← Back to context

Comment by comfydragon

18 hours ago

It's a loadable module:

    CONFIG_CRYPTO_USER_API_AEAD=m

Using bpftrace to watch calls to module_request, openat, etc., it looks like when the kernel calls modprobe, it doesn't even look at the disable-algif.conf file:

    [module_request] pid=3648 comm=python name=algif-aead
    [umh_setup] pid=3648 comm=python path=/sbin/modprobe argv0=/sbin/modprobe argv1=-q argv2=-- argv3=algif-aead argv4=
    [openat] pid=3688 file=/etc/ld.so.cache
    [openat] pid=3688 file=/lib/liblzma.so.5
    [openat] pid=3688 file=/lib/libz.so.1
    [openat] pid=3688 file=/lib/libgcc_s.so.1
    [openat] pid=3688 file=/lib/libc.so.6
    [openat] pid=3688 file=/etc/modprobe.d
    [openat] pid=3688 file=/lib/modprobe.d
    [openat] pid=3688 file=/lib/modprobe.d/dist-blacklist.conf
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.softdep
    [openat] pid=3688 file=/lib/modprobe.d/systemd.conf
    [openat] pid=3688 file=/etc/modprobe.d/usb.conf
    [openat] pid=3688 file=/proc/cmdline
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.dep.bin
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.alias.bin..
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.symbols.b..
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.builtin.a..
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/modules.builtin.b..
    [openat] pid=3688 file=/sys/module/algif_aead/initstate
    [openat] pid=3688 file=/sys/module/af_alg/initstate
    [openat] pid=3688 file=/sys/module/algif_aead/initstate
    [openat] pid=3688 file=/lib/modules/6.6.87.2-microsoft-standard-WSL2/kernel/crypto/alg..
    [finit_module] pid=3688 comm=modprobe fd=0 flags=0
    [module_load] pid=3688 comm=modprobe name=algif_aead

Restart WSL2, run the bpftrace, and try `sudo modprobe algif-aead`, and that shows it looking at (or I guess opening) other files in /etc/modprobe.d, including the new one.

The mystery is why.

1 comment

comfydragon

Reply
dezgeg  14 hours ago

In wsl, each distro you have runs in a container (with lot of permissions), you'd need to apply the modprobe change inside wsl "hypervisor" rootfs