Building custom kernel modules

Create a writable overlay

The kernel modules directory /lib/modules is read-only on Container Linux. A writable overlay can be mounted over it to allow installing new modules.

modules=/opt/modules  # Adjust this writable storage location as needed.
sudo mkdir -p "$modules" "$modules.wd"
sudo mount \
    -o "lowerdir=/lib/modules,upperdir=$modules,workdir=$modules.wd" \
    -t overlay overlay /lib/modules

The following systemd unit can be written to /etc/systemd/system/lib-modules.mount.

Description=Custom Kernel Modules



Enable the unit so this overlay is mounted automatically on boot.

sudo systemctl enable lib-modules.mount

Prepare a CoreOS Container Linux development container

Read system configuration files to determine the URL of the development container that corresponds to the current Container Linux version.

. /usr/share/coreos/release
. /usr/share/coreos/update.conf
. /etc/coreos/update.conf  # This might not exist.

Download, decompress, and verify the development container image.

gpg2 --recv-keys 48F9B96A2E16137F  # Fetch the buildbot key if neccesary.
curl -L "$url" |
    tee >(bzip2 -d > coreos_developer_container.bin) |
    gpg2 --verify <(curl -Ls "$url.sig") -

Start the development container with the host's writable modules directory mounted into place.

sudo systemd-nspawn \
    --bind=/lib/modules \

Now, inside the container, fetch the Container Linux packages and check out the current version. The git checkout command might fail on the latest alpha, before its version is branched from master, so staying on the master branch is correct in that case.

. /usr/share/coreos/release
git -C /var/lib/portage/coreos-overlay checkout build-${COREOS_RELEASE_VERSION%%.*}

Still inside the container, download and prepare the Linux kernel source for building external modules.

emerge -gKv coreos-sources
gzip -cd /proc/config.gz > /usr/src/linux/.config
make -C /usr/src/linux modules_prepare

Build and install kernel modules

At this point, upstream projects' instructions for building their out-of-tree modules should work in the Container Linux development container. New kernel modules should be installed into /lib/modules, which is bind-mounted from the host, so they will be available on future boots without using the container again.

In case the installation step didn't update the module dependency files automatically, running the following command will ensure commands like modprobe function correctly with the new modules.

sudo depmod