On Wed, Mar 11, 2020 at 10:41:34AM -0700, Eric Biggers wrote: > On Wed, Mar 11, 2020 at 10:28:07AM -0700, Kees Cook wrote: > > On Tue, Mar 10, 2020 at 03:37:31PM -0700, Eric Biggers wrote: > > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > > > It's long been possible to disable kernel module autoloading completely > > > by setting /proc/sys/kernel/modprobe to the empty string. This can be > > > > Hunh. I've never seen that before. :) I've always used; > > > > echo 1 > /proc/sys/kernel/modules_disabled > > > > Regardless, > > > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > > > modules_disabled is different because it disables *all* module loading, not just > autoloading. Clarifying this on your patch would be useful, otherwise its lost tribal knowledge. LUis
