|
|
Log in / Subscribe / Register

Restricting automatic kernel-module loading

Restricting automatic kernel-module loading

Posted Dec 5, 2017 6:20 UTC (Tue) by dambacher (subscriber, #1710)
Parent article: Restricting automatic kernel-module loading

Maybe one can write a patch to either route the request_module call to the udev helper system to apply some rules or to add a ebpf filter before it?

to post comments

Restricting automatic kernel-module loading

Posted Dec 5, 2017 9:04 UTC (Tue) by lkundrak (subscriber, #43452) [Link]

Having userspace do the policing indeed sounds like a good idea.

The mechanism to do so is already in place: request_module() already asks the userspace helper. modprobe is already able to deny loading of modules and even launch commands instead, and if modprobe is not up to the job then a different helper could be specified with the kernel.modprobe sysctl?


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds