diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-07-06 10:25:51 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-07-06 10:25:51 -0500 |
| commit | f8ba90246efa42ef660cc2bb884e35875fea42ed (patch) | |
| tree | 94916639ad42bb15a33f78e3d2627b47e3a9877c /mod-denylist.sh | |
| parent | 3803bc12d1f8a02778d13cd45c5cbecb05155f78 (diff) | |
| download | kernel-f8ba90246efa42ef660cc2bb884e35875fea42ed.tar.gz kernel-f8ba90246efa42ef660cc2bb884e35875fea42ed.tar.xz kernel-f8ba90246efa42ef660cc2bb884e35875fea42ed.zip | |
kernel-5.14.0-0.rc0.20210706git79160a603bdb.11
* Tue Jul 06 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.14.0-0.rc0.20210706git79160a603bdb.11]
- common: enable STRICT_MODULE_RWX everywhere (Peter Robinson)
Resolves: rhbz#
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to 'mod-denylist.sh')
| -rwxr-xr-x | mod-denylist.sh | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/mod-denylist.sh b/mod-denylist.sh index 6127d145f..47eb1a7b4 100755 --- a/mod-denylist.sh +++ b/mod-denylist.sh @@ -10,28 +10,28 @@ Dir="$1/$2" List=$3 Dest="$4" -blacklist() +denylist() { - cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + cat > "$RpmDir/etc/modprobe.d/$1-denylist.conf" <<-__EOF__ # This kernel module can be automatically loaded by non-root users. To - # enhance system security, the module is blacklisted by default to ensure + # enhance system security, the module is denylisted by default to ensure # system administrators make the module available for use as needed. # See https://access.redhat.com/articles/3760101 for more details. # - # Remove the blacklist by adding a comment # at the start of the line. + # Remove the denylist by adding a comment # at the start of the line. blacklist $1 __EOF__ } -check_blacklist() +check_denylist() { mod=$(find "$RpmDir/$ModDir" -name "$1") [ ! "$mod" ] && return 0 if modinfo "$mod" | grep -q '^alias:\s\+net-'; then mod="${1##*/}" mod="${mod%.ko*}" - echo "$mod has an alias that allows auto-loading. Blacklisting." - blacklist "$mod" + echo "Blocking $mod from auto-loading." + denylist "$mod" fi } @@ -142,7 +142,7 @@ if [ -z "$Dest" ]; then sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" echo "./$RpmDir/$ListName created." [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" - foreachp check_blacklist < "$List" + foreachp check_denylist < "$List" fi # Many BIOS-es export a PNP-id which causes the floppy driver to autoload @@ -152,7 +152,7 @@ fi floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then - blacklist "floppy" + denylist "floppy" fi # avoid an empty kernel-extra package |