4

install hfs /bin/true

in /etc/modprobe.d/hfs.conf supposedly disables hfs

Why? Seems backwards.

Lacek
  • 6,585
  • 22
  • 28
wirelessben
  • 47
  • 1
  • 5
  • 1
    Did you read this somewhere? On the Internet? Please show where you found it. – Michael Hampton Jun 16 '20 at 23:21
  • @michael-hampton https://www.cyberciti.biz/faq/linux-disable-mounting-of-uncommon-filesystem/ is the main one, but not the only one. Wikipedia suggests primitives are a way to disable also: https://en.wikipedia.org/wiki/Modprobe – wirelessben Jun 17 '20 at 12:32
  • OK, that's pretty stupid. You should just `blacklist` a module you don't want. You shouldn't do things that confuse people when there is a clear and straightforward way of doing it. – Michael Hampton Jun 17 '20 at 17:15
  • @michael-hampton Agreed. Thank you. – wirelessben Jun 17 '20 at 17:38
  • 2
    Please note that blacklisting is very weak. User space has to OPT IN to respect the blacklist by passing -b to modprobe. Without -b switch, modprobe will ignore the blacklist. Using install hfs /bin/true is actually the stronger way to do it. It's very counter intuitive. – Vlatko Šurlan Aug 11 '21 at 09:43

1 Answers1

6

According to the modprobe.d(5) man page:

install modulename command...

This is the most powerful primitive: it tells modprobe to run your command instead of inserting the module in the kernel as normal.

So you are basically saying the kernel "Hey, if you ever want to insert the hfs module, just run /bin/true instead of the command you would have run. It will insert and configure the module, honest."

Lacek
  • 6,585
  • 22
  • 28
  • Thank you, sir. This beats the find command for least intuitive semantic design. Wouldn't /bin/false better tell the _user_, "Hey, you tried to use hfs, and that's just not what we do here. So we say false, did not complete, unsuccessful." – wirelessben Jun 17 '20 at 13:03
  • 1
    It might be better to tell the _user_ what is going on here, however, it is a poor choice to tell _the kernel_ about it. Since `/bin/false` is always unsuccessful, modprobe would always think that loading the module has failed. It should be also noted that this approach is is kind of a hack: you could simply write `blacklist hfs` in the config, which would disable the module, and is straightforward. – Lacek Jun 17 '20 at 13:14
  • That is the right way to do this. Thank you. I'll switch to the blacklist method, which should be blocklist very soon to not offend people of color. BLM – wirelessben Jun 17 '20 at 17:38
  • 1
    Per Redhat, this only disables loading on boot. It doesn't prevent intentionally using insmod or modprobe to load a module, or from loading a module through a dependency. So you also have to add "install hfs /bin/false" to the config to disable these use cases. Ref: https://access.redhat.com/solutions/41278#rhel7only – wirelessben Jun 18 '20 at 15:46