80-block-network 1.18 KB
Newer Older
1 2 3 4
#!/bin/sh

set -e

5
echo "Generating blocklist for all network devices"
6

7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
is_net_module() {
    # Here we assume that if any of the patterns below are matched, it
    # is a network driver. This is not comprehensive, but should be
    # enough for the staging directory (worst case we blacklist some
    # shitty non-network driver by mistake).
    /sbin/modinfo "${1}" | \
        grep -q --extended-regexp \
             -e "^depends:\s*(cfg|lib|mac)80211" \
             -e "^parm:\s*ifname:"
}

net_module_filter() {
    local path
    while read path; do
        if is_net_module "${path}"; then
            echo "${path}"
        fi
    done
}

generate_blocking_line() {
    local name
    local path
    while read path; do
        name="$(basename "${path}" .ko)"
        printf "install ${name} /bin/true\n"
    done
}

BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf

(
    find /lib/modules/*/kernel/drivers/net -name "*.ko" | \
        generate_blocking_line && \

    # Let's try to find the network drivers in the staging directory as well
    find /lib/modules/*/kernel/drivers/staging/ -name "*.ko" | \
        net_module_filter | \
        generate_blocking_line
) | sort -u > "${BLACKLIST}"