[CentOS] modprobe blacklist

Fri Apr 20 15:43:36 UTC 2012
Markus Falb <markus.falb at fasel.at>

On 20.4.2012 16:06, m.roth at 5-cent.us wrote:
> Markus Falb wrote:
>> Hi,
>> I am referring to the last kernel update for CentOS 5
>> http://lists.centos.org/pipermail/centos-announce/2012-April/018578.html
>>
>> Upstream details tell me that if I dont want to reboot into the new
>> kernel I could blacklist the xfrm6_tunnel module.
>>
>> How do I test that the blacklist of a module works?
> 
> Why not just edit the default in /boot/grub/grub.conf?

When I reboot I want to boot the new kernel, but until I want to reboot
I don't want the xfrm6_tunnel module to load.
I gave the link to the CentOS announce and there you can find a
reference to https://rhn.redhat.com/errata/RHSA-2012-0480.html and maybe
it helps to read that to understand what I mean.

Basically, when a security issue is fixed in a module you can either
reboot the new kernel or you blacklist the module in modprobe's config
(of course you can only do that if you dont use the module).

My question is quite academic, though. I could trust that modprobe's
blacklist mechanism is working, but as always, I'm curious. RedHat says
I can put a 'blacklist xfrm6_tunnel' in modprobe's config but I dont
know how to verify that this is working. Yes, I am of the suspicious kind.
-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120420/994f72f6/attachment-0005.sig>