Package: molly-guard
Version: 0.8.5
Severity: wishlist
Dear Maintainer,
== Summary ==
I wrote a molly-guard script to prevent reboot/halt when the current
/initrd.img does not contain some configured kernel modules.
The modules to check can be configured in the script.
Would you please consider adding the attached script to the molly-
guard package as an example in /usr/share/doc/molly-guard/examples?
== Why I wrote this script ==
I am using "ZFS on root" on Debian, which means that GRUB directly
boots from a ZFS filesystem. I don't have any non-ZFS filesystems on
my systems (apart from /boot/efi which needs to be FAT).
Because of the license situation regarding ZFS, the kernel modules
cannot directly be provided by Debian and thus need to be compiled
locally using DKMS.
Very infrequently something can go wrong during either the compilation
of the modules or the subsequent inclusion of the kernel modules into
the initrd.¹ This will then make the system unbootable, which I will
only find out on the next boot.
To prevent the modules from missing on boot, I have written the
attached molly-guard run script to check the latest /initrd.img for
the expected modules. If they are not present, a reboot or halt will
be prevented.
== Why I think this is useful for others ==
The module(s) to check can be easily edited in the script, so this
should be adaptable to other scenarios apart from ZFS on root, eg.
vital kernel modules for network or storage hardware.
I was encouraged to submit the script as a whishlist bug during a
discussion on Usenet, so here I am.
Kind regards
Christian
PS: Thanks for this package!
It has saved me multiple times from shutting down the wrong server
(which happens more often than broken ZFS modules nowadays ;-)
-- System Information:
Debian Release: 13.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.utf-8, LC_CTYPE=de_DE.utf-8 (charmap=UTF-8),
LANGUAGE=de_DE.utf-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages molly-guard depends on:
ii procps 2:4.0.4-9
molly-guard recommends no packages.
molly-guard suggests no packages.
-- no debconf information
#!/bin/sh
#
# check-modules - prevent rebooting if a given module
# does not exist in the current initrd
#
# Copyright © 2026 Christian Garbs <[email protected]>
# Released under the terms of the Artistic Licence 2.0
#
# To use this script:
# 1. copy it to eg. /etc/molly-guard/run.d/50-check-modules
# 2. make it executable (chmod +x)
# 3. edit EXPECTED_MODULES to your needs
#
# The example configuration of EXPECTED_MODULES is tailored to check
# the presence of the required filesystem modules for booting directly
# from ZFS (aka "ZFS on root").
#
set -eu
# these modules are expected
EXPECTED_MODULES="spl zfs"
# just hardcode the symlinked initrd
# instead of calculating the current one in /boot
INITRD=/initrd.img
# prepare tempfile
tempfile=$(mktemp)
trap "rm '$tempfile'" EXIT
# scan the initrd
lsinitramfs "$INITRD" > "$tempfile"
# check the result
for module in $EXPECTED_MODULES; do
if ! grep -qE -- "/$module\.ko(\.xz)?$" "$tempfile"; then
# refuse the command if module was not found
echo "$INITRD does not contain expected module $module" >&2
echo "refusing to $MOLLYGUARD_CMD" >&2
exit 1
fi
done
# no problems, execute the command
exit 0
