[FILE-6398] JBD2 is mistakenly undetected as a missing module in kernel while being built-in to it

[suprovsky]

Describe the bug
JBD2 is mistakenly undetected as a missing module in kernel while being built-in to it. This kernel module is built-in into probably all 6.x kernels, so it's a false-positive.
Here is the output from my VPS with the latest kernel in Ubuntu 24.04 stable repository.

 supra@supra  ~  modinfo jbd2
name:           jbd2
filename:       (builtin)
license:        GPL
file:           fs/jbd2/jbd2
 supra@supra  ~  uname -r
6.8.0-35-generic

Version

• Ubuntu 24.04 LTS amd64
• Lynis 3.1.2 (copied from 106db35, current master)

Expected behavior
No warning about not having JBD2 running.

Output
If applicable, add output that you get from the tool or the related section of lynis.log

 * The JBD (Journal Block Device) driver is not loaded. [FILE-6398] 
    - Details  : Since boot-time, you have not been using any filesystems with journaling. Alternatively, reason could be driver is blacklisted.
      https://cisofy.com/lynis/controls/FILE-6398/

2024-06-10 15:10:02 Performing test ID FILE-6398 (Checking if JBD (Journal Block Device) driver is loaded)
2024-06-10 15:10:02 Test: Checking if JBD (Journal Block Device) driver is loaded
2024-06-10 15:10:02 Result: JBD driver not loaded
2024-06-10 15:10:02 Suggestion: The JBD (Journal Block Device) driver is not loaded. [test:FILE-6398] [details:Since boot-time, you have not been using any filesystems with journaling. Alternatively, reason could be driver is blacklisted.] [solution:-]

[RZR7332]

I second this, seeing the same on Ubuntu 24.04:

root@srv:~# modinfo jbd2
name: jbd2
filename: (builtin)
license: GPL
file: fs/jbd2/jbd2

Running 6.8.0-45-generic

[mboelen]

Is this still an issue with the latest release (3.1.2)?

[suprovsky]

yes, as mentioned in the first message, i've quoted even an exact commit to pin point what code state was used when reporting this

[mboelen]

Thanks for confirming. Had a look, but wondering if it is built-in, what the easiest way is to detect if it also being used. If that is not possible in a reliable way, we might consider dropping the test.

Any suggestions or thoughts?

[RZR7332]

Is it possible to run a supplementary command to gather extra output, e.g. to gauge which filesystems are actively used? Not a developer/coder so ignore me if my suggestions are stupid or not possible. I take your point however - being present does not necessarily indicate usage.

I also think this may be somewhat independent of kernel version, as I see this on Ubuntu 22.04 as well running 5.15.

[elatov]

I can confirm, I am seeing the same thing on debian-12:

> lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 12 (bookworm)
Release:	12
Codename:	bookworm
> uname -a
Linux gcp-kerch 6.1.0-26-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
> lsmod | grep ^jbd
> modinfo jbd2
name:           jbd2
filename:       (builtin)
softdep:        pre: crypto-crc32c
license:        GPL
file:           fs/jbd2/jbd2
> grep JBD2 /boot/config-6.1.0-25-cloud-amd64
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
> ps -ef | grep jbd
root         193       2  0 Oct03 ?        00:00:19 [jbd2/sda1-8]
root         334       2  0 Oct03 ?        00:00:18 [jbd2/dm-1-8]
root        1545       2  0 Oct03 ?        00:00:00 [jbd2/dm-2-8]

It's probably running an older version of lynis:

> dpkg -l | grep lynis
ii  lynis                                   3.1.2-100                      all          security tool to audit systems running Linux, macOS, and Unix

[mboelen]

For now I have disabled this test, until there is a better solution. Otherwise more people will get an unsolvable suggestion while support for JBD might be present already. Related commit f6275f6

Closing issue now that the test is (temporarily) gone.

[vk6xebec]

Thank you; this error also appears on btrfs systems (FYI)