On Fri Jun 5, 2026 at 8:25 PM CEST, Sami Tolvanen wrote: > On Fri, May 15, 2026 at 07:20:19PM +0200, Michal Gorlas wrote: >> Add CONFIG_MODULE_RESTRICT_AUTOLOAD and modrestrict parameter >> documentation. >> >> Signed-off-by: Michal Gorlas <[email protected]> >> --- >> Documentation/admin-guide/kernel-parameters.txt | 5 +++++ >> kernel/module/Kconfig | 15 +++++++++++++++ >> 2 files changed, 20 insertions(+) >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt >> b/Documentation/admin-guide/kernel-parameters.txt >> index 03a550630644..1013104f0943 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -4185,6 +4185,11 @@ Kernel parameters >> For details see: >> >> Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst >> >> + modrestrict=<bool> >> + Control the restriction of module auto-loading to >> + CAP_SYS_ADMIN. If no <bool> value is specified, this >> + is set to the value of CONFIG_MODULE_RESTRICT_AUTOLOAD. > > Doesn't this default to true if no bool value is specified? It only uses > the config if modrestrict is not passed to the kernel at all.
Right. Will adjust the description here. > >> <module>.async_probe[=<bool>] [KNL] >> If no <bool> value is specified or if the value >> specified is not a valid <bool>, enable asynchronous >> diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig >> index 43b1bb01fd27..c9e01bb848c0 100644 >> --- a/kernel/module/Kconfig >> +++ b/kernel/module/Kconfig >> @@ -337,6 +337,21 @@ config MODULE_SIG_HASH >> >> endif # MODULE_SIG || IMA_APPRAISE_MODSIG >> >> +config MODULE_RESTRICT_AUTOLOAD >> + bool "Restrict module auto-loading to privileged users" >> + default n > > You don't need to specify default n here. > > Also, I think you can just squash the two patches. There's no benefit > in splitting the config/documentation into a separate patch. Alright, will squash them in v2. Best, Michal
