80-block-network 1.18 KB
Newer Older
1 2 3 4
#!/bin/sh

set -e

5
echo "Generating blocklist for all network devices"
6

7 8
is_net_module() {
    # Here we assume that if any of the patterns below are matched, it
intrigeri's avatar
intrigeri committed
9
    # is a network driver. This is not comprehensive, but should be
10 11 12 13 14 15 16 17 18 19 20 21
    # enough for the staging directory (worst case we blacklist some
    # shitty non-network driver by mistake).
    /sbin/modinfo "${1}" | \
        grep -q --extended-regexp \
             -e "^depends:\s*(cfg|lib|mac)80211" \
             -e "^parm:\s*ifname:"
}

net_module_filter() {
    local path
    while read path; do
        if is_net_module "${path}"; then
22
            echo "${path}"
23 24 25 26
        fi
    done
}

27 28 29 30
generate_blocking_line() {
    local name
    local path
    while read path; do
anonym's avatar
anonym committed
31
        name="$(basename "${path}" .ko)"
32 33 34 35
        printf "install ${name} /bin/true\n"
    done
}

36 37
BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf

38 39 40 41
(
    find /lib/modules/*/kernel/drivers/net -name "*.ko" | \
        generate_blocking_line && \

intrigeri's avatar
intrigeri committed
42
    # Let's try to find the network drivers in the staging directory as well
43 44 45 46
    find /lib/modules/*/kernel/drivers/staging/ -name "*.ko" | \
        net_module_filter | \
        generate_blocking_line
) | sort -u > "${BLACKLIST}"