On 20.4.2012 16:06, m.roth at 5-cent.us wrote: > Markus Falb wrote: >> Hi, >> I am referring to the last kernel update for CentOS 5 >> http://lists.centos.org/pipermail/centos-announce/2012-April/018578.html >> >> Upstream details tell me that if I dont want to reboot into the new >> kernel I could blacklist the xfrm6_tunnel module. >> >> How do I test that the blacklist of a module works? > > Why not just edit the default in /boot/grub/grub.conf? When I reboot I want to boot the new kernel, but until I want to reboot I don't want the xfrm6_tunnel module to load. I gave the link to the CentOS announce and there you can find a reference to https://rhn.redhat.com/errata/RHSA-2012-0480.html and maybe it helps to read that to understand what I mean. Basically, when a security issue is fixed in a module you can either reboot the new kernel or you blacklist the module in modprobe's config (of course you can only do that if you dont use the module). My question is quite academic, though. I could trust that modprobe's blacklist mechanism is working, but as always, I'm curious. RedHat says I can put a 'blacklist xfrm6_tunnel' in modprobe's config but I dont know how to verify that this is working. Yes, I am of the suspicious kind. -- Kind Regards, Markus Falb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 307 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120420/994f72f6/attachment-0005.sig>