow them to be automatically supported on day zero in 80–90% of cases.
• If you request a kernel that is not listed in the standard channels for the supported operating systems, it is understood that MACC most likely does not support the kernel at all.
• On non-standard kernels: If you submit the required kernel source files with your unsupported kernel request with business justification and the number of total systems supported, support might be considered even though the expected results are limited to non-standard kernel release channels.

What are the possible deployment scenarios?

The installation workflow on the Linux operating system varies based on whether the target kernel is supported or not. See KB91985 and verify whether support is already available for the required kernel version.

How do I install when the target kernel is supported?

Query	Response
Has anything changed for me since the previous release?	No. If the target kernel is supported, direct installation occurs on the kernel.
Do I need to take care of any prerequisites?	No.
How do I install?	Perform the steps listed in the "Install on the Linux platform" section of the Installation Guide.

How do I install when the target kernel is not supported?

The capability to create kernel modules for targets has been updated in the MACC in 6.3.0-714 (July 2019) release. You can create the needed build on a testbed and manually deploy the kernel module to production endpoints running the same kernel.

To create a kernel module package for an unsupported kernel locally, follow these steps:

1. Run the build tool included in the installation package: build_target.sh.
   This script tries to download all needed dependencies and recompile the MACC kernel module sources against the kernel version that you want to support. After the new kernel module package is successfully built, run the master installer script again.
2. Run the master installer script, mapkg_install.​sh, again. This step installs the new kernel module package and those packages supported in the current MACC version.

NOTE: The MACC driver package for the new kernel is built only once, and then distributed among the endpoints. The system or testbed where kernel support is to be performed must be allowed to install development packages from the Linux distribution repositories. The reason is because a full recompilation of the kernel module is needed for this method.

Building the new kernel module

If the current kernel is not supported, running the master installer in the target system fails with the error below. The current kernel is the kernel running in the system where the installation is performed.

# ./mapkg_install.sh
Installing build solidifier-kmod-6.3.0-724.LSES12.x86_64.rpm...
Could not find built-in support for kernel 4.4.73-5-default.
Run ‘./build_target.sh’ to configure your system for rebuilding the kernel module including support for kernel 4.4.73-5-default.

As the message states, the current kernel is not included in the MACC package. Recompilation of the kernel module, including support for the current kernel, can solve this issue.

Run the build_target.sh script:

# sh ./build_target.sh

This script:

• Downloads development tools to perform a kernel module compilation
• Downloads kernel development packages and code source files (current running kernel)
• Prepares MACC driver sources for recompilation
• Rebuilds MACC driver with support for the new kernel
• Creates an rpm/deb file containing the newly compiled kernel module assets

Redistributing to other endpoints

For the moment, distribution of the self-supported kernel modules is not automated. The resulting MACC folder, including the newly created kernel module rpm/deb, must be manually compressed and redistributed to the corporate endpoints. At the corporate endpoints, the master installer script must be run to fulfill installation. If the latest MACC version is installed and it provides self-support for a new kernel, you must uninstall the current version first. Reinstallation on top of the same version is not supported.

McAfee continues to regularly add kernel support and provide built-in support of new kernel releases. Eventually, you can update to a newer MACC Linux version including the involved kernel versions in the regular way.

Example:
How to build an unsupported kernel:

