The kernel-module-load interface

ijohnson · January 12, 2022, 11:01pm

kernel-module-load provides the ability to load, or deny loading, specific kernel modules. This interface gives privileged access to the device.

See also the kernel-module-control interface for inserting, removing and querying kernel modules.

ⓘ This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.

Developer details

Auto-connect: no
Super-privileged: yes

Attributes:

name (plug, required): provides the name of the kernel module to be loaded (eg, ‘name: pcspkr’)
load (plug): string to declare when, or whether, to load this module. Values can be one of the following:
- on-boot (default): loads the kernel module at boot time (eg. load: on-boot)
- denied: prevents the module from being loaded at all (eg. load: denied). Also known as denylisting in the Linux kernel.
options (plug): string of options to use when loading the module (eg, options: p1=3 p2=true p3)

In addition to the name attribute being required, either options or load must also be specified.

Consumers of this interface require a snap declaration for distribution via the Snap Store.

Requires snapd version 2.54+.

Code examples

The following is an example snippet for an application snap to load the module foo with options param=2, and to deny loading the module bar:

plugs:
  load-foo:
    interface: kernel-module-load
    modules:
    - name: foo
      options: param=2
  deny-bar:
    interface: kernel-module-load
    modules:
    - name: bar
      load: denied

The load-foo foo kernel module can be more verbosely by declared with the load attribute, resulting in the same behaviour:

plugs:
  load-foo:
    interface: kernel-module-load
    modules:
    - name: foo
      load: on-boot
      options: param=2

The test code can be found in the snapd repository: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/kernel_module_load.go

The source code for the interface is in the snapd repository:https://github.com/snapcore/snapd/blob/master/interfaces/builtin/kernel_module_load_test.go

rpjday · January 14, 2022, 10:53am

I’m curious as to how this interface requires snapd 2.54+ when, according to the docs, the current stable version of snapd is 2.53.

degville · January 14, 2022, 11:22am

Well, snapd 2.54 is hopefully imminent as it’s currently in the snapd candidate, beta and edge channels.

ijohnson · January 17, 2022, 3:34pm

snapd 2.54 is in the candidate channel and should start the phasing to stable channel next week

hugh712 · February 24, 2022, 7:53am

Hi I tried this interface with the example format, but seems not works and snap complains:

iotuc@ubuntu:~$ sudo snap connect my-snap-name:deny-internal-rtc :kernel-module-load
error: cannot perform the following tasks:
- Connect my-snap-name:deny-internal-rtc to snapd:kernel-module-load (cannot connect plug "deny-internal-rtc" of snap "my-snap-name": kernel-module-load "modules" attribute must be a list of dictionaries)

Here is the defination:

plugs:
  deny-internal-rtc:
    interface: kernel-module-load
    name:  rtc_snvs
    load: denied

But below definition is ok:

plugs:
  deny-internal-rtc:
    interface: kernel-module-load
    modules:
    - name: rtc_snvs
      load: denied

degville · February 25, 2022, 9:36am

Hi! Sorry for this discrepancy making it into the doc, and you’re absolutely right - I just checked with the test code, and it’s as your definition describes. I’ve updated the text to reflect this. Thanks for letting us know!

hugh712 · February 25, 2022, 10:10am

Hi Degville,

Cool, thanks for your feedback.

ijohnson · March 1, 2022, 12:48pm

I also fixed the first example, it seems only the second example was updated

dilyn · February 27, 2024, 3:17am

The load: dynamic option is not documented.

See this snippet; this commit describes approximately what the option does.