<![CDATA[Dev1 Galaxy Forum / Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?id=6703 Wed, 03 Jul 2024 12:09:00 +0000 FluxBB <![CDATA[Re: Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50898#p50898 Hello:

aluma wrote:

... apologize for the offtopic.

Not needed, it is related.

aluma wrote:

... recompile the kernel ...

I have thought about it more than once and will probably end up doing it down the road.
But not before I really need to do it to keep my box working properly.*

The main reason being that I have no plans to do any hardware upgrades in the foreseable future.
Save for maybe faster SAS HDDs along with a new SAS controller.
Or maybe replacing old monitors or needing a new PS with more than the stingy 540W this Sun Microsystems one puts out.

But that would be about it.

Thanks for your input.

Best,

A.

* seeing how things are going these days, before may well arrive sooner than later.

]]> Wed, 03 Jul 2024 12:09:00 +0000 https://dev1galaxy.org/viewtopic.php?pid=50898#p50898 <![CDATA[Re: Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50897#p50897 Hello:

GlennW wrote:

blacklist modules in /etc/modules.d/...

Yes, so do I.
I have a number of blacklisted modules, among them the infamous mei and mei_me (a separate one for each just in case) with these stanzas ...
install mei /bin/false
and
install mei_me /bin/false

... to prevent loading if another non-blacklisted module requests it.
ie: blacklists the module and any other that depends on it.

The result is this:

~$ sudo dmesg | grep -i error
--- snip ---
[   24.221918] udevd[427]: Error running install command '/bin/false' for module mei: retcode 1
--- snip ---
~$

I have also blacklisted appletalk, ax25, firewire_ohci, gpio_ich, i8042, lpc_ich, psmouse, tpm, watchdog and intel-microcode.

I'll have to look at your list in detail, thanks for the heads-up.

As usual, I've wandered off track.
Back to the OP modules.

Seeing that blacklisting was not working I went looking for the reason while wondering if they were not baked into the kernel.
And then I found this tidbit:

~$ cat /etc/modules-load.d/cups-filters.conf
# Parallel printer driver modules loading for cups
# LOAD_LP_MODULE was 'yes' in /etc/default/cups
lp
ppdev
parport_pc
~$

I remmed all entries and rebooted and as a result, CUPS would show the job as "Processing page 1..." and stay there, with the printer not printing anything, so I undid the editing in the cups-filters.conf, issued a reprint of the same job and things were back to normal again.

My printer is local so no network printing here, at least for now.
But I'll have to poke around and try to find out which of the modules loaded can be eliminated, if any at all.

Will post back when I find out.

Thanks for your input.

Best,

A.

]]> Wed, 03 Jul 2024 11:45:27 +0000 https://dev1galaxy.org/viewtopic.php?pid=50897#p50897 <![CDATA[Re: Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50892#p50892 I apologize for the offtopic.
All that remains is to take a radical step - recompile the kernel, leaving in it the code only for the necessary devices and services. smile

]]> Wed, 03 Jul 2024 02:19:34 +0000 https://dev1galaxy.org/viewtopic.php?pid=50892#p50892 <![CDATA[Re: Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50890#p50890 save editing my last post, but with more to add...

Another way to blacklist unwanted kernel modules

This was done as a step towards hardening this system.

