Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Nov 2019 16:45:00 +0000
From: Patrick Schleizer <adrelanos@...eup.net>
To: lkrg-users@...ts.openwall.com
Subject: module loading / systemd bug report / suggestion

# systemd unit install script

scripts/bootup/systemd/lkrg-systemd.sh does not work out of the box for
me in Debian 10 / buster.

user@...ian-buster-standalone:~/lkrg-0.7$ systemctl show -p UnitPath |
cut -d " " -f5
/run/systemd/system

user@...ian-buster-standalone:~/lkrg-0.7$ sudo systemctl show -p
UnitPath | cut -d " " -f5
/run/systemd/system

Location /run/systemd/system is non-persistent. Hence, this won't work
after reboot.

sudo systemctl --no-pager show -p UnitPath
UnitPath=/etc/systemd/system.control /run/systemd/system.control
/run/systemd/transient /etc/systemd/system /run/systemd/system
/run/systemd/generator /lib/systemd/system /run/systemd/generator.late

What however did work for me what the following:

sudo cp scripts/bootup/systemd/lkrg.service /lib/systemd/system/
sudo systemctl daemon-reload
sudo sysetmctl enable lkrg.service
sudo systemctl start lkrg.service

# module loading

Another approach would be to not use a systemd unit file but instead
system'd /usr/lib/modules-load.d mechanism.

A drop-in configuration file snippet in folder /usr/lib/modules-load.d
i.e. /usr/lib/modules-load.d/p_lkrg with contents:
p_lkrg

Works for me on Debian 10, buster. I think that way the module gets
loaded even earlier, which should be even better.

I am considering to use that mechanism for the Debian packaging that I
am planning. Unless there is a reason not to use this approach.

# module unloading

scripts/bootup/systemd/lkrg.service uses "ExecStop=/sbin/rmmod p_lkrg".
Why unload the kernel module at shutdown? Perhaps malware could
specifically target to run after that moment? Any reason to unload?
Could just keep the module?

# install section

[Install]
WantedBy=multi-user.target

I am not sure that should be WantedBy=sysinit.target.

Kind regards,
Patrick

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.