1. Log on to the VM with the Kernel that you want to run.
2. Download the manual installer ZIP file to the new system:
       SOLIDCOR641-135_LNX.zip
3. Extract or unzip the downloaded manual installer ZIP file:
       Unzip SOLIDCOR641-135_LNX.zip
4. Change permissions to build_target.sh and mapkg_install.sh:
   1. Chmod 700 build_target.sh
   2. Chmod 700 mapkg_install.sh
5. Run the build at target:
       Su ./build_target.sh 
6. If the build is successful, retrieve the files from /usr/local/mcafee/Solidcore/dks:
   1. solidifier-ksrc-6.4.1-135.tgz
   2. solidifier-kmod-6.4.1-135.LEL7.x86_64.rpm
   3. solidifier-kmod-6.4.1-135.LEL7.3.10.0-1062.9.1.el7.x86_64.x86_64.rpm
7. If the build fails, manually download kernel src and drop it in /usr/src.
8. Run: 
   mapkg_install.sh:
   su mapkg_install.sh
9. Create a base Centos7:   
   Kernel – 3.10.0-327.el7.x86_64
10. Install the kernel. This action can be done offline, but note that you must load the same kernel first):
    Yum Install kernel-3.10.0-1062.9.1.el7
11. Reboot into the kernel.
12. Copy the three packages from your working system:
    1. solidifier-kmod-6.4.1-135.LEL7.3.10.0-1062.9.1.el7.x86_64.x86_64.rpm
    2. solidifier-kmod-6.4.1-135.LEL7.x86_64.rpm
    3. solidifier-ksrc-6.4.1-135.tgz
13. ​Download the manual installer zip to the new system:
    SOLIDCOR641-135_LNX.zip
14. Extract or unzip the downloaded manual installer ZIP file:
    Unzip SOLIDCOR641-135_LNX.zip
15. Copy the three packages to the same unzipped folder.
16. Change permissions to execute mapkg_install.sh:   
    Chmod 700 mapkg_install.sh
17. Run the installer as root:
    Sudo ./mapkg_install.sh
18. Verify the status:
    Sadmin status

Troubleshooting kernel support process

Self-support for new kernels involves a kernel module compilation, and a precise set of dependencies to work. If the compilation process fails, contact Technical Support for assistance. Run the build_target.sh tool, collect the compilation output, and share it with Technical Support. Run the command:

# sh ./build_target.sh 2>&1 | tee build_target.log

If any of the following issues are encountered, run the recommended commands and try to rebuild the target process:

• Red Hat systems might require that you enable more repositories to install the needed dependencies: optional-rpms and sources-rpms.

Example: In RHEL 7 Server, sources-rpms and optional-rpms repositories can be enabled as follows:

# subscription-manager repos --enable rhel-7-server-optional-rpms

# subscription-manager repos --enable rhel-7-server-sources-rpms

• Red Hat 6 systems might be missing rpm build tools. They can be installed manually by running the command:

# yum install rpm-build

• Some YUM-based systems might not have the yumdownloader utility by default. This utility is needed to download required packages. It can be installed by running the command:

# yum install yum-utils
 

To download Kernel Sources for BTT tool:

For LEL6:

1. Install the kernel-devel package:
   
   # yum -y install kernel-devel-`uname -r`
    
2. Run the Built target tool again

 
For UEK6:

1. Download and Install the kernel source rpm:
   
   # cd ~/
   # yumdownloader --source kernel-uek-`uname -r`
   
   Or, download it manually:
   
   # KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
   # rpm -i kernel-uek-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
    
2. Run the Built target tool again.

 
For LEL7:

1. Download and Install the kernel source rpm:
   
   # cd ~/
   # yumdownloader --source kernel-`uname -r`
   
   Or, download it manually:
   
   # KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
   # rpm -i kernel- KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
    
2. Run the Built target tool again.

 
For UEK7:

1. Download and Install the kernel source rpm:
   
   # cd ~/
   # yumdownloader --source kernel-uek-`uname -r`
   
   Or, download it manually:
   
   # KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
   # rpm -i kernel-uek-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
   
    
2. Run the Built target tool again.

For LEL8:

1. Download and Install the kernel source rpm:
   
   # mkdir -p /tmp/mcafee  (if /tmp/mcafee already exists delete the /tmp/mcafee dir)
   # cd /tmp/mcafee
   # cd ~/
   # yumdownloader --source kernel-`uname -r`
   
   Or, download it manually:
   
   # KERNEL_VERSION=`uname -r | awk 'BEGIN{FS=OFS="."}{$NF=""; NF--; print}'`
   # rpm -i kernel-uek-"$KERNEL_VERSION".src.rpm 2>&1 | grep -v exist
    
2. Run the Built target tool again.

If the deployment is unsuccessful or the service does not start, see KB87443 and validate.