Hi, I am referring to the last kernel update for CentOS 5 http://lists.centos.org/pipermail/centos-announce/2012-April/018578.html
Upstream details tell me that if I dont want to reboot into the new kernel I could blacklist the xfrm6_tunnel module.
How do I test that the blacklist of a module works?
Markus Falb wrote:
Hi, I am referring to the last kernel update for CentOS 5 http://lists.centos.org/pipermail/centos-announce/2012-April/018578.html
Upstream details tell me that if I dont want to reboot into the new kernel I could blacklist the xfrm6_tunnel module.
How do I test that the blacklist of a module works?
Why not just edit the default in /boot/grub/grub.conf?
mark
On 20.4.2012 16:06, m.roth@5-cent.us wrote:
Markus Falb wrote:
Hi, I am referring to the last kernel update for CentOS 5 http://lists.centos.org/pipermail/centos-announce/2012-April/018578.html
Upstream details tell me that if I dont want to reboot into the new kernel I could blacklist the xfrm6_tunnel module.
How do I test that the blacklist of a module works?
Why not just edit the default in /boot/grub/grub.conf?
When I reboot I want to boot the new kernel, but until I want to reboot I don't want the xfrm6_tunnel module to load. I gave the link to the CentOS announce and there you can find a reference to https://rhn.redhat.com/errata/RHSA-2012-0480.html and maybe it helps to read that to understand what I mean.
Basically, when a security issue is fixed in a module you can either reboot the new kernel or you blacklist the module in modprobe's config (of course you can only do that if you dont use the module).
My question is quite academic, though. I could trust that modprobe's blacklist mechanism is working, but as always, I'm curious. RedHat says I can put a 'blacklist xfrm6_tunnel' in modprobe's config but I dont know how to verify that this is working. Yes, I am of the suspicious kind.
-
m.roth@5-cent.us -
Markus Falb