Appendix G. Preventing kernel modules from loading automatically

You can prevent a kernel module from being loaded automatically, whether the module is loaded directly, loaded as a dependency from another module, or during the boot process.

Procedure

  1. The module name must be added to a configuration file for the modprobe utility. This file must reside in the configuration directory /etc/modprobe.d.

    For more information on this configuration directory, see the man page modprobe.d.

  2. Ensure the module is not configured to get loaded in any of the following:

    • /etc/modprobe.conf
    • /etc/modprobe.d/*
    • /etc/rc.modules
    • /etc/sysconfig/modules/*
    # modprobe --showconfig <_configuration_file_name_>
  3. If the module appears in the output, ensure it is ignored and not loaded:

    # modprobe --ignore-install <_module_name_>
  4. Unload the module from the running system, if it is loaded:

    # modprobe -r <_module_name_>
  5. Prevent the module from being loaded directly by adding the blacklist line to a configuration file specific to the system - for example /etc/modprobe.d/local-dontload.conf:

    # echo "blacklist <_module_name_> >> /etc/modprobe.d/local-dontload.conf
    Note

    This step does not prevent a module from loading if it is a required or an optional dependency of another module.

  6. Prevent optional modules from being loading on demand:

    # echo "install <_module_name_>/bin/false" >> /etc/modprobe.d/local-dontload.conf
    Important

    If the excluded module is required for other hardware, excluding it might cause unexpected side effects.

  7. Make a backup copy of your initramfs:

    # cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak
  8. If the kernel module is part of the initramfs, rebuild your initial ramdisk image, omitting the module:

    # dracut --omit-drivers <_module_name_> -f
  9. Get the current kernel command line parameters:

    # grub2-editenv - list | grep kernelopts
  10. Append <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_> to the generated output:

    # grub2-editenv - set kernelopts="<> <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"

    For example:

    # grub2-editenv - set kernelopts="root=/dev/mapper/rhel_example-root ro crashkernel=auto resume=/dev/mapper/rhel_example-swap rd.lvm.lv=rhel_example/root rd.lvm.lv=rhel_example/swap <_module_name_>.blacklist=1 rd.driver.blacklist=<_module_name_>"
  11. Make a backup copy of the kdump initramfs:

    # cp /boot/initramfs-$(uname -r)kdump.img /boot/initramfs-$(uname -r)kdump.img.$(date +%m-%d-%H%M%S).bak
  12. Append rd.driver.blacklist=<_module_name_> to the KDUMP_COMMANDLINE_APPEND setting in /etc/sysconfig/kdump to omit it from the kdump initramfs:

    # sed -i '/^KDUMP_COMMANDLINE_APPEND=/s/"$/ rd.driver.blacklist=module_name"/' /etc/sysconfig/kdump
  13. Restart the kdump service to pick up the changes to the kdump initrd:

      # kdumpctl restart
  14. Rebuild the kdump initial ramdisk image:

      # mkdumprd -f /boot/initramfs-$(uname -r)kdump.img
  15. Reboot the system.

G.1. Removing a module temporarily

You can remove a module temporarily.

Procedure

  1. Run modprobe to remove any currently-loaded module:

    # modprobe -r <module name>
  2. If the module cannot be unloaded, a process or another module might still be using the module. If so, terminate the process and run the modpole command written above another time to unload the module.