Linux-Modules Archive on lore.kernel.org
 help / Atom feed
From: Lucas De Marchi <lucas.de.marchi@gmail.com>
To: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Cc: linux-modules <linux-modules@vger.kernel.org>
Subject: Re: [PATCHv2 0/4] depmod: implement external directories support
Date: Wed, 19 Jul 2017 11:07:11 -0700
Message-ID: <CAKi4VA+PMniY-4W2J5pQkcZ=6ZRCLWQAWLJHwX8642S8025nSQ@mail.gmail.com> (raw)
In-Reply-To: <xunyzid3f2g9.fsf@redhat.com>

On Tue, Jun 20, 2017 at 2:11 AM, Yauheni Kaliuta
<yauheni.kaliuta@redhat.com> wrote:
> Hi!
>
>>>>>> On Tue,  9 May 2017 22:09:20 +0300, Yauheni Kaliuta  wrote:
>
>  > This is a pretty simple extention of existing logic, since now
>  > depmod already is able to:
>
>  > a) scan modules with full path from command line without -a
>  > switch;
>  > b) detects broken symbol dependencies and broken modversions,
>  > what assumes, that modules are already are not built for the
>  > existing kernel.
>
> [...]
>
>
> I've heared a concern about the feature, that it may make sense to limit
> the possible external directories to some subdirectory(s). The idea is that
> 3rd party vendor packages can pollute filesystem with its modules and a
> system administrator may like to be sure that they are in a more defined
> place.
>
> What do you think?

Humn... doesn't that completely defeats the purpose of using it for development?

That just reminded me we missed the changes to the man page. Could you
take care of that?

> Of course, it is not security concern, just about unintentional
> pollution. If there is the intention, in most cases from the package
> maintainer scipts it's possible to install symbolic link under the
> permitted directory, for example, with the file anywere.

Not sure if kmod is the right place to restrict the directories.
Maybe it's a distro policy thing?
What would you restrict it to?


-- 
Lucas De Marchi

  reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-23 15:23 [PATCH RFC 0/3] " Yauheni Kaliuta
2016-11-23 15:23 ` [PATCH RFC 1/3] depmod: create depmod dir independent search function Yauheni Kaliuta
2017-05-09  6:56   ` Lucas De Marchi
2016-11-23 15:23 ` [PATCH RFC 2/3] depmod: search key: move builtin detection under the add function Yauheni Kaliuta
2017-05-09  7:04   ` Lucas De Marchi
2016-11-23 15:23 ` [PATCH RFC 3/3] depmod: implement external directories support Yauheni Kaliuta
2017-03-18 21:46 ` [PATCH RFC 0/3] " Yauheni Kaliuta
2017-05-09  7:51   ` Lucas De Marchi
2017-05-09  8:50     ` Yauheni Kaliuta
2017-05-09 19:09     ` [PATCHv2 0/4] " Yauheni Kaliuta
2017-05-09 19:09       ` [PATCHv2 1/4] depmod: create depmod dir independent search function Yauheni Kaliuta
2017-06-02  2:18         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 2/4] depmod: rewrite depmod modules search with scratchbuf Yauheni Kaliuta
2017-06-02  3:23         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 3/4] depmod: implement external directories support Yauheni Kaliuta
2017-06-02  3:30         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 4/4] testsuite: add tests for external directory support Yauheni Kaliuta
2017-06-02  4:03         ` Lucas De Marchi
2017-06-02  4:05       ` [PATCHv2 0/4] depmod: implement external directories support Lucas De Marchi
2017-06-20  9:11       ` Yauheni Kaliuta
2017-07-19 18:07         ` Lucas De Marchi [this message]
2017-07-19 18:57           ` Yauheni Kaliuta

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKi4VA+PMniY-4W2J5pQkcZ=6ZRCLWQAWLJHwX8642S8025nSQ@mail.gmail.com' \
    --to=lucas.de.marchi@gmail.com \
    --cc=linux-modules@vger.kernel.org \
    --cc=yauheni.kaliuta@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Modules Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-modules/0 linux-modules/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-modules linux-modules/ https://lore.kernel.org/linux-modules \
		linux-modules@vger.kernel.org linux-modules@archiver.kernel.org
	public-inbox-index linux-modules


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-modules


AGPL code for this site: git clone https://public-inbox.org/ public-inbox