| We never generate fragments in /run for modutils to utilize, so disable that |
| logic entirely. This avoids random exploits where tools can write to the /run |
| path and then trigger module loading via other means (which runs as root). |
| |
| https://crbug.com/780039 |
| |
| --- a/libkmod/libkmod.c |
| +++ b/libkmod/libkmod.c |
| @@ -62,7 +62,6 @@ static struct _index_files { |
| |
| static const char *default_config_paths[] = { |
| SYSCONFDIR "/modprobe.d", |
| - "/run/modprobe.d", |
| "/lib/modprobe.d", |
| NULL |
| }; |
| --- a/tools/depmod.c |
| +++ b/tools/depmod.c |
| @@ -49,7 +49,6 @@ static int verbose = DEFAULT_VERBOSE; |
| |
| static const char CFG_BUILTIN_KEY[] = "built-in"; |
| static const char *default_cfg_paths[] = { |
| - "/run/depmod.d", |
| SYSCONFDIR "/depmod.d", |
| "/lib/depmod.d", |
| NULL |