Hi,
Some ideas have been knocking around in my head for a while for ways
to make disabling module loading (via
/proc/sys/kernel/modules_disabled) easier for server admins. Right now
there's kind of a weird problem on some distros where reading
/etc/modules races with reading /etc/sysctl.{conf,d}. In these cases,
you can't just put "kernel.modules_disabled=1" in the latter since you
might not have finished loading modules from /etc/modules. On my own
systems, I've added the sysctl call to my /etc/rc.local, which seems
like a hack -- that file is related to neither sysctl nor modules and
both subsystems have their own configuration files.
I was wondering about making "disable" an internal modprobe alias. I
can do this already with something like /etc/modprobe.d/disable.conf
containing:
install disable /sbin/sysctl kernel.modules_disabled=1
And then in /etc/modules I can list "disable" on the last line. While
this certainly works, I was wondering if it would make sense to make
this a global alias rather than having to convince every distro to
carry this new file in /etc/modprobe.d/.
Thoughts?
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
