Appendix E. Preventing kernel modules from loading automatically

Procedure

1. The module name must be added to a configuration file for the modprobe utility. This file must reside in the configuration directory /etc/modprobe.d.

   For more information on this configuration directory, see the man page modprobe.d.

2. Ensure the module is not configured to get loaded in any of the following:

   • /etc/modprobe.conf
   • /etc/modprobe.d/*
   • /etc/rc.modules
   • /etc/sysconfig/modules/*

   # modprobe --showconfig <_configuration_file_name_>

   Copy to Clipboard Toggle word wrap

3. If the module appears in the output, ensure it is ignored and not loaded:

   # modprobe --ignore-install <_module_name_>

   Copy to Clipboard Toggle word wrap

4. Unload the module from the running system, if it is loaded:

   # modprobe -r <_module_name_>

   Copy to Clipboard Toggle word wrap

5. Prevent the module from being loaded directly by adding the blacklist line to a configuration file specific to the system - for example /etc/modprobe.d/local-dontload.conf:

   # echo "blacklist <_module_name_> >> /etc/modprobe.d/local-dontload.conf

   Copy to Clipboard Toggle word wrap
   Note

   This step does not prevent a module from loading if it is a required or an optional dependency of another module.

6. Prevent optional modules from being loading on demand:

   # echo "install <_module_name_>/bin/false" >> /etc/modprobe.d/local-dontload.conf

   Copy to Clipboard Toggle word wrap
   Important

   If the excluded module is required for other hardware, excluding it might cause unexpected side effects.

7. Make a backup copy of your initramfs:

   # cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak

   Copy to Clipboard Toggle word wrap

8. If the kernel module is part of the initramfs, rebuild your initial ramdisk image, omitting the module:

   # dracut --omit-drivers <_module_name_> -f

   Copy to Clipboard Toggle word wrap

9. Get the current kernel command line parameters:

   # grub2-editenv - list | grep kernelopts

   Copy to Clipboard Toggle word wrap

10. Append <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_> to the generated output:

    # grub2-editenv - set kernelopts="<> <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"

    Copy to Clipboard Toggle word wrap

    For example:

    # grub2-editenv - set kernelopts="root=/dev/mapper/rhel_example-root ro crashkernel=auto resume=/dev/mapper/rhel_example-swap rd.lvm.lv=rhel_example/root rd.lvm.lv=rhel_example/swap <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"

    Copy to Clipboard Toggle word wrap

11. Make a backup copy of the kdump initramfs:

    # cp /boot/initramfs-$(uname -r)kdump.img /boot/initramfs-$(uname -r)kdump.img.$(date +%m-%d-%H%M%S).bak

    Copy to Clipboard Toggle word wrap

12. Append rd.driver.blacklist=<_module_name_> to the KDUMP_COMMANDLINE_APPEND setting in /etc/sysconfig/kdump to omit it from the kdump initramfs:

    # sed -i '/^KDUMP_COMMANDLINE_APPEND=/s/"$/ rd.driver.blacklist=module_name"/' /etc/sysconfig/kdump

    Copy to Clipboard Toggle word wrap

13. Restart the kdump service to pick up the changes to the kdump initrd:

      # kdumpctl restart

    Copy to Clipboard Toggle word wrap

14. Rebuild the kdump initial ramdisk image:

      # mkdumprd -f /boot/initramfs-$(uname -r)kdump.img

    Copy to Clipboard Toggle word wrap
15. Reboot the system.