Hello, Our university uses the Crowdstrike endpoint security tool, and we use OpenAFS for both our user's home directory as well as serving software to our students, faculty and researchers. Is anyone else using Crowdstrike and OpenAFS on Linux (specifically, RHEL7)?
I've discovered that the Crowdstrike service (falcon-sensor) installs a linux security module which seems to interact with the OpenAFS kernel module in a bad way, causing the kernel to panic and reboot. After installing the kdump service, I'm able to capture a kernel dump and backtrace, and it is definitely something to do with how OpenAFS and the falcon lsm interact. I wasn't able to trigger it with just command-line ssh but a graphical login seems to be a reliable trigger. Specifically, it seems to be in the cache handling when it panics. Has anyone else experienced this? -- Jonathan Billings <jsbil...@umich.edu> (he/his) College of Engineering - CAEN - Linux Support
