On Wed, Sep 15, 2021 at 05:49:34PM +0200, Thomas Weißschuh wrote: > Hi, > > I would like to propose a new syscall that exposes the functionality of > request_module() to userspace. > > Propsed signature: request_module(char *module_name, char **args, int flags); > Where args and flags have to be NULL and 0 for the time being. > > Rationale: > > We are using nested, privileged containers which are loading kernel modules. > Currently we have to always pass around the contents of /lib/modules from the > root namespace which contains the modules. > (Also the containers need to have userspace components for moduleloading > installed) > > The syscall would remove the need for this bookkeeping work. So you want any container to have the ability to "bust through" the containers and load a module from the "root" of the system? That feels dangerous, why not just allow a mount of /lib/modules into the containers that you want to be able to load a module? Why are modules somehow "special" here, they are just a resource that has to be allowed (or not) to be accessed by a container like anything else on a filesystem. thanks, greg k-h
