About Linux Kernel

[99sao]

What would you like to be added:

Why is this needed:

Additional context:I want to know how to use syft to detect vmlinz, but I scan the kernel files of the virtual machine without any results

[tgerla]

Hi @99sao, can you provide some more details, including the version of Syft you are using, etc, and a way for us to reproduce your result with a public image or container? We would be happy to take a look.

[99sao]

你好@99sao，您能否提供更多详细信息，包括您使用的 Syft 版本等，以及我们使用公共镜像或容器重现您的结果的方法？我们很乐意看一看。

我使用的版本是0.105.0，我已经在java、python等其他生态成功运行，但是针对Linux kernel (vmlinz)，我想知道它是检测什么文件来获取物料清单，我对ubuntu22.04中的vmlinz检测除了发行版以外并没有获取其他信息，希望你能够帮我，谢谢。

[tgerla]

Translated using translate.google.com:

The version I am using is 0.105.0. I have successfully run it in other ecosystems such as java and python. But for the Linux kernel (vmlinz), I want to know what file it detects to get the bill of materials. I am interested in vmlinz in ubuntu22.04 The detection did not obtain other information except the release version. I hope you can help me, thank you.

Hi @99sao,

Can you try enabling the linux-kernel-cataloger?

syft --select-catalogers "+linux-kernel-cataloger" ...

Here is the code for the cataloger that identifies Linux kernels:

syft/syft/pkg/cataloger/kernel/cataloger.go

Line 34 in fe4f172

var kernelArchiveGlobs = []string{

Hope this helps!

[99sao]

使用translate.google.com 翻译：

我使用的版本是0.105.0。我已经在java和python等其他生态系统中成功运行了它。但对于 Linux 内核 (vmlinz)，我想知道它检测到什么文件来获取物料清单。我对 vmlinz 在 ubuntu22.04 上的检测没有获取到除了release版本之外的其他信息。我希望你能帮助我，谢谢。

你好@99sao,

您可以尝试启用 linux-kernel-cataloger 吗？

syft --select-catalogers "+linux-kernel-cataloger" ...

以下是识别 Linux 内核的编目器代码：

syft/syft/pkg/cataloger/kernel/cataloger.go

Line 34 in fe4f172

var kernelArchiveGlobs = []string{

希望这可以帮助！

谢谢你的帮助，我刚刚使用了你的方法，下面是我的代码：
syft Users/boot --select-catalogers "+linux-kernel-cataloger"，结果还是没有检测出组件，请问是我检测的文件有问题吗？谢谢

[tgerla]

translate.google.com result:

Thanks for your help, I just used your method, here is my code:
syft Users/boot --select-catalogers "+linux-kernel-cataloger", the result is that the component is still not detected. Is there something wrong with the file I detected? Thanks

We would need to see what you are scanning--you said it is a virtual machine, right? Can you share the full file listing of what's in the virtual machine? That might be a good place to start.

[99sao]

谷歌翻译结果：

感谢您的帮助，我刚刚使用了您的方法，这是我的代码：
syft Users/boot --select-catalogers "+linux-kernel-cataloger"，结果仍然没有检测到该组件。我检测到的文件有问题吗？谢谢

我们需要看看您正在扫描什么——您说它是虚拟机，对吧？您可以分享虚拟机中的完整文件列表吗？这可能是一个很好的起点。

这是我ubuntu22.04的boot文件

我想知道我检测的是正确的文件么，谢谢！

[wagoodman]

Translated:

This is the boot file of my ubuntu22.04
...
I want to know if I am detecting the correct file, thank you!

syft Users/boot --select-catalogers "+linux-kernel-cataloger"

Your command appears to be correct and the globs for this cataloger should have at least matched up with vmlinuz -- can you run syft with -vvv and post the logs here?

[popey]

I tried this on my Ubuntu 22.04 system. For me, it's a permission problem, as my user cannot access the /boot/vmlinuz- files.

ls -l /boot/vmlinuz-*
-rw------- 1 root root 11891576 Aug  6 22:06 /boot/vmlinuz-5.15.0-119-fips
-rw------- 1 root root 11700328 Aug 29 13:47 /boot/vmlinuz-5.15.0-122-generic

I checked another machine running Ubuntu 24.04, and it's the same, so I suspect this is standard behaviour on Ubuntu.

ls -l /boot/vmlinuz-*
-rw------- 1 root root 14944648 Jun  7 13:34 /boot/vmlinuz-6.8.0-38-generic
-rw------- 1 root root 14948744 Aug 30 09:02 /boot/vmlinuz-6.8.0-45-generic

As a result, Syft can't open them:

[0000] TRACE parsing file contents path=/vmlinuz-5.15.0-119-fips
[0000]  WARN cataloger failed cataloger=linux-kernel-cataloger error=unable to get magic type for file: open /boot/vmlinuz-5.15.0-119-fips: permission denied location=/vmlinuz-5.15.0-119-fips
[0000] TRACE parsing file contents path=/vmlinuz-5.15.0-122-generic
[0000]  WARN cataloger failed cataloger=linux-kernel-cataloger error=unable to get magic type for file: open /boot/vmlinuz-5.15.0-122-generic: permission denied location=/vmlinuz-5.15.0-122-generic

It works with sudo though:

sudo syft /boot --select-catalogers "+linux-kernel-cataloger"
 ✔ Indexed file system                                                                                                                                   /boot
 ✔ Cataloged contents                                                                         347a1e2537cc7aea90a4938443f967a544ea0e3f60fdc4cb45c3347a3df94bc9
   ├── ✔ Packages                        [2 packages]
   └── ✔ Executables                     [2 executables]
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
[0000]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XB": invalid syntax
[0000]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XB": invalid syntax
NAME          VERSION             TYPE
linux-kernel  5.15.0-119-fips     linux-kernel
linux-kernel  5.15.0-122-generic  linux-kernel

This doesn't look like a bug in Syft to me. It's just Linux permissions working as expected.