Search

Appendix E. Preventing kernel modules from loading automatically

download PDF

You can prevent a kernel module from being loaded automatically, whether the module is loaded directly, loaded as a dependency from another module, or during the boot process.

Procedure

  1. The module name must be added to a configuration file for the modprobe utility. This file must reside in the configuration directory /etc/modprobe.d.

    For more information on this configuration directory, see the man page modprobe.d.

  2. Ensure the module is not configured to get loaded in any of the following:

    • /etc/modprobe.conf
    • /etc/modprobe.d/*
    • /etc/rc.modules
    • /etc/sysconfig/modules/*
    # modprobe --showconfig <_configuration_file_name_>
  3. If the module appears in the output, ensure it is ignored and not loaded:

    # modprobe --ignore-install <_module_name_>
  4. Unload the module from the running system, if it is loaded:

    # modprobe -r <_module_name_>
  5. Prevent the module from being loaded directly by adding the blacklist line to a configuration file specific to the system - for example /etc/modprobe.d/local-dontload.conf:

    # echo "blacklist <_module_name_> >> /etc/modprobe.d/local-dontload.conf
    Note

    This step does not prevent a module from loading if it is a required or an optional dependency of another module.

  6. Prevent optional modules from being loading on demand:

    # echo "install <_module_name_>/bin/false" >> /etc/modprobe.d/local-dontload.conf
    Important

    If the excluded module is required for other hardware, excluding it might cause unexpected side effects.

  7. Make a backup copy of your initramfs:

    # cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak
  8. If the kernel module is part of the initramfs, rebuild your initial ramdisk image, omitting the module:

    # dracut --omit-drivers <_module_name_> -f
  9. Get the current kernel command line parameters:

    # grub2-editenv - list | grep kernelopts
  10. Append <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_> to the generated output:

    # grub2-editenv - set kernelopts="<> <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"

    For example:

    # grub2-editenv - set kernelopts="root=/dev/mapper/rhel_example-root ro crashkernel=auto resume=/dev/mapper/rhel_example-swap rd.lvm.lv=rhel_example/root rd.lvm.lv=rhel_example/swap <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"
  11. Make a backup copy of the kdump initramfs:

    # cp /boot/initramfs-$(uname -r)kdump.img /boot/initramfs-$(uname -r)kdump.img.$(date +%m-%d-%H%M%S).bak
  12. Append rd.driver.blacklist=<_module_name_> to the KDUMP_COMMANDLINE_APPEND setting in /etc/sysconfig/kdump to omit it from the kdump initramfs:

    # sed -i '/^KDUMP_COMMANDLINE_APPEND=/s/"$/ rd.driver.blacklist=module_name"/' /etc/sysconfig/kdump
  13. Restart the kdump service to pick up the changes to the kdump initrd:

      # kdumpctl restart
  14. Rebuild the kdump initial ramdisk image:

      # mkdumprd -f /boot/initramfs-$(uname -r)kdump.img
  15. Reboot the system.

E.1. Removing a module temporarily

You can remove a module temporarily.

Procedure

  1. Run modprobe to remove any currently-loaded module:

    # modprobe -r <module name>
  2. If the module cannot be unloaded, a process or another module might still be using the module. If so, terminate the process and run the modpole command written above another time to unload the module.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.