From: Prarit Bhargava prarit@redhat.com
mod-denylist.sh: Change to denylist
Change blacklist references to denylist.
Suggested-by: Brian Masney bmasney@redhat.com Signed-off-by: Prarit Bhargava prarit@redhat.com
diff --git a/redhat/mod-denylist.sh b/redhat/mod-denylist.sh index blahblah..blahblah 100755 --- a/redhat/mod-denylist.sh +++ b/redhat/mod-denylist.sh @@ -10,20 +10,20 @@ Dir="$1/$2" List=$3 Dest="$4"
-blacklist() +denylist() { - cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + cat > "$RpmDir/etc/modprobe.d/$1-denylist.conf" <<-__EOF__ # This kernel module can be automatically loaded by non-root users. To - # enhance system security, the module is blacklisted by default to ensure + # enhance system security, the module is denylisted by default to ensure # system administrators make the module available for use as needed. # See https://access.redhat.com/articles/3760101 for more details. # - # Remove the blacklist by adding a comment # at the start of the line. - blacklist $1 + # Remove the denylist by adding a comment # at the start of the line. + denylist $1 __EOF__ }
-check_blacklist() +check_denylist() { mod=$(find "$RpmDir/$ModDir" -name "$1") [ ! "$mod" ] && return 0 @@ -31,7 +31,7 @@ check_blacklist() mod="${1##*/}" mod="${mod%.ko*}" echo "$mod has an alias that allows auto-loading. Blacklisting." - blacklist "$mod" + denylist "$mod" fi }
@@ -142,7 +142,7 @@ if [ -z "$Dest" ]; then sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" echo "./$RpmDir/$ListName created." [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" - foreachp check_blacklist < "$List" + foreachp check_denylist < "$List" fi
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload @@ -152,7 +152,7 @@ fi
floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then - blacklist "floppy" + denylist "floppy" fi
# avoid an empty kernel-extra package
-- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1185
From: Brian Masney on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1185#note_6117751...
Does the userspace module loader understand the `denylist` keyword yet? Or does this still need to stay as `blacklist` for the time being?
From: Patrick Talbert on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1185#note_6120737...
The modprobe.d man page only mentions blacklist and I cannot immediately find any upstream commits that make any reference to changing it.
https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/log/
kernel@lists.fedoraproject.org