[PATCH] UBUNTU: SAUCE: [net] disable autoloading of rare protocols
tcanonical at tpi.com
Thu Jan 13 16:03:46 UTC 2011
On 01/12/2011 05:57 PM, Kees Cook wrote:
> On Wed, Jan 12, 2011 at 05:34:52PM -0600, Tim Gardner wrote:
>> On 01/12/2011 05:06 PM, Kees Cook wrote:
>>> On Wed, Jan 12, 2011 at 03:41:21PM -0600, Tim Gardner wrote:
>>>> Why don't we blacklist these modules instead of carrying more SAUCE patches?
>>> I think that shipping a blacklist file is more of a pain since it would end up as a
>>> debian conffile in /etc, so local changes would cause install debconf questions, etc.
>> I think the folks that would enable these modules are also capable
>> of dealing with answering a debconf question. Furthermore,
>> /etc/modprobe.d is a well known place for module loading control.
>> Isn't /etc/modprobe.d where Jockey does its thing when switching
>> between nvidia and nouveau ?
> It's certainly an option. I just try to avoid adding conffiles at all
> cost since they're so annoying to deal with in packaging if you want to
> remove them, change them, etc.
>>> Another option would be to filter it during the modules.aliases file creation so the
>>> list is all in one place.
>> I'm not sure I follow you here. Are you suggesting we add code in
>> the post install hook for the kernel that elides the protocol module
>> aliases? That doesn't seem like a very good idea to me wrt updates.
> No, I mean patching the kernel's build process to add effectively a
> grep -v when generating the modules.aliases file. Though the more I
> think about this, the more that seems to really be a patch to depmod,
> so I probably don't recommend it now.
> Anyway, why not carry the kernel patch so we're at least in sync with
Because we aren't in sync with Debian. We're in sync with Linus' upstream.
Andy has some thoughts about how we might mitigate debconf questions.
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team