# Kernel requirements for eBPF sensor

### Intro

groundcover’s eBPF sensor uses state-of-the-art kernel features to provide full coverage at low overhead. In order to do so it requires certain kernel features which are listed below.

{% hint style="info" %}
groundcover may work on many other linux kernels, but we might just didn't get a chance to test it yet. Can't find yours in the list? [let us know over Slack.](https://www.groundcover.com/join-slack)
{% endhint %}

### Kernel Version

Version v5.3 or higher (anything since 2020).

### Linux Distributions

| Name                    | Supported Versions     |
| ----------------------- | ---------------------- |
| Debian                  | 11+                    |
| RedHat Enterprise Linux | 8.2+                   |
| Ubuntu                  | 20.10+                 |
| CentOS                  | 7.3+                   |
| Fedora                  | 31+                    |
| BottlerocketOS          | 1.10+                  |
| Amazon Linux            | All off the shelf AMIs |
| Google COS              | All off the shelf AMIs |
| Azure Linux             | All off the shelf AMIs |
| Talos                   | 1.7.3+                 |

### Permissions

Loading eBPF code requires running privileged containers. While this might seem unusual, there's nothing to worry about - eBPF is [safe by design!](https://www.groundcover.com/ebpf#ebpf-security-how-to-maximize-ebpf-safety)

### CO:RE support

Our sensor uses eBPF’s [CO:RE](https://nakryiko.com/posts/bpf-portability-and-co-re/) feature in order to support the vast variety of linux kernels and distributions detailed above. This feature requires the kernel to be compiled with BTF information (enabled using the CONFIG\_BTF\_ENABLE=Y kernel compilation flag). This is the case for most common [distributions](https://github.com/libbpf/libbpf#bpf-co-re-compile-once--run-everywhere) nowadays.

You can check if your kernel has CO:RE support by manually looking for the BTF file:

```c
$ ls -la /sys/kernel/btf/vmlinux

- r--r--r--. 1 root root 3541561 Jun 2 18:16 /sys/kernel/btf/vmlinux
```

If the file exists, congratulations! Your kernel supported CO:RE.

### What happens if my kernel is not supported?

If your system does not fit into any of the above - unfortunately, our eBPF sensor will not be able to run on your environment. However, this does not mean groundcover won’t collect any data. You will still be able to inspect your [k8s environment](/capabilities/infrastructure-monitoring.md), see all [collected logs](/capabilities/log-management.md) and use [integrations ](/integrations/overview.md)with outer data sources.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.groundcover.com/getting-started/requirements/kernel-requirements-for-ebpf-sensor.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.