The kernel-module-load interface

kernel-module-load provides the ability to load, or deny loading, specific kernel modules. This interface gives privileged access to the device.

See also the kernel-module-control interface for inserting, removing and querying kernel modules.

ⓘ This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.


Developer details

Auto-connect: no
Super-privileged: yes

Attributes:

  • name (plug, required): provides the name of the kernel module to be loaded (eg, ‘name: pcspkr’)
  • load (plug): string to declare when, or whether, to load this module. Values can be one of the following:
    • on-boot (default): loads the kernel module at boot time (eg. load: on-boot)
    • denied: prevents the module from being loaded at all (eg. load: denied). Also known as denylisting in the Linux kernel.
  • options (plug): string of options to use when loading the module (eg, options: p1=3 p2=true p3)

In addition to the name attribute being required, either options or load must also be specified.

Consumers of this interface require a snap declaration for distribution via the Snap Store.

Requires snapd version 2.54+.

Code examples

The following is an example snippet for an application snap to load the module foo with options param=2, and to deny loading the module bar:

plugs:
  load-foo:
    interface: kernel-module-load
    modules:
    - name: foo
      options: param=2
  deny-bar:
    interface: kernel-module-load
    modules:
    - name: bar
      load: denied

The load-foo foo kernel module can be more verbosely by declared with the load attribute, resulting in the same behaviour:

plugs:
  load-foo:
    interface: kernel-module-load
    modules:
    - name: foo
      load: on-boot
      options: param=2

The test code can be found in the snapd repository: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/kernel_module_load.go

The source code for the interface is in the snapd repository:https://github.com/snapcore/snapd/blob/master/interfaces/builtin/kernel_module_load_test.go

I’m curious as to how this interface requires snapd 2.54+ when, according to the docs, the current stable version of snapd is 2.53.

Well, snapd 2.54 is hopefully imminent as it’s currently in the snapd candidate, beta and edge channels.

1 Like

snapd 2.54 is in the candidate channel and should start the phasing to stable channel next week

Hi I tried this interface with the example format, but seems not works and snap complains:

iotuc@ubuntu:~$ sudo snap connect my-snap-name:deny-internal-rtc :kernel-module-load
error: cannot perform the following tasks:
- Connect my-snap-name:deny-internal-rtc to snapd:kernel-module-load (cannot connect plug "deny-internal-rtc" of snap "my-snap-name": kernel-module-load "modules" attribute must be a list of dictionaries)

Here is the defination:

plugs:
  deny-internal-rtc:
    interface: kernel-module-load
    name:  rtc_snvs
    load: denied

But below definition is ok:

plugs:
  deny-internal-rtc:
    interface: kernel-module-load
    modules:
    - name: rtc_snvs
      load: denied

Hi! Sorry for this discrepancy making it into the doc, and you’re absolutely right - I just checked with the test code, and it’s as your definition describes. I’ve updated the text to reflect this. Thanks for letting us know!

Hi Degville,

Cool, thanks for your feedback.

I also fixed the first example, it seems only the second example was updated

1 Like