cli: check modules and permissions before loading a module

Before loading a module, the check subcommand should check if it's available, check if the module is not bult-in and the current user can load it. fixes kata-containers#3085 Signed-off-by: Julio Montes <julio.montes@intel.com>
devimc · Nov 19, 2020 · 6b312a6 · 6b312a6
1 parent 9e2df4e
commit 6b312a6
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/cli/kata-check.go b/cli/kata-check.go
@@ -134,17 +134,33 @@ func getCPUFlags(cpuinfo string) string {
 // haveKernelModule returns true if the specified module exists
 // (either loaded or available to be loaded)
 func haveKernelModule(module string) bool {
+	kmodLog := kataLog.WithField("module", module)
+
 	// First, check to see if the module is already loaded
 	path := filepath.Join(sysModuleDir, module)
 	if katautils.FileExists(path) {
 		return true
 	}
 
+	// Kernel module can be built-in, check /lib/modules/x.x.x before
+	// trying to load the module
+	cmd := exec.Command(modProbeCmd, "-R", module)
+	if output, err := cmd.CombinedOutput(); err != nil {
+		kmodLog.WithError(err).Warnf("Module can not be inserted: %s. Is it built-in?", string(output))
+		return true
+	}
+
+	// Only root can load modules
+	if os.Getuid() != 0 {
+		kmodLog.Warn("Module is not loaded and it can not be inserted. Please consider running with sudo or as a root")
+		return false
+	}
+
 	// Now, check if the module is unloaded, but available.
 	// And modprobe it if so.
-	cmd := exec.Command(modProbeCmd, module)
+	cmd = exec.Command(modProbeCmd, module)
 	if output, err := cmd.CombinedOutput(); err != nil {
-		kataLog.WithField("module", module).WithError(err).Warnf("modprobe insert module failed: %s", string(output))
+		kmodLog.WithError(err).Warnf("modprobe insert module failed: %s", string(output))
 		return false
 	}
 	return true