rpms/kernel
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Back out mod-denylist.sh changes until dracut is ready

Browse Source 
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes 2021-07-06 12:22:56 -05:00
parent f8ba90246e
commit 8bce7ff2ca
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
mod-denylist.sh
View File

@ -10,28 +10,28 @@ Dir="$1/$2"
List=$3 List=$3
Dest="$4" Dest="$4"
denylist() blacklist()
{ {
cat > "$RpmDir/etc/modprobe.d/$1-denylist.conf" <<-__EOF__ cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
# This kernel module can be automatically loaded by non-root users. To # This kernel module can be automatically loaded by non-root users. To
# enhance system security, the module is denylisted by default to ensure # enhance system security, the module is blacklisted by default to ensure
# system administrators make the module available for use as needed. # system administrators make the module available for use as needed.
# See https://access.redhat.com/articles/3760101 for more details. # See https://access.redhat.com/articles/3760101 for more details.
# #
# Remove the denylist by adding a comment # at the start of the line. # Remove the blacklist by adding a comment # at the start of the line.
blacklist $1 blacklist $1
__EOF__ __EOF__
} }
check_denylist() check_blacklist()
{ {
mod=$(find "$RpmDir/$ModDir" -name "$1") mod=$(find "$RpmDir/$ModDir" -name "$1")
[ ! "$mod" ] && return 0 [ ! "$mod" ] && return 0
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
mod="${1##*/}" mod="${1##*/}"
mod="${mod%.ko*}" mod="${mod%.ko*}"
echo "Blocking $mod from auto-loading." echo "$mod has an alias that allows auto-loading. Blacklisting."
denylist "$mod" blacklist "$mod"
fi fi
} }
@ -142,7 +142,7 @@ if [ -z "$Dest" ]; then
sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName"
echo "./$RpmDir/$ListName created." echo "./$RpmDir/$ListName created."
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
foreachp check_denylist < "$List" foreachp check_blacklist < "$List"
fi fi
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload # Many BIOS-es export a PNP-id which causes the floppy driver to autoload
@ -152,7 +152,7 @@ fi
floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*)
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
denylist "floppy" blacklist "floppy"
fi fi
# avoid an empty kernel-extra package # avoid an empty kernel-extra package