> For the complete documentation index, see [llms.txt](https://docs.groundcover.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.groundcover.com/getting-started/requirements/kernel-requirements-for-ebpf-sensor.md). # Kernel requirements for eBPF sensor ### Intro groundcover’s eBPF sensor uses state-of-the-art kernel features to provide full coverage at low overhead. In order to do so it requires certain kernel features which are listed below. {% hint style="info" %} groundcover may work on many other linux kernels, but we might just didn't get a chance to test it yet. Can't find yours in the list? [let us know over Slack.](https://www.groundcover.com/join-slack) {% endhint %} ### Kernel Version Version v5.3 or higher (anything since 2020). ### Linux Distributions | Name | Supported Versions | | ----------------------- | ---------------------- | | Debian | 11+ | | RedHat Enterprise Linux | 8.2+ | | Ubuntu | 20.10+ | | CentOS | 7.3+ | | Fedora | 31+ | | BottlerocketOS | 1.10+ | | Amazon Linux | All off the shelf AMIs | | Google COS | All off the shelf AMIs | | Azure Linux | All off the shelf AMIs | | Talos | 1.7.3+ | ### Permissions Loading eBPF code requires running privileged containers. While this might seem unusual, there's nothing to worry about - eBPF is [safe by design!](https://www.groundcover.com/ebpf#ebpf-security-how-to-maximize-ebpf-safety) ### CO:RE support Our sensor uses eBPF’s [CO:RE](https://nakryiko.com/posts/bpf-portability-and-co-re/) feature in order to support the vast variety of linux kernels and distributions detailed above. This feature requires the kernel to be compiled with BTF information (enabled using the CONFIG\_BTF\_ENABLE=Y kernel compilation flag). This is the case for most common [distributions](https://github.com/libbpf/libbpf#bpf-co-re-compile-once--run-everywhere) nowadays. You can check if your kernel has CO:RE support by manually looking for the BTF file: ```c $ ls -la /sys/kernel/btf/vmlinux - r--r--r--. 1 root root 3541561 Jun 2 18:16 /sys/kernel/btf/vmlinux ``` If the file exists, congratulations! Your kernel supported CO:RE. ### What happens if my kernel is not supported? If your system does not fit into any of the above - unfortunately, our eBPF sensor will not be able to run on your environment. However, this does not mean groundcover won’t collect any data. You will still be able to inspect your [k8s environment](/capabilities/infrastructure-monitoring.md), see all [collected logs](/capabilities/log-management.md) and use [integrations ](/integrations/overview.md)with outer data sources. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.groundcover.com/getting-started/requirements/kernel-requirements-for-ebpf-sensor.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.