In https://lore.kernel.org/lkml/CAHk-=wiv2glqkp6jfqyewl1uzgwnwek9fkwp3afzbcu2lv_...@mail.gmail.com/ Linus Torvalds said:
| I absolutely abhor even the concept of building the kernel as root, | and I think it should be actively disallowed. Our build system is | good, but it's good as in "clever and complex" rather than necessarily | good as in "very secure". | | So anybody who builds the kernel as root is doing something seriously | wrong, in my opinion. | | That's partly exactly _because_ we have a lot of magical and very | powerful build rules, and complicated implicit things going on. | | For example, our dependencies aren't even about just the files in the | kernel repository itself, we have clever things like "if the compiler | has been updated and features or version changes, we'll automatically | rebuild, because it's part of our clever build system checks". | | But that is also part of the reason why I absolutely do *not* want any | root-building to happen, because our build setup is simply way too | clever. | | If root builds stuff, you'll end up with root-owned generated | subdirectories or various config files etc, and even if you don't have | security issues, it can complicate the build later as a regular user. | | I've had the build occasionally fail in odd ways, because some | root-owned file was now no longer removable (usually it's the | auto-generated header files in the directory, and the root-generated | and owned directory is now not writable by the developer any more). | And every time it happens, