Differences between revisions 9 and 10
Revision 9 as of 2015-01-18 15:30:14
Size: 3286
Comment: minor fixes
Revision 10 as of 2022-05-31 11:58:49
Size: 3273
Editor: PaulWise
Comment: minor cleanup
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
== KernelModuleBlacklisting == == Blocking loading of Linux kernel modules ==
Line 11: Line 11:
Disable automatic loading of kernel driver modules in etch<<FootNote(This procedure does not prevent another process from requesting a module addition during boot or runtime. Ex. - shorewall.)>> wheezy Disable automatic loading of Linux kernel driver modules. Note that this procedure does not prevent another process from requesting a module addition during boot or runtime.
Line 14: Line 14:
 1. As mentioned in the comment headers in {{{/etc/modprobe.d/blacklist.conf}}} adding modules there {{{...does not affect autoloading of modules by the kernel.}}}; this means that to blacklist a kernel driver such as ''ipv6'' you must do a fake install.  1. As mentioned in the comment headers in {{{/etc/modprobe.d/blacklist.conf}}} adding modules there {{{...does not affect autoloading of modules by the Linux kernel.}}}; this means that to blacklist a driver such as ''ipv6'' you must do a fake install.

Translation(s): English - Français - Italiano

(!) ?Discussion


Blocking loading of Linux kernel modules

Disable automatic loading of Linux kernel driver modules. Note that this procedure does not prevent another process from requesting a module addition during boot or runtime.

Warnings:

  1. As mentioned in the comment headers in /etc/modprobe.d/blacklist.conf adding modules there ...does not affect autoloading of modules by the Linux kernel.; this means that to blacklist a driver such as ipv6 you must do a fake install.

  2. (Re)move /etc/modprobe.conf, if present, as it supersedes anything in /etc/modprobe.d/* (unless you add include /etc/modprobe.d).

  3. The modules listed in /etc/initramfs-tools/modules aren't subject to blacklists so comment it first.

Howto:

  1. Create a file '/etc/modprobe.d/<modulename>.conf' containing 'blacklist <modulename>'.

  2. Run 'depmod -ae' as root

  3. Recreate your initrd with 'update-initramfs -u'

Examples:

root@host:/etc/modprobe.d# ls -altr
total 72
-rw-r--r--  1 root root   363 Sep 24 19:57 pnp-hotplug
-rw-r--r--  1 root root   284 Sep 24 19:57 display_class
drwxr-xr-x  2 root root    16 Oct 28 21:38 arch
lrwxrwxrwx  1 root root     9 Oct 28 21:38 arch-aliases -> arch/i386
-rw-r--r--  1 root root  1405 Oct 29 09:46 blacklist.conf
-rw-r--r--  1 root root    18 Oct 29 13:34 eth1394.conf
-rw-r--r--  1 root root    15 Oct 29 14:49 irda.conf
-rw-r--r--  1 root root    20 Oct 29 16:10 irtty_sir.conf
-rw-r--r--  1 root root    18 Oct 29 16:10 sir_dev.conf
-rw-r--r--  1 root root    19 Oct 29 16:10 nsc_ircc.conf
-rw-r--r--  1 root root  4360 Oct 29 16:21 aliases
drwxr-xr-x  3 root root  4096 Oct 29 16:24 .
-rw-r--r--  1 root root    15 Oct 29 16:24 ipv6.conf
drwxr-xr-x 47 root root 12288 Oct 29 16:25 ..
root@host:/etc/modprobe.d# cat eth1394.conf irda.conf irtty_sir.conf sir_dev.conf nsc_ircc.conf ipv6.conf
blacklist eth1394
blacklist irda
blacklist irtty_sir
blacklist sir_dev
blacklist nsc_ircc
blacklist ipv6

Addendum: Sometimes you've got to disable more modules to get the one you want: irda is such an example. In the above, irtty_sir, sir_dev and nsc_ircc all had to be disabled in order to disable irda. If you suspect something like that, run lsmod and find the modules that are using the one you want to disable.

Thanks to xingu and liable on irc #debian.

Blacklist with fake install

As an example, let's say you want to disable modulename using a fake install. You have to:

  1. Create a file named '/etc/modprobe.d/<modulename>.conf' containing 'install <modulename> /bin/true'.

  2. Reboot.

This procedure prevents the loading of the module modulename at runtime.


And thanks to -- ?BrendaButler for the suggestion - Should blacklisting be moved to another page? It's not part of udev.


CategoryKernel