1.The kernel notices that a requested feature is not resident in the kernel.
2.The kernel executes the modprobe program to load a module that fits this symbolic description.
3.modprobe looks into its internal alias translation table to see if there is a match. This translation table is configured by alias lines in /etc/modprobe.conf.
4.modprobe then inserts the modules that the kernel needs. The modules are configured according to options specified in /etc/modprobef.conf.
By default, the SLES system does not automatically remove kernel modules that have not been used for a period of time. The SLES system does, however, provide a mechanism by which an administrator can periodically unload unused modules.
Each module automatically linked into the kernel has the MOD_AUTOCLEAN flag set in the flags field of the module object set. The administrator can set up a cron job to periodically execute rmmod
Only root administrator can modify the /etc/modprobe.conf file, allowing the administrator complete control over which modules can be loaded, and with what configuration options. In the kernel, the
sys_create_module() (for manual load operation) and sys_init_module() (called by modprobe
during automatic load operation) module load functions are protected by a process uid check of 0. Thus, only a privileged process can initiate the loading of modules in the kernel.
5.7.1Linux Security Module framework
The Linux kernel (from 2.6 onwards) provides a general kernel framework to support security modules. In particular, the Linux Security Module (LSM) framework provides the infrastructure to support access control modules.
The LSM kernel patch adds security fields to kernel data structures, and inserts calls to hook functions at critical points in the kernel code to manage the security fields and to perform access control. It also adds functions for registering and unregistering security modules, and adds a general security system call to support new system calls for
147
