Re: [RFC PATCH] kmod: add whitelist option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 6, 2012 at 12:50 PM, Lucas De Marchi
<lucas.demarchi@xxxxxxxxxxxxxx> wrote:
>> It seems to be about giving admins more control over which modules can
>> be loaded, particularly in the presence of hotplug mechanisms that can
>> auto-load drivers for various devices when they're plugged in.
>
> then how is this any better than a whitelist in which modules get installed?

Well, I didn't say it was.  However, from a distribution perspective
you can do one of the following with a common distribution kernel RPM:

1) Install kernel RPM; remove modules from /lib/modules after the fact.
2) Code something into the RPM %post script that looks at a whitelist
   on the machine and automatically removes modules not in that list
   after the install (really a refinement of option 1).
3) Blacklist every module except those you want to allow to be loaded
   (opposite of the proposed solution).
4) Add a whitelist to kmod.
5) Something I haven't thought of.

Option 1 is kind of ugly to have to do by hand.  Option 2 is slightly
more feasible.  Both of them would then cause RPM's idea of what a
package provides to be somewhat broken though (e.g. rpm -V would fail).

Option 3 is fairly tedious to do by hand for a sysadmin.

Option 4 is what has been proposed.  It has positives and negatives
and I'm sure that is what Milan is looking to discuss so I'll leave
that be.

Option 5 is clearly beyond my capacity of thinking at the moment ;).

So, there are multiple ways to solve this.  I just wanted to make sure
the proposed option wasn't being viewed as a lock-in mechanism.

josh
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux