remove-system.map cannot work - `/lib/modules` is mounted read-only

Whonix tries to remove System.map file, but isn’t possible since the modules are mounted read-only. With dom0-provided kernel (as opposed to a custom local build), it doesn’t really make sense, since the file is public anyway (downloadable in kernel package) and identical on all installations (that use the same kernel version).

Specific message in logs:

[2022-02-05 03:20:27] [   19.749522] remove-system.map[354]: Deleting system.map files...
[2022-02-05 03:20:27] [   19.800996] remove-system.map[372]: shred: /lib/modules/5.10.90-1.fc32.qubes.x86_64/build/System.map: failed to open for writing: Operation not permitted
[2022-02-05 03:20:27] [   19.834993] remove-system.map[376]: cat: '': No such file or directory
[2022-02-05 03:20:27] [   19.842596] remove-system.map[354]: ####################################################################
[2022-02-05 03:20:27] [   19.844270] remove-system.map[354]: ## BEGIN ERROR in /usr/libexec/security-misc/remove-system.map detected!
[2022-02-05 03:20:27] [   19.848990] remove-system.map[354]: ##
[2022-02-05 03:20:27] [   19.859321] remove-system.map[354]: ## ERROR LOG:
[2022-02-05 03:20:28] [   19.865744] remove-system.map[354]: ## See above.
[2022-02-05 03:20:28] [   19.871415] remove-system.map[354]: ##
[2022-02-05 03:20:28] [   19.878162] remove-system.map[354]: ## BASH_COMMAND: shred --force --zero -u "${filename}"
[2022-02-05 03:20:28] [   19.883162] remove-system.map[354]: ## EXIT_CODE: 1
[2022-02-05 03:20:28] [e[0;1;31mFAILEDe[0m] Failed to start e[0;1;39mRemoves the System.map filese[0m.
[2022-02-05 03:20:28] See 'systemctl status remove-system-map.service' for details.
[2022-02-05 03:20:28] [   19.896677] remove-system.map[354]: ##
[2022-02-05 03:20:28] [   19.904026] remove-system.map[354]: ## END ERROR in /usr/libexec/security-misc/remove-system.map detected!
[2022-02-05 03:20:28] [   19.908189] remove-system.map[354]: ## Please report this bug!
[2022-02-05 03:20:28] [   19.913158] remove-system.map[354]: ####################################################################

Found in logs of openqa test: Qubes OS openQA: qubesos-4.1-qubes-whonix-x86_64-Build2022020906-4.1-system_tests_update@64bit test results

Thank you for the bug report!

A solution for read-only support will be implemented soon. Most likely by skipping any attempt to delete these files.

system.map deletion came originally up here:

It makes most sense when using a self-compiled custom kernel but we’re not there yet. Otherwise in theory would only break malware that depends on reading that file without a hardcoded implementation.

This is now available in Whonix testers repository.