Mailinglist Archive: opensuse-factory (633 mails)

< Previous Next >
Re: [opensuse-factory] [PLEASE SPEAK UP] Disabling legacy file systems by default?
On Wed, 2019-01-30 at 22:04 +0300, Andrei Borzenkov wrote:
30.01.2019 21:49, Martin Wilck пишет:
On Wed, 2019-01-30 at 19:01 +0100, Jan Engelhardt wrote:
On Wednesday 2019-01-30 17:41, Martin Wilck wrote:

SUSE will blacklist a number of legacy and/or less frequently
used
file systems by default on SLES for security reasons.

The proposed list can be seen here:

https://github.com/openSUSE/suse-module-tools/pull/5/commits/8cb42fb6658f210cb8c955d584a65f7b041c0575

The question is now whether we should do the same for openSUSE.

The question is whether perhaps autoloading should be inhibited
by
default, and then a distro like SLES can *whitelist* all those
that
likes.

That way, people can also whitelist their favorite filesystem
*without*
having to edit any file that rpm installed (which, as we know, is
always
leading to a conflict).

I'm unsure how this would work technically, as there is no
"whitelist"
directive in modprobe.d files, and no blacklisting by wildcard.


blacklist cramfs
alias fs-cramfs cramfs

Should work, as "blacklist" only ignores built-in aliases, not
aliases
explicitly provided by configuration file(s).

I read the man page like you do, but it doesn't work like this:

apollon:~ # cat /lib/modprobe.d/60-blacklist.conf
blacklist cramfs
alias fs-cramfs cramfs
apollon:~ # modprobe -vn fs-cramfs
(no output)
apollon:~ # grep cramfs /proc/modules
(no output)
apollon:~ #

What we can do easily, though, is put the distro defaults under
/lib/modules.d, so that users can change them any time under
/etc/modules.d, similar to udev rules.


It is still all or nothing. It does not allow admin to override
single
directive (or single rule from udev rules file), so it won't allow
"enabling" of single filesystem.

Nack.

apollon:~ # sed '/cramfs/s/^/#/' /lib/modprobe.d/60-blacklist.conf
/etc/modprobe.d/60-blacklist.conf
apollon:~ # modprobe -vn fs-cramfs
insmod /lib/modules/4.19.5-1-default/kernel/fs/cramfs/cramfs.ko

This would enable cramfs only. If you want all-or-nothing, you
could simply run ">/etc/modprobe.d/60-blacklist.conf".

Martin

Although of course in this case the right location for packaged files
is
/lib, not /etc.





--
Dr. Martin Wilck <mwilck@xxxxxxxx>, Tel. +49 (0)911 74053 2107
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >