tpe-lkm version 2 released

It recently came to my attention that RHEL/CentOS 7 kernels started support for the ftrace system as of version 7.2. This is an in-kernel system to instrument kernel functions in a safe and clean way.

Since using ftrace basically meant a rewrite of most of the tpe-lkm code, and dropping of support of older kernels, this new release has bumped the major version from 1 to 2.

New features in this release include:

* guaranteed safety of kernel function hooking
* better long-term support from future kernels
* added harden_ptrace to tpe.extras
* added hide_uname to tpe.extras
* ability to soften certain TPE checks with filesystem attributes
* default mmap whitelist to allow Gnome Desktop to boot properly
* better logging options

As always, you can download it from the tpe-lkm github project page, or install via yum from

Additionally, the availability for this in-tree method of hooking kernel functions has wider implications for implementing security features in distribution kernels. For more information, read the following whitepaper I drafted:

Distribution Kernel Security Hardening.

Happy TPE’ing!

Leave a Reply

Your email address will not be published. Required fields are marked *