less than a minute | Last modified: 2025-04-24, 11:58:58 am

Disabling kernel lockdown on Bottlerocket systems

Disabling kernel lockdown on Bottlerocket systems

By default, kernel lockdown is enabled on Bottlerocket systems. This can cause the OpenResty XRay Agent to fail to load kernel modules properly. You can disable kernel lockdown with the following command:

Logging in to the admin container via SSH

  1. Log in to the admin container using SSH
  2. Execute apiclient set kernel.lockdown=none to turn off kernel.lockdown.
  3. Restart the AWS EC2 instance

Login to the admin container through the console

If SSH is not enabled, you can log in to the console container as follows

  1. Log in to the AWS EC2 console
  2. Select the EC2 instance
  3. Select the Connect button in the upper right corner of the EC2 instance.

  4. Select the Session Manager tab

  5. Enter enter-admin-container

  6. run apiclient set kernel.lockdown=none to turn off kernel.lockdown
  7. Restart the AWS EC2 instance

disable kernel lockdown by editing user data

  1. Log in to the AWS EC2 console
  2. Select the EC2 instance
  3. Select the Actions button for the instance. 4.
  4. Select the Instance settings tab. 5.
  5. Select the Edit user data button

  6. Add the following configuration to the User data text box

    [settings.kernel]
lockdown = “none”
  7. Start the AWS EC2 instance