Documentation
¶
Overview ¶
Package kmod implements a backend which loads kernel modules on behalf of interfaces.
Interfaces may request kernel modules to be loaded by providing snippets via their respective "*Snippet" methods for interfaces.SecurityKMod security system. The snippet should contain a newline-separated list of requested kernel modules. The KMod backend stores all the modules needed by given snap in /etc/modules-load.d/snap.<snapname>.conf file ensuring they are loaded when the system boots and also loads these modules via modprobe. If a snap is uninstalled or respective interface gets disconnected, the corresponding /etc/modules-load.d/ config file gets removed, however no kernel modules are unloaded. This is by design.
Note: this mechanism should not be confused with kernel-module-interface; kmod only loads a well-defined list of modules provided by interface definition and doesn't grant any special permissions related to kernel modules to snaps, in contrast to kernel-module-interface.
Index ¶
- type Backend
- func (b *Backend) Initialize(opts *interfaces.SecurityBackendOptions) error
- func (b *Backend) Name() interfaces.SecuritySystem
- func (b *Backend) NewSpecification() interfaces.Specification
- func (b *Backend) Remove(snapName string) error
- func (b *Backend) SandboxFeatures() []string
- func (b *Backend) Setup(snapInfo *snap.Info, confinement interfaces.ConfinementOptions, ...) error
- type Specification
- func (spec *Specification) AddConnectedPlug(iface interfaces.Interface, plug *interfaces.ConnectedPlug, ...) error
- func (spec *Specification) AddConnectedSlot(iface interfaces.Interface, plug *interfaces.ConnectedPlug, ...) error
- func (spec *Specification) AddModule(module string) error
- func (spec *Specification) AddPermanentPlug(iface interfaces.Interface, plug *snap.PlugInfo) error
- func (spec *Specification) AddPermanentSlot(iface interfaces.Interface, slot *snap.SlotInfo) error
- func (spec *Specification) Modules() map[string]bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Backend ¶
type Backend struct {
// contains filtered or unexported fields
}
Backend is responsible for maintaining kernel modules
func (*Backend) Initialize ¶
func (b *Backend) Initialize(opts *interfaces.SecurityBackendOptions) error
Initialize does nothing.
func (*Backend) Name ¶
func (b *Backend) Name() interfaces.SecuritySystem
Name returns the name of the backend.
func (*Backend) NewSpecification ¶
func (b *Backend) NewSpecification() interfaces.Specification
func (*Backend) Remove ¶
Remove removes modules config file specific to a given snap.
This method should be called after removing a snap.
If the method fails it should be re-tried (with a sensible strategy) by the caller.
func (*Backend) SandboxFeatures ¶
SandboxFeatures returns the list of features supported by snapd for loading kernel modules.
func (*Backend) Setup ¶
func (b *Backend) Setup(snapInfo *snap.Info, confinement interfaces.ConfinementOptions, repo *interfaces.Repository, tm timings.Measurer) error
Setup creates a conf file with list of kernel modules required by given snap, writes it in /etc/modules-load.d/ directory and immediately loads the modules using /sbin/modprobe. The devMode is ignored.
If the method fails it should be re-tried (with a sensible strategy) by the caller.
type Specification ¶
type Specification struct {
// contains filtered or unexported fields
}
Specification assists in collecting kernel modules associated with an interface.
Unlike the Backend itself (which is stateless and non-persistent) this type holds internal state that is used by the kmod backend during the interface setup process.
func (*Specification) AddConnectedPlug ¶
func (spec *Specification) AddConnectedPlug(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error
AddConnectedPlug records kmod-specific side-effects of having a connected plug.
func (*Specification) AddConnectedSlot ¶
func (spec *Specification) AddConnectedSlot(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error
AddConnectedSlot records mount-specific side-effects of having a connected slot.
func (*Specification) AddModule ¶
func (spec *Specification) AddModule(module string) error
AddModule adds a kernel module, trimming spaces and ignoring duplicated modules.
func (*Specification) AddPermanentPlug ¶
func (spec *Specification) AddPermanentPlug(iface interfaces.Interface, plug *snap.PlugInfo) error
AddPermanentPlug records mount-specific side-effects of having a plug.
func (*Specification) AddPermanentSlot ¶
func (spec *Specification) AddPermanentSlot(iface interfaces.Interface, slot *snap.SlotInfo) error
AddPermanentSlot records mount-specific side-effects of having a slot.
func (*Specification) Modules ¶
func (spec *Specification) Modules() map[string]bool
Modules returns a copy of the kernel module names added.
Source Files