* Richard L. Hamilton <[EMAIL PROTECTED]> [2007-10-31 19:51]:
> Is there a way to disallow further kernel module load/unload
> operations (including automatic loading of modules) pending (a) reboot
> (for security too), or in a less dire form (b) pending an explicit
> unlock request? (not sure the latter is actually needed)
There's no supported way to do this, but bfu does it in an unsupported
fashion:
$ ggrep -B2 moddebug /ws/onnv-gate/public/bin/bfu
print "Disabling kernel module unloading ... \c"
test -x /usr/bin/adb || fail "/usr/bin/adb not found: bfu not safe."
echo "moddebug/W20000" | adb -kw /dev/ksyms /dev/mem | grep moddebug
I suspect we'll add an actual interface--there are a couple of related
requests, like load all modules and then block load/unload, to
consider--to support some of the install/upgrade/packaging operations
we'd like to make safe.
- Stephen
--
[EMAIL PROTECTED] http://blogs.sun.com/sch/
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
