Linux - Modules

Last Updated: 2023-02-05

The word "Module" can mean different things in Linux.

Linux Kernel Modules (LKM)

A Linux kernel module is a piece of compiled binary code that is inserted directly into the Linux kernel, running at ring 0, the lowest and least protected ring of execution in the x86–64 processor.

  • can load / unload on the fly using modprobe (no need to reboot); often used for devices, file systems, system calls, etc.
  • kernel module suffix: .ko (Kernel Object).
  • location: /lib/modules or /usr/lib/modules/.
  • use lsmod to list installed modules, or check /proc/modules;
  • use modinfo XXX to list the attributes of a Kernel module.
  • examples: firmware and device drivers.

Linux differ from macOS and Windows: it includes drivers at the kernel level.


  • Install: $ insmod <module> (does not resolve dependencies) or $ modprobe <module> (more powerful than insmod)
  • Remove: $ rmmod <module>
  • List: $ lsmod
  • Rebuild module dependancy database using /lib/modules/$(uname -r)/modules.dep: $ depmod -a
  • Info: $ modinfo /path/to/module.ko
  • List all available modules: ls -R /lib/modules/$(uname -r)

Linux Security Modules (LSM)

Linux Security Modules (LSM) are NOT loadable kernel modules. They are selectable at build-time via CONFIG_DEFAULT_SECURITY and can be overridden at boot-time.

Examples: SELinux (Redhat), AppArmor (Ubuntu).


SELinux: an implementation of Mandatory Access Control (MAC)

As contrasted to the standard Unix model of Discretionary Access Control (DAC).

SELinux comes installed by default on Red Hat distributions.

To check your SELinux mode, run sestatus and check the output. For example:

$ sestatus
SELinux status:                 disabled

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing

Mode from config file:          error (Success)
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28


  • Multi-Level Security (MLS)
  • Multi-Category Security (MCS)

Permissive vs Enforcing Mode:

  • Permissive Mode: SELinux will log access control infringements but will not enforce them
  • Enforcing Mode: enforce!


Ubuntu Server's Mandatory Access Control (MAC) system. Equivelant to Redhat's SELinux.

Linux Pluggable Authentication Modules (PAM)

pam - Pluggable Authentication Modules for Linux.

PAM configuration files are stored in /etc/pam.