Mailinglist Archive: opensuse-factory (633 mails)

< Previous Next >
Re: [opensuse-factory] [PLEASE SPEAK UP] Disabling legacy file systems by default?
On Wed, 2019-01-30 at 22:04 +0300, Andrei Borzenkov wrote:
30.01.2019 21:49, Martin Wilck пишет:
On Wed, 2019-01-30 at 19:01 +0100, Jan Engelhardt wrote:
On Wednesday 2019-01-30 17:41, Martin Wilck wrote:

SUSE will blacklist a number of legacy and/or less frequently
file systems by default on SLES for security reasons.

The proposed list can be seen here:

The question is now whether we should do the same for openSUSE.

The question is whether perhaps autoloading should be inhibited
default, and then a distro like SLES can *whitelist* all those

That way, people can also whitelist their favorite filesystem
having to edit any file that rpm installed (which, as we know, is
leading to a conflict).

I'm unsure how this would work technically, as there is no
directive in modprobe.d files, and no blacklisting by wildcard.

blacklist cramfs
alias fs-cramfs cramfs

Should work, as "blacklist" only ignores built-in aliases, not
explicitly provided by configuration file(s).

I read the man page like you do, but it doesn't work like this:

apollon:~ # cat /lib/modprobe.d/60-blacklist.conf
blacklist cramfs
alias fs-cramfs cramfs
apollon:~ # modprobe -vn fs-cramfs
(no output)
apollon:~ # grep cramfs /proc/modules
(no output)
apollon:~ #

What we can do easily, though, is put the distro defaults under
/lib/modules.d, so that users can change them any time under
/etc/modules.d, similar to udev rules.

It is still all or nothing. It does not allow admin to override
directive (or single rule from udev rules file), so it won't allow
"enabling" of single filesystem.


apollon:~ # sed '/cramfs/s/^/#/' /lib/modprobe.d/60-blacklist.conf
apollon:~ # modprobe -vn fs-cramfs
insmod /lib/modules/4.19.5-1-default/kernel/fs/cramfs/cramfs.ko

This would enable cramfs only. If you want all-or-nothing, you
could simply run ">/etc/modprobe.d/60-blacklist.conf".


Although of course in this case the right location for packaged files
/lib, not /etc.

Dr. Martin Wilck <mwilck@xxxxxxxx>, Tel. +49 (0)911 74053 2107
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >