Hi, Some ideas have been knocking around in my head for a while for ways to make disabling module loading (via /proc/sys/kernel/modules_disabled) easier for server admins. Right now there's kind of a weird problem on some distros where reading /etc/modules races with reading /etc/sysctl.{conf,d}. In these cases, you can't just put "kernel.modules_disabled=1" in the latter since you might not have finished loading modules from /etc/modules. On my own systems, I've added the sysctl call to my /etc/rc.local, which seems like a hack -- that file is related to neither sysctl nor modules and both subsystems have their own configuration files. I was wondering about making "disable" an internal modprobe alias. I can do this already with something like /etc/modprobe.d/disable.conf containing: install disable /sbin/sysctl kernel.modules_disabled=1 And then in /etc/modules I can list "disable" on the last line. While this certainly works, I was wondering if it would make sense to make this a global alias rather than having to convince every distro to carry this new file in /etc/modprobe.d/. Thoughts? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-modules" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html