Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"

Michael Lazin via plug on 8 Jun 2024 04:53:05 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"

From: Michael Lazin via plug <plug@lists.phillylinux.org>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
Date: Sat, 8 Jun 2024 07:52:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717847579; x=1718452379; darn=lists.phillylinux.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=WEK3cBR5kANy8Xf6PjEcQQlOFC/GqT2oQ1awR4IJ1vc=; b=MXcyp2MyeBEL7nVx4FlBoIFWGdQIVNteFv6cJdKcGRVP3CxNlonChzdu7Egl7JOFav lQ8X5fjWnrFWrZdn31pyf7pii1qq6qmo/bqPQrugdLutylsnUPMmyJORxSyG/9jKgwsg 9VRwgou44QU3sclQSSlzBuh1j9EYHVBeM2yYD5WL5xVWElYsR7h7I31Ol6/iwLnMcMBs ssc3PuQajP5U7JIrJ4xJsvdlJv2/kJBnLHQ5gYQGaFJuImytg1s7zBY30QHR9QAOSnhs oV8OmVkIYisAx8n6ELIUUDMVa3gtJOWf8OtwbIJIj0cVlejw5ZGf/moMJTShA1lpBIWL cIUQ==
Reply-to: Michael Lazin <microlaser@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I don‘t know the specifics of how Crowdstrike security on Linux works because I have only used it on Windows or Mac but on Mac it has full disk access which is greater than root, it allows execution as system. It may not be killable as root because it uses a configuration like apparmor or selinux, both of these systems can exceed the power of root. I suspect that you will to remove Crowdstrike using their security token as described in their documentation if you want to kill one if it‘s processes.

Sincerely,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

On Sat, Jun 8, 2024 at 3:03 AM Steve Litt via plug <plug@lists.phillylinux.org> wrote:

JP Vossen via plug said on Fri, 7 Jun 2024 16:07:36 -0400

>What could cause "pkill: killing pid * failed: Operation not
>permitted" *when run by root*?

These are the times you use ps ax and kill -9.

SteveT

Steve Litt

Autumn 2023 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
  - From: brent saner via plug <plug@lists.phillylinux.org>

References:
- [PLUG] root "pkill: killing pid * failed: Operation not permitted"
  - From: JP Vossen via plug <plug@lists.phillylinux.org>
- Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
  - From: Steve Litt via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
Next by Date: Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
Previous by thread: Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
Next by thread: Re: [PLUG] root "pkill: killing pid * failed: Operation not permitted"
Index(es):
- Date
- Thread