/etc/modules

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
# Parameters can be specified after the module name.
install dccp /bin/false #    DCCP — Datagram Congestion Control Protocol
install sctp /bin/false #    SCTP — Stream Control Transmission Protocol
install rds /bin/false #    RDS — Reliable Datagram Sockets
install tipc /bin/false #    TIPC — Transparent Inter-process Communication
install n-hdlc /bin/false #    HDLC — High-Level Data Link Control
install ax25 /bin/false #    AX25 — Amateur X.25
install netrom /bin/false #    NetRom
install x25 /bin/false #    X25
install rose /bin/false #    ROSE
install decnet /bin/false #    DECnet
install econet /bin/false #    Econet
install af_802154 /bin/false #    af_802154 — IEEE 802.15.4
install ipx /bin/false #    IPX — Internetwork Packet Exchange
install appletalk /bin/false #    AppleTalk
install psnap /bin/false #    PSNAP — Subnetwork Access Protocol
install p8023 /bin/false #    p8023 — Novell raw IEEE 802.3
install p8022 /bin/false #    p8022 — IEEE 802.2
install can /bin/false #    CAN — Controller Area Network
install atm /bin/false #    ATM
install cramfs /bin/false
install freevxfs /bin/false
install jffs2 /bin/false
install hfs /bin/false
install hfsplus /bin/false
install squashfs /bin/false
install udf /bin/false
install cifs /bin/false
install nfs /bin/false
install nfsv3 /bin/false
install nfsv4 /bin/false
install ksmbd /bin/false
install gfs2 /bin/false
install vivid /bin/false
install firewire-core /bin/false
install thunderbolt /bin/false

I hope this helps you.

]]> Tue, 02 Jul 2024 23:01:58 +0000 https://dev1galaxy.org/viewtopic.php?pid=50890#p50890 <![CDATA[Re: Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50889#p50889 Hi, I blacklist modules in /etc/modules.d/...

like lp

/etc/modules.d/LP-blacklist

# The LP module is seup for network printers, so we block it by default.
blacklist lp

you may also blacklist by adding it to your /etc/default/grub file line GRUB_CMDLINE_LINUX_DEFAULT= (and running "update-grub" before rebooting)

/etc/default/grub

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# GlennsPref 20230920 ipv6
# GlennsPref 20240209 hardening-tips

GRUB_DEFAULT=0
GRUB_TIMEOUT=4
GRUB_DISTRIBUTOR=`lsb_release -i -s`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty12 vga=794 modeset.nouveau=0 nokmsboot ipv6.disable=1 security=none selinux=0 apparmor=0 amd_iommu=on usbcore.autosuspend=-1"

# discover other os's
GRUB_DISABLE_OS_PROBER=false

GRUB_GFXMODE=1920x1080

GRUB_INIT_TUNE="400 440 1"
# resume=uuid errors... noresume "we don't susspend"
GRUB_CMDLINE_LINUX="noresume idle=nomwait"

GRUB_THEME=/usr/share/desktop-base/grub-themes/desktop-grub-theme/theme.txt

I am not sure which is most efficient.

]]> Tue, 02 Jul 2024 22:55:00 +0000 https://dev1galaxy.org/viewtopic.php?pid=50889#p50889 <![CDATA[Blacklisting unused driver modules]]> https://dev1galaxy.org/viewtopic.php?pid=50880#p50880 Hello:

My newly upgraded Daedalus installation loads a couple of modules I don't need: 

~$ sudo dmesg
--- snip ---
[   26.714355] lp: driver loaded but no devices found
[   26.722412] ppdev: user-space parallel port driver
--- snip ---
~$ lsmod | grep "lp\|parport\|pdev"  
parport_pc             40960  0
ppdev                  24576  0
lp                     20480  0
parport                73728  3 parport_pc,lp,ppdev
--- snip ---

My Samsung M2020W printer is USB and uses the usbcore module:

~$ sudo dmesg
--- snip ---
[   24.245461] usblp 6-5:1.0: usblp1: USB Bidirectional printer dev 4 if 0 alt 0 proto 2 vid 0x04E8 pid 0x3321
[   24.245834] usbcore: registered new interface driver usblp
~$
--- snip ---

Although I do have an onboard serial 8250/16550 port in my box (which I use every so often), there is no on-board parallel port in the mb.
So it seems a good idea to avoid loading it at boot time.

It seems there are two posible ways to do this:
One would be the parport=0 kernel command line, which I expect nip the whole process in-the-bud or alternatively, blacklisting the module.

Am I correct in assuming that the kernel command line option is the most efficient way?

Thanks in advance.

Best,

A.

]]> Tue, 02 Jul 2024 12:35:47 +0000 https://dev1galaxy.org/viewtopic.php?pid=50880#p50880