LoadPin old-api-denied

Martin Townsend mtownsend1973 at gmail.com
Fri Mar 29 17:26:57 UTC 2019


I'm seeing the following message when trying to load some backported
kernel modules:
Mar 29 16:24:09 mach-cw-rnet-ppm-1840 kernel: LoadPin: kernel-module
old-api-denied obj=<unknown> pid=340 cmdline="modprobe compat"

I have other kernel modules that were built out of tree and these load
fine, the only difference I can see is that they are loaded via

I've read through the loadpin docs and it states that it will only
allow modules that are from the main root filesystem and that
filesystem is read-only.  I've checked and both of these are true for
the failing module.  I've read through the source code and there's a
comment above the code path that loadpin is taking where the file
pointer is NULL.
/* This handles the older init_module API that has a NULL file. */
if (!file) {

I'm not 100% sure what this means, but could it be that
modprobe/insmod are using this older init_module API? if so how can I
get around this, I need to manually insert these modules at an
appropriate time during boot?

Any help greatly appreciated,


More information about the Linux-security-module-archive mailing list