On Thu, 2017-04-20 at 14:44 +0200, Djalal Harouni wrote: > > On Thu, Apr 20, 2017 at 4:22 AM, Ben Hutchings wrote: > > On Thu, 2017-04-20 at 00:20 +0200, Djalal Harouni wrote: > > [...] > > > +modules_autoload: > > > + > > > +A sysctl to control if modules auto-load feature is allowed or not. > > > +This sysctl complements "modules_disabled" which is for all module > > > +operations where this flag applies only to automatic module loading. > > > +Automatic module loading happens when programs request a kernel feature > > > +that is implemented by an unloaded module, the kernel automatically > > > +runs the program pointed by "modprobe" sysctl in order to load the > > > +corresponding module. > > > + > > > +When modules_autoload is set to (0), the default, there are no > > > +restrictions. > > > + > > > +When modules_autoload is set to (1), processes must have CAP_SYS_MODULE > > > +to be able to trigger a module auto-load operation, or CAP_NET_ADMIN > > > +for modules with a 'netdev-%s' alias. > > > + > > > +When modules_autoload is set to (2), automatic module loading is > > > +disabled for all. Once set, this value can not be changed. > > > > I would expect a parameter 'modules_autoload' to be a boolean, so this > > behaviour would be surprising. > > > > What is the point of mode 2?  Why would someone want to set > > modules_disabled=0 and modules_autoload=2? > > modules_disabled is too restrictive and once set it can't be changed, > maybe that's why not all users use it. > > With modules_disabled=0 and modules_autoload=2 [...] Hmm, OK. How about naming this modules_autoload_mode, then, so that it's obviously not a boolean? Ben. -- Ben Hutchings It is easier to change the specification to fit the program than vice versa.