Company logoHelp Center
Visit www.threatlocker.com

Supported Linux Versions

2 min. readlast update: 01.06.2026

Officially supported versions by the latest Linux Agent build

There is a significant change with the introduction of ThreatLocker Linux Agent 3.0: it now uses an eBPF-based approach for implementing the Agent.

For Linux kernels 5.10 and above, eBPF will be utilized. All kernel versions starting from 5.10 will be supported by the corresponding package versions. For kernels below 5.10, the Agent will continue to use the LKM approach.

eBPF support table

Linux distribution

Officially supported kernel version 5.10 and up
RHEL 10 +
RHEL 9 +
Rocky Linux 10 +
Rocky Linux 9 +
Oracle Linux 9 +
CentOS 10 +
CentOS 9 +
Ubuntu 24.04  +
Ubuntu 23.04  +
Ubuntu 22.04  +
Ubuntu 20.04 +
Debian 13 +
Debian 12 +
Debian 11 +
Proxmox VE 9 +
Proxmox VE 8 +
Proxmox VE 7 +



LKM support table

Linux distribution

Supported kernel version 3.10 and up

RHEL 7.9 

3.10.0-862.*.el7.x86_64
3.10.0-1062.*.el7.x86_64
3.10.0-1127.*.el7.x86_64 
3.10.0-1160.*.el7.x86_64 

RHEL 8.4

4.18.0-305.*.el8_4.x86_64

RHEL 8.5

4.18.0-348.*.el8_5.x86_64

RHEL 8.6

4.18.0-372.*.el8_6.x86_64

4.18.0-553.*.el8_10.x86_64

RHEL 8.9 

4.18.0-553.*.el8_10.x86_64 

RHEL 8.10 

4.18.0-553.*.el8_10.x86_64 

Oracle Linux 7.9  

4.14.35-2047.*.el7uek.x86_64
5.4.17-2136.*.el7uek.x86_64

Oracle Linux 8.10

5.4.17-2136.*.el7uek.x86_64
5.15.0-307.*.el8uek.x86_64

CentOS 8
(Several versions are temporarily unsupported. See known issues.)

4.18.0-408.*.el8.x86_64
4.18.0-448.*.el8.x86_64
4.18.0-526.*.el8.x86_64
4.18.0-536.*.el8.x86_64
4.18.0-536.*.el8.x86_64+debug
4.18.0-544.*.el8.x86_64
4.18.0-546.*.el8.x86_64
4.18.0-546.*.el8.x86_64+debug
4.18.0-552.*.el8.x86_64

 

To use ThreatLocker LKM-based Agent on Ubuntu systems, you need to meet the exact kernel version support. For example 4.15.0-126-generic, not 4.15.0 or 4.15.0-111

For correct error handling, you need to install curl on your Ubuntu system. 

Ubuntu 16.04
Desktop/Server

4.15.0-1113-azure
4.15.0-112-generic
4.4.0-31-generic
4.4.0-210-generic
4.15.0-142-generic
4.13.0-1021-oem

Ubuntu 18.04
Desktop/Server

4.15.0-126-generic
4.15.0-194-generic
4.15.0-213-generic
5.3.0-28-generic
5.4.0-48-generic
5.4.0-150-generic
5.4.0-150-lowlatency
5.4.0-1109-azure

Ubuntu 20.04
Desktop/Server  

5.4.0-214-generic

 

Beta: A special Linux Agent build with limited functionality is available upon request

RHEL 6.4

2.6.32-754.53.1.el6.x86_64 x64

RHEL 6.10

2.6.32-754.53.1.el6.x86_64 x64

Kernel compatibility guidance for ThreatLocker's LKM-based Linux Agent 

ThreatLocker's Linux LKM-based agent is designed to operate only on specific, supported Linux kernel versions, with compatibility defined down to the exact kernel build number.

Installing the ThreatLocker LKM-based Agent on a supported kernel and subsequently updating the kernel to an unsupported version can lead to critical system instability, potentially rendering the machine inoperable.

If a kernel update to an unsupported kernel version is absolutely necessary, the ThreatLocker LKM-based Agent should be uninstalled before proceeding with the update to prevent system failure.

 

Steps before upgrading Ubuntu Linux kernels 5.13-5.15.0-52

You need to remove landlock LSM due to conflicts with eBPF LSM used by ThreatLocker Linux Agent. 

1) cat /sys/kernel/security/lsm

    If landlock is not in the list, you are done. 

2) Add bpf and remove landlock from lsm list:

Modify GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub 

GRUB_CMDLINE_LINUX_DEFAULT="lsm=lockdown,capability,yama,apparmor,bpf"

3) sudo update-grub

Was this article helpful?