On Thu, Mar 12 2020, Eric Biggers wrote: > From: Eric Biggers > > Document the kernel.modprobe sysctl in the same place that all the other > kernel.* sysctls are documented. Make sure to mention how to use this > sysctl to completely disable module autoloading, and how this sysctl > relates to CONFIG_STATIC_USERMODEHELPER. > > Cc: Alexei Starovoitov > Cc: Andrew Morton > Cc: Greg Kroah-Hartman > Cc: Jeff Vander Stoep > Cc: Jessica Yu > Cc: Kees Cook > Cc: Luis Chamberlain > Cc: NeilBrown > Signed-off-by: Eric Biggers > --- > Documentation/admin-guide/sysctl/kernel.rst | 25 ++++++++++++++++++++- > 1 file changed, 24 insertions(+), 1 deletion(-) > > diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst > index def074807cee9..454f3402ed321 100644 > --- a/Documentation/admin-guide/sysctl/kernel.rst > +++ b/Documentation/admin-guide/sysctl/kernel.rst > @@ -49,7 +49,7 @@ show up in /proc/sys/kernel: > - kexec_load_disabled > - kptr_restrict > - l2cr [ PPC only ] > -- modprobe ==> Documentation/debugging-modules.txt > +- modprobe > - modules_disabled > - msg_next_id [ sysv ipc ] > - msgmax > @@ -444,6 +444,29 @@ l2cr: (PPC only) > This flag controls the L2 cache of G3 processor boards. If > 0, the cache is disabled. Enabled if nonzero. > > +modprobe: > +========= > + > +The path to the usermode helper for autoloading kernel modules, by > +default "/sbin/modprobe". This binary is executed when the kernel > +requests a module. For example, if userspace passes an unknown > +filesystem type "foo" to mount(), then the kernel will automatically > +request the module "fs-foo.ko" by executing this usermode helper. I don't think it is right to add the ".ko" there. The string "fs-foo" is what is passed to the named executable, and it make well end up loading "bar.ko", depending what aliases are set up. I would probably write '... request the module named 'fs-foo" by executing..' (The "name" for a module can come from the file that stores it, and alias inside it, or configuration in modprobe.d). Thanks, NeilBrown > +This usermode helper should insert the needed module into the kernel. > + > +This sysctl only affects module autoloading. It has no effect on the > +ability to explicitly insert modules. > + > +If this sysctl is set to the empty string, then module autoloading is > +completely disabled. The kernel will not try to execute a usermode > +helper at all, nor will it call the kernel_module_request LSM hook. > + > +If CONFIG_STATIC_USERMODEHELPER=y is set in the kernel configuration, > +then the configured static usermode helper overrides this sysctl, > +except that the empty string is still accepted to completely disable > +module autoloading as described above. > + > +Also see Documentation/debugging-modules.txt. > > modules_disabled: > ================= > -- > 2.25.1