Linux-Modules Archive on lore.kernel.org
 help / color / Atom feed
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
To: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: linux-modules <linux-modules@vger.kernel.org>
Subject: Re: [PATCHv2 0/4] depmod: implement external directories support
Date: Wed, 19 Jul 2017 21:57:49 +0300
Message-ID: <xunyo9sgqmoi.fsf@redhat.com> (raw)
In-Reply-To: <CAKi4VA+PMniY-4W2J5pQkcZ=6ZRCLWQAWLJHwX8642S8025nSQ@mail.gmail.com>

Hi, Lucas!

>>>>> On Wed, 19 Jul 2017 11:07:11 -0700, Lucas De Marchi  wrote:

 > On Tue, Jun 20, 2017 at 2:11 AM, Yauheni Kaliuta
 > <yauheni.kaliuta@redhat.com> wrote:
 >> Hi!
 >> 
 >>>>>>> On Tue,  9 May 2017 22:09:20 +0300, Yauheni Kaliuta  wrote:
 >> 
 >> > This is a pretty simple extention of existing logic, since now
 >> > depmod already is able to:
 >> 
 >> > a) scan modules with full path from command line without -a
 >> > switch;
 >> > b) detects broken symbol dependencies and broken modversions,
 >> > what assumes, that modules are already are not built for the
 >> > existing kernel.
 >> 
 >> [...]
 >> 
 >> 
 >> I've heared a concern about the feature, that it may make sense to limit
 >> the possible external directories to some subdirectory(s). The idea is that
 >> 3rd party vendor packages can pollute filesystem with its modules and a
 >> system administrator may like to be sure that they are in a more defined
 >> place.
 >> 
 >> What do you think?

 > Humn... doesn't that completely defeats the purpose of using it for
 > development?

 > That just reminded me we missed the changes to the man page. Could you
 > take care of that?

Oh yes, sure. Just may be after vacations (next two weeks).

 >> Of course, it is not security concern, just about unintentional
 >> pollution. If there is the intention, in most cases from the package
 >> maintainer scipts it's possible to install symbolic link under the
 >> permitted directory, for example, with the file anywere.

 > Not sure if kmod is the right place to restrict the directories.
 > Maybe it's a distro policy thing?

I think the same. But it is about 3rd party modules.

 > What would you restrict it to?

I was thinking about that a bit.

What if I implement some configuration keyword, "restrict_external" for
example, with a directory prefix (up to the distribution, /lib/modules or
whatever) which is impossible then to override (by the additional configs
from the 3rd party module package) and if depmod finds such external
configuration, it ignores it with a warning?

-- 
WBR,
Yauheni Kaliuta

      reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-23 15:23 [PATCH RFC 0/3] " Yauheni Kaliuta
2016-11-23 15:23 ` [PATCH RFC 1/3] depmod: create depmod dir independent search function Yauheni Kaliuta
2017-05-09  6:56   ` Lucas De Marchi
2016-11-23 15:23 ` [PATCH RFC 2/3] depmod: search key: move builtin detection under the add function Yauheni Kaliuta
2017-05-09  7:04   ` Lucas De Marchi
2016-11-23 15:23 ` [PATCH RFC 3/3] depmod: implement external directories support Yauheni Kaliuta
2017-03-18 21:46 ` [PATCH RFC 0/3] " Yauheni Kaliuta
2017-05-09  7:51   ` Lucas De Marchi
2017-05-09  8:50     ` Yauheni Kaliuta
2017-05-09 19:09     ` [PATCHv2 0/4] " Yauheni Kaliuta
2017-05-09 19:09       ` [PATCHv2 1/4] depmod: create depmod dir independent search function Yauheni Kaliuta
2017-06-02  2:18         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 2/4] depmod: rewrite depmod modules search with scratchbuf Yauheni Kaliuta
2017-06-02  3:23         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 3/4] depmod: implement external directories support Yauheni Kaliuta
2017-06-02  3:30         ` Lucas De Marchi
2017-05-09 19:09       ` [PATCHv2 4/4] testsuite: add tests for external directory support Yauheni Kaliuta
2017-06-02  4:03         ` Lucas De Marchi
2017-06-02  4:05       ` [PATCHv2 0/4] depmod: implement external directories support Lucas De Marchi
2017-06-20  9:11       ` Yauheni Kaliuta
2017-07-19 18:07         ` Lucas De Marchi
2017-07-19 18:57           ` Yauheni Kaliuta [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xunyo9sgqmoi.fsf@redhat.com \
    --to=yauheni.kaliuta@redhat.com \
    --cc=linux-modules@vger.kernel.org \
    --cc=lucas.de.marchi@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Modules Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-modules/0 linux-modules/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-modules linux-modules/ https://lore.kernel.org/linux-modules \
		linux-modules@vger.kernel.org linux-modules@archiver.kernel.org
	public-inbox-index linux-modules


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-modules


AGPL code for this site: git clone https://public-inbox.org/ public-inbox