kmod

package
v0.0.0-...-25a8614 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2021 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package kmod implements a backend which loads kernel modules on behalf of interfaces.

Interfaces may request kernel modules to be loaded by providing snippets via their respective "*Snippet" methods for interfaces.SecurityKMod security system. The snippet should contain a newline-separated list of requested kernel modules. The KMod backend stores all the modules needed by given snap in /etc/modules-load.d/snap.<snapname>.conf file ensuring they are loaded when the system boots and also loads these modules via modprobe. If a snap is uninstalled or respective interface gets disconnected, the corresponding /etc/modules-load.d/ config file gets removed, however no kernel modules are unloaded. This is by design.

Note: this mechanism should not be confused with kernel-module-interface; kmod only loads a well-defined list of modules provided by interface definition and doesn't grant any special permissions related to kernel modules to snaps, in contrast to kernel-module-interface.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Backend

type Backend struct {
	// contains filtered or unexported fields
}

Backend is responsible for maintaining kernel modules

func (*Backend) Initialize

func (b *Backend) Initialize(opts *interfaces.SecurityBackendOptions) error

Initialize does nothing.

func (*Backend) Name

func (b *Backend) Name() interfaces.SecuritySystem

Name returns the name of the backend.

func (*Backend) NewSpecification

func (b *Backend) NewSpecification() interfaces.Specification

func (*Backend) Remove

func (b *Backend) Remove(snapName string) error

Remove removes modules config file specific to a given snap.

This method should be called after removing a snap.

If the method fails it should be re-tried (with a sensible strategy) by the caller.

func (*Backend) SandboxFeatures

func (b *Backend) SandboxFeatures() []string

SandboxFeatures returns the list of features supported by snapd for loading kernel modules.

func (*Backend) Setup

func (b *Backend) Setup(snapInfo *snap.Info, confinement interfaces.ConfinementOptions, repo *interfaces.Repository, tm timings.Measurer) error

Setup creates a conf file with list of kernel modules required by given snap, writes it in /etc/modules-load.d/ directory and immediately loads the modules using /sbin/modprobe. The devMode is ignored.

If the method fails it should be re-tried (with a sensible strategy) by the caller.

type Specification

type Specification struct {
	// contains filtered or unexported fields
}

Specification assists in collecting kernel modules associated with an interface.

Unlike the Backend itself (which is stateless and non-persistent) this type holds internal state that is used by the kmod backend during the interface setup process.

func (*Specification) AddConnectedPlug

func (spec *Specification) AddConnectedPlug(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error

AddConnectedPlug records kmod-specific side-effects of having a connected plug.

func (*Specification) AddConnectedSlot

func (spec *Specification) AddConnectedSlot(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error

AddConnectedSlot records mount-specific side-effects of having a connected slot.

func (*Specification) AddModule

func (spec *Specification) AddModule(module string) error

AddModule adds a kernel module, trimming spaces and ignoring duplicated modules.

func (*Specification) AddPermanentPlug

func (spec *Specification) AddPermanentPlug(iface interfaces.Interface, plug *snap.PlugInfo) error

AddPermanentPlug records mount-specific side-effects of having a plug.

func (*Specification) AddPermanentSlot

func (spec *Specification) AddPermanentSlot(iface interfaces.Interface, slot *snap.SlotInfo) error

AddPermanentSlot records mount-specific side-effects of having a slot.

func (*Specification) Modules

func (spec *Specification) Modules() map[string]bool

Modules returns a copy of the kernel module names added.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL