# Kernel requirements for eBPF sensor

### Intro

groundcover’s eBPF sensor uses state-of-the-art kernel features to provide full coverage at low overhead. In order to do so it requires certain kernel features which are listed below.

{% hint style="info" %}
groundcover may work on many other linux kernels, but we might just didn't get a chance to test it yet. Can't find yours in the list? [let us know over Slack.](https://www.groundcover.com/join-slack)
{% endhint %}

### Kernel Version

Version v5.3 or higher (anything since 2020).

### Linux Distributions

| Name                    | Supported Versions     |
| ----------------------- | ---------------------- |
| Debian                  | 11+                    |
| RedHat Enterprise Linux | 8.2+                   |
| Ubuntu                  | 20.10+                 |
| CentOS                  | 7.3+                   |
| Fedora                  | 31+                    |
| BottlerocketOS          | 1.10+                  |
| Amazon Linux            | All off the shelf AMIs |
| Google COS              | All off the shelf AMIs |
| Azure Linux             | All off the shelf AMIs |
| Talos                   | 1.7.3+                 |

### Permissions

Loading eBPF code requires running privileged containers. While this might seem unusual, there's nothing to worry about - eBPF is [safe by design!](https://www.groundcover.com/ebpf#ebpf-security-how-to-maximize-ebpf-safety)

### CO:RE support

Our sensor uses eBPF’s [CO:RE](https://nakryiko.com/posts/bpf-portability-and-co-re/) feature in order to support the vast variety of linux kernels and distributions detailed above. This feature requires the kernel to be compiled with BTF information (enabled using the CONFIG\_BTF\_ENABLE=Y kernel compilation flag). This is the case for most common [distributions](https://github.com/libbpf/libbpf#bpf-co-re-compile-once--run-everywhere) nowadays.

You can check if your kernel has CO:RE support by manually looking for the BTF file:

```c
$ ls -la /sys/kernel/btf/vmlinux

- r--r--r--. 1 root root 3541561 Jun 2 18:16 /sys/kernel/btf/vmlinux
```

If the file exists, congratulations! Your kernel supported CO:RE.

### What happens if my kernel is not supported?

If your system does not fit into any of the above - unfortunately, our eBPF sensor will not be able to run on your environment. However, this does not mean groundcover won’t collect any data. You will still be able to inspect your [k8s environment](https://docs.groundcover.com/capabilities/infrastructure-monitoring), see all [collected logs](https://docs.groundcover.com/capabilities/log-management) and use [integrations ](https://docs.groundcover.com/integrations/overview)with outer data sources.