Our Network security team has installed Crowdstrike Falcon sensor on our SAP system Linux server. This has caused kernel to be tainted. following is extract from supportconfig ran on Linux server via user root. Any idea how to fix this error and make the kernel error free?
#==[ Configuration File ]===========================#
# /proc/sys/kernel/tainted
1073754113
Kernel Status -- Tainted: P OE N
TAINT: (P) Proprietary module has been loaded
TAINT: (O) Out-of-tree module has been loaded
TAINT: (E) Unsigned module has been loaded
TAINT: (N) Unsupported modules loaded
module=falcon_lsm_serviceable ERROR Module info unavailable
module=falcon_nf_netcontain ERROR Module info unavailable
module=falcon_lsm_pinned_7103 ERROR Module info unavailable
module=falcon_lsm_pinned_7002 ERROR Module info unavailable
module=falcon_lsm_pinned_6903 ERROR Module info unavailable
module=falcon_lsm_pinned_6805 ERROR Module info unavailable
module=falcon_lsm_pinned_6703 ERROR Module info unavailable
module=falcon_lsm_pinned_6602 ERROR Module info unavailable
module=falcon_lsm_pinned_6404 ERROR Module info unavailable
module=falcon_lsm_pinned_6402 ERROR Module info unavailable
module=falcon_lsm_pinned_6401 ERROR Module info unavailable
module=falcon_lsm_pinned_6109 ERROR Module info unavailable
module=falcon_lsm_pinned_6106 ERROR Module info unavailable
Best Answer
Tainted kernel means a condition that likely is out of support for the upstream Linux developers. Most maintainers on the LKML will ask for a reproduction of the problem on a non tainted kernel.
Proprietary or out of tree kernel modules are a very common reason for this to be reported. But not the only one, for example a processor logging a machine check exception will be tainted. A faulty CPU can cause all kinds of strange behavior, so replacing that before claiming a kernel bug exists is prudent.
Other support channels like your distro OS support may be willing to deal with tainted kernel, ask them. That error is not necessarily a functional problem, just that a script could not identify details of proprietary modules.