From: Prarit Bhargava <pra...@redhat.com>
mod-denylist.sh: Change to denylist
Change blacklist references to denylist.
v2: modprobe still uses blacklist
v3: modprobe doesn't care what the denylist file is named
Suggested-by: Brian Masney <bmas...@redhat.com>
Signed-off-by: Prarit Bhargava <pra...@redhat.com>
diff --git a/redhat/mod-denylist.sh b/redhat/mod-denylist.sh
index blahblah..blahblah 100755
--- a/redhat/mod-denylist.sh
+++ b/redhat/mod-denylist.sh
@@ -10,28 +10,28 @@ Dir="$1/$2"
List=$3
Dest="$4"
-blacklist()
+denylist()
{
- cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
+ cat > "$RpmDir/etc/modprobe.d/$1-denylist.conf" <<-__EOF__
# This kernel module can be automatically loaded by non-root users. To
- # enhance system security, the module is blacklisted by default to
ensure
+ # enhance system security, the module is denylisted by default to ensure
# system administrators make the module available for use as needed.
# See https://access.redhat.com/articles/3760101 for more details.
#
- # Remove the blacklist by adding a comment # at the start of the line.
+ # Remove the denylist by adding a comment # at the start of the line.
blacklist $1
__EOF__
}
-check_blacklist()
+check_denylist()
{
mod=$(find "$RpmDir/$ModDir" -name "$1")
[ ! "$mod" ] && return 0
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
mod="${1##*/}"
mod="${mod%.ko*}"
- echo "$mod has an alias that allows auto-loading. Blacklisting."
- blacklist "$mod"
+ echo "Blocking $mod from auto-loading."
+ denylist "$mod"
fi
}
@@ -142,7 +142,7 @@ if [ -z "$Dest" ]; then
sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName"
echo "./$RpmDir/$ListName created."
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
- foreachp check_blacklist < "$List"
+ foreachp check_denylist < "$List"
fi
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
@@ -152,7 +152,7 @@ fi
floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*)
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
- blacklist "floppy"
+ denylist "floppy"
fi
# avoid an empty kernel-extra package
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1185
_______________________________________________
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
