LoadPin old-api-denied

Martin Townsend mtownsend1973 at gmail.com
Fri Mar 29 18:01:10 UTC 2019

On Fri, Mar 29, 2019 at 5:26 PM Martin Townsend <mtownsend1973 at gmail.com> wrote:
> Hi,
> I'm seeing the following message when trying to load some backported
> kernel modules:
> Mar 29 16:24:09 mach-cw-rnet-ppm-1840 kernel: LoadPin: kernel-module
> old-api-denied obj=<unknown> pid=340 cmdline="modprobe compat"
> I have other kernel modules that were built out of tree and these load
> fine, the only difference I can see is that they are loaded via
> /etc/modules-load.d
> I've read through the loadpin docs and it states that it will only
> allow modules that are from the main root filesystem and that
> filesystem is read-only.  I've checked and both of these are true for
> the failing module.  I've read through the source code and there's a
> comment above the code path that loadpin is taking where the file
> pointer is NULL.
> /* This handles the older init_module API that has a NULL file. */
> if (!file) {
> I'm not 100% sure what this means, but could it be that
> modprobe/insmod are using this older init_module API? if so how can I
> get around this, I need to manually insert these modules at an
> appropriate time during boot?
> Any help greatly appreciated,
> Martin.

After sending this I then found this post:

So I think I need to write some C code to use finit_module so I will try this.

More information about the Linux-security-module-archive mailing list