Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] 5000 useless Kernel modules? (Read 956 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] 5000 useless Kernel modules?

Hello guys. I've recently dived into kernel security topics and i found that the linux kernel has some not needed modules. After i blacklisted  some of them (creating some files in /etc/modprobe.d/blacklist.conf)...with install <module> /bin/true)  i've landed on arch repositories and saw that for linux-hardened my current kernel there are about 5472 modules that comes along with the kernel. After running lsmod i get only about ~120 modules running. What's the proper way to get rid of those unnecessary modules 5472-120=5352 (for my system). Is there a way to blacklist the rest of 5352 modules using some kind of automation or i have to build my own custom kernel without those "Zombie" modules?

P.S. i've counted all those modules by copying all package contents and searching exclusively for .ko extension and resulted an incredible amount of modules that simply are a waste of space

Re: 5000 useless Kernel modules?

Reply #3
Ok thanks for the answers guys @strajder & @Ambie  the hard way looks like it's always the best way. :'(

Re: [SOLVED] 5000 useless Kernel modules?

Reply #4
Got one more question. When blacklisting the hard way with /bin/true in modprobe.d folder, each module has to have a separate .conf file or it's enough only one .conf file where we can add all blacklisted modules?

Re: [SOLVED] 5000 useless Kernel modules?

Reply #5
from the gentoo wiki(link):
Quote
Blacklist

To avoid a module from loading, add it by name to a file in /etc/modprobe.d/ and precede each module name with the blacklist keyword:
FILE /etc/modprobe.d/blacklist.conf

Code: [Select]
blacklist uhci_hcd
blacklist nvidia

More information on module blacklisting via /etc/modprobe.d/ can be found by reading the modprobe.d(5) man page:
user $man 5 modprobe.d
So I guess you can put them all in one .conf file.
as always, correct me if I'm wrong ;)

Re: [SOLVED] 5000 useless Kernel modules?

Reply #6
Quote from: Surf3r – on
Got one more question. When blacklisting the hard way with /bin/true in modprobe.d folder, each module has to have a separate .conf file or it's enough only one .conf file where we can add all blacklisted modules?
As is usual with .conf files, that is up to you and your way of organizing them. I tend to group directives having to do with the same concept into a dedicated file, for example, here's how I organize the .conf files having to do with nvidia/nouveau:

/etc/modprobe.d/blacklist-nvidia.conf
Code: [Select]
blacklist nvidia_modeset
blacklist nvidia_drm
blacklist nvidia

and /etc/modprobe.d/blacklist-nouveau.conf.inactive:
Code: [Select]
blacklist nouveau

Since they are mutually exclusive, I keep them in two files and add .inactive to the end of the one which is inactive at the moment. I can then easily do:
Code: [Select]
mv /etc/modprobe.d/blacklist-nouveau.conf{.inactive,}
mv /etc/modprobe.d/blacklist-nvidia.conf{,.inactive}
if I wish to switch them.

Read man 5 modprobe.d for more information.
 

Re: [SOLVED] 5000 useless Kernel modules?

Reply #7
Ok got it so i can write just only one .conf file. Think this is also important as small files with only 1 line are handled rather difficult by the os compared to a bigger file. I prefer to disable the module with /bin/true rather than with blacklist but still heard that disable them from bios is even better. Thanks for the answers guys much appreciated  :)