Re: [gentoo-user] Managing my kernel
Dan Farrell wrote: On Tue, 15 May 2007 12:33:22 +1200 Mark Kirkwood [EMAIL PROTECTED] wrote: A friend of mine does this for his production servers: 1/ builds the known needed things into the kernel 2/ disables loadable modules completely This is probably not suitable for some use cases...(new raid card ...ooops... redo kernel), but if you are deploying to known hardware it is ok. Cheers Mark But Why? What's the benefit? If the code isn't being used, it isn't going to slow down the kernel is it? And the size of the kernel is irrelevant in my opinion -- the kernel is far from the predominant memory consumer on even a slow system. I think it's more likely that you'll have a problem with your kernel configuration than your kernel performance, and modules are the only way to add kernel support without rebooting. Furthermore, kernel modules have their own benefits -- increased run-time configuration, for example (as opposed to a boot parameter). No, I agree with volker: everything needed for booting: in kernel everything needed all the time: in kernel everything that needs a good kicking once in a while (usb, sound): modules everything that needs parameters: modules everything that is not needed all the time: module that way, you can also build modules on-the-fly to suit your needs and then compile them into the kernel, if desired, the next time you rebuild it. FWIW for my own Gentoo systems I've just used genkernel, as its so convenient - so I've probably ended up effectively doing volker's recipe too Cheers Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs them. - Grant well, from my point of view: everything needed for booting: in kernel everything needed all the time: in kernel everything that needs a good kicking once in a while (usb, sound): modules everything that needs parameters: modules everything that is not needed all the time: module So you don't leave anything unbuilt? Is there any real disadvantage to that as long as you modularize as much as possible? It sounds delightfully simple to go that route. That would be a really portable kernel too. - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Tuesday 15 May 2007 03:57, Dan Farrell wrote: On Tue, 15 May 2007 12:33:22 +1200 Mark Kirkwood [EMAIL PROTECTED] wrote: 1/ builds the known needed things into the kernel 2/ disables loadable modules completely But Why? What's the benefit? Well, disabling loadable modules is generally considered to be good for the purpose of hardening your system. For example, some rootkits use LKMs, and removing loadable modules support might help to prevent such attacks. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Tue, 15 May 2007 09:21:17 +0200 Etaoin Shrdlu [EMAIL PROTECTED] wrote: On Tuesday 15 May 2007 03:57, Dan Farrell wrote: On Tue, 15 May 2007 12:33:22 +1200 Mark Kirkwood [EMAIL PROTECTED] wrote: 1/ builds the known needed things into the kernel 2/ disables loadable modules completely But Why? What's the benefit? Well, disabling loadable modules is generally considered to be good for the purpose of hardening your system. For example, some rootkits use LKMs, and removing loadable modules support might help to prevent such attacks. Interesting, thanks. I'd never heard of LKM rootkits, although the concept is I suppose a good one, as far as defeating security goes. I must say I'm not going to start worrying about it, but point taken -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Tuesday 15 May 2007, Dan Farrell [EMAIL PROTECTED] wrote about 'Re: [gentoo-user] Managing my kernel': On Tue, 15 May 2007 09:21:17 +0200 Etaoin Shrdlu [EMAIL PROTECTED] wrote: On Tuesday 15 May 2007 03:57, Dan Farrell wrote: On Tue, 15 May 2007 12:33:22 +1200 Mark Kirkwood [EMAIL PROTECTED] wrote: 2/ disables loadable modules completely But Why? What's the benefit? [S]ome rootkits use LKMs, and removing loadable modules support might help to prevent such attacks. I'd never heard of LKM rootkits, although the concept is I suppose a good one, as far as defeating security goes. I must say I'm not going to start worrying about it, but point taken The (GPL'd) rootkit I was able to look at didn't even use LKMs, it simply patched the kernel live via /proc/kcore. The version I saw probably wouldn't work anymore, but LKMs aren't the only way a rootkit can take hold. -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/ signature.asc Description: This is a digitally signed message part.
[gentoo-user] Managing my kernel
I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs them. - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Montag, 14. Mai 2007, Grant wrote: I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs them. - Grant well, from my point of view: everything needed for booting: in kernel everything needed all the time: in kernel everything that needs a good kicking once in a while (usb, sound): modules everything that needs parameters: modules everything that is not needed all the time: module -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
Grant wrote: I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs them. - Grant I always build everything in the kernel. The only module I have is the nvidia driver. Looks like this: [EMAIL PROTECTED] / # lsmod Module Size Used by nvidia 4550612 12 [EMAIL PROTECTED] / # I have not had any trouble kernel wise in a long time. I guess it is just a matter of preference. Dale :-) :-) :-) -- www.myspace.com/-remove-me-dalek1967 Copy n paste then remove the -remove-me- part. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Mon, 14 May 2007 18:09:37 +0200 Hemmann, Volker Armin [EMAIL PROTECTED] wrote: On Montag, 14. Mai 2007, Grant wrote: I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs them. - Grant well, from my point of view: everything needed for booting: in kernel everything needed all the time: in kernel everything that needs a good kicking once in a while (usb, sound): modules everything that needs parameters: modules everything that is not needed all the time: module I would really add: everything not needed at all: out! Kernel build time is also an issue - I don't wanna be watching those messages floating around the screen forever. Of course, inheriting the .config is a must, though it can lead to problems if you ain't too much one of the Changelog-reading-guys. Otherwise I'll just agree with Volker, though I keep USB in-kernel on my laptop as it is very important to me. Gentoo is actually all about keeping all of the stuff as minimal as possible ;) Regards, Aleks -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Tue, 15 May 2007 00:37:57 +0200, Aleksandar L. Dimitrov wrote: Gentoo is actually all about keeping all of the stuff as minimal as possible ;) Gentoo is all about doing what you want, not what other people think you should do. It doesn't matter whether you want all modules, all in-kernel, every module built or a compromise, it's up to you. -- Neil Bothwick ... Taglines: and How They Affect Women. Next On Oprah. signature.asc Description: PGP signature
Re: [gentoo-user] Managing my kernel
On Mon, 14 May 2007 22:16:04 +0100 Neil Bothwick [EMAIL PROTECTED] wrote: On Tue, 15 May 2007 00:37:57 +0200, Aleksandar L. Dimitrov wrote: Gentoo is actually all about keeping all of the stuff as minimal as possible ;) Gentoo is all about doing what you want, not what other people think you should do. It doesn't matter whether you want all modules, all in-kernel, every module built or a compromise, it's up to you. Well, OK, I should probably add a 'for me' next time. Still, the guy asked about opinions - and my opinion I gave. Nothing more: In my opinion keeping stuff simple and slim on the kernel side means reliability and performance. This is an opinion formed by the (admittedly limited) experience I got so far. Regards, Aleks -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
Grant wrote: I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs A friend of mine does this for his production servers: 1/ builds the known needed things into the kernel 2/ disables loadable modules completely This is probably not suitable for some use cases...(new raid card ...ooops... redo kernel), but if you are deploying to known hardware it is ok. Cheers Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Managing my kernel
On Tue, 15 May 2007 12:33:22 +1200 Mark Kirkwood [EMAIL PROTECTED] wrote: Grant wrote: I've been puzzling a bit lately over the best way to manage my kernel. I've always tried to keep it as minimal as possible, and I only enable things as I need them. I also don't build modules from the kernel at all. Is there a better way to go? I'm starting to think it might be better to build every single module and let the system load them as it needs A friend of mine does this for his production servers: 1/ builds the known needed things into the kernel 2/ disables loadable modules completely This is probably not suitable for some use cases...(new raid card ...ooops... redo kernel), but if you are deploying to known hardware it is ok. Cheers Mark But Why? What's the benefit? If the code isn't being used, it isn't going to slow down the kernel is it? And the size of the kernel is irrelevant in my opinion -- the kernel is far from the predominant memory consumer on even a slow system. I think it's more likely that you'll have a problem with your kernel configuration than your kernel performance, and modules are the only way to add kernel support without rebooting. Furthermore, kernel modules have their own benefits -- increased run-time configuration, for example (as opposed to a boot parameter). No, I agree with volker: everything needed for booting: in kernel everything needed all the time: in kernel everything that needs a good kicking once in a while (usb, sound): modules everything that needs parameters: modules everything that is not needed all the time: module that way, you can also build modules on-the-fly to suit your needs and then compile them into the kernel, if desired, the next time you rebuild it. -- [EMAIL PROTECTED] mailing list