WingNews logo WingNews
top | item 13706991

(no title)

sdeziel | 9 years ago

root can undo that with echo /sbin/modprobe > /proc/sys/kernel/modprobe at any time so you are better off using:

echo 1 > /proc/sys/kernel/modules_disabled

discuss

order

geofft|9 years ago

If you're root, a local privilege escalation isn't going to get you any more privileges than you already have.

If you're root in a container, but not root on the outside system, you shouldn't be able to write to /proc/sys/kernel/modprobe, no?

sdeziel|9 years ago

I just wanted to mention that the path to modprobe is something reversible (containers aside) if the sysadmin wants autoloading. /proc/sys/kernel/modprobe is not writable from a container.

Disabling module loading is not reversible, you need to reboot.

sp332|9 years ago

Does this work in a container that shares a kernel with the host?

sdeziel|9 years ago

No, /proc/sys/kernel/{modules_disabled,modprobe} are not writable from a container. Tested with LXD on Ubuntu 16.04.