From 70f198d78e6dc7bc8235a4ec112dbb3d8131194e Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 26 Nov 2020 11:55:42 -0600 Subject: [PATCH] cli: check modules and permissions before loading a module Before loading a module, the check subcommand should check if the current user can load it. fixes #3085 Signed-off-by: Julio Montes --- src/runtime/cli/kata-check.go | 10 +++++++++- src/runtime/cli/kata-check_test.go | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/runtime/cli/kata-check.go b/src/runtime/cli/kata-check.go index 6b50e46fb..33e251786 100644 --- a/src/runtime/cli/kata-check.go +++ b/src/runtime/cli/kata-check.go @@ -134,17 +134,25 @@ func getCPUFlags(cpuinfo string) string { // haveKernelModule returns true if the specified module exists // (either loaded or available to be loaded) func haveKernelModule(module string) bool { + kmodLog := kataLog.WithField("module", module) + // First, check to see if the module is already loaded path := filepath.Join(sysModuleDir, module) if katautils.FileExists(path) { return true } + // Only root can load modules + if os.Getuid() != 0 { + kmodLog.Error("Module is not loaded and it can not be inserted. Please consider running with sudo or as root") + return false + } + // Now, check if the module is unloaded, but available. // And modprobe it if so. cmd := exec.Command(modProbeCmd, module) if output, err := cmd.CombinedOutput(); err != nil { - kataLog.WithField("module", module).WithError(err).Warnf("modprobe insert module failed: %s", string(output)) + kmodLog.WithError(err).WithField("output", string(output)).Warnf("modprobe insert module failed") return false } return true diff --git a/src/runtime/cli/kata-check_test.go b/src/runtime/cli/kata-check_test.go index 632b26a16..38e6ec62e 100644 --- a/src/runtime/cli/kata-check_test.go +++ b/src/runtime/cli/kata-check_test.go @@ -513,6 +513,10 @@ func TestCheckCheckCPUAttribs(t *testing.T) { } func TestCheckHaveKernelModule(t *testing.T) { + if tc.NotValid(ktu.NeedRoot()) { + t.Skip(testDisabledAsNonRoot) + } + assert := assert.New(t) dir, err := ioutil.TempDir("", "")