[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols
Tim Gardner
tcanonical at tpi.com
Thu Jan 13 16:03:46 UTC 2011
On 01/12/2011 05:57 PM, Kees Cook wrote:
> On Wed, Jan 12, 2011 at 05:34:52PM -0600, Tim Gardner wrote:
>> On 01/12/2011 05:06 PM, Kees Cook wrote:
>>> On Wed, Jan 12, 2011 at 03:41:21PM -0600, Tim Gardner wrote:
>>>> Why don't we blacklist these modules instead of carrying more SAUCE patches?
>>>
>>> I think that shipping a blacklist file is more of a pain since it would end up as a
>>> debian conffile in /etc, so local changes would cause install debconf questions, etc.
>>>
>>
>> I think the folks that would enable these modules are also capable
>> of dealing with answering a debconf question. Furthermore,
>> /etc/modprobe.d is a well known place for module loading control.
>> Isn't /etc/modprobe.d where Jockey does its thing when switching
>> between nvidia and nouveau ?
>
> It's certainly an option. I just try to avoid adding conffiles at all
> cost since they're so annoying to deal with in packaging if you want to
> remove them, change them, etc.
>
>>> Another option would be to filter it during the modules.aliases file creation so the
>>> list is all in one place.
>>>
>>
>> I'm not sure I follow you here. Are you suggesting we add code in
>> the post install hook for the kernel that elides the protocol module
>> aliases? That doesn't seem like a very good idea to me wrt updates.
>
> No, I mean patching the kernel's build process to add effectively a
> grep -v when generating the modules.aliases file. Though the more I
> think about this, the more that seems to really be a patch to depmod,
> so I probably don't recommend it now.
>
> Anyway, why not carry the kernel patch so we're at least in sync with
> Debian?
>
Because we aren't in sync with Debian. We're in sync with Linus' upstream.
Andy has some thoughts about how we might mitigate debconf questions.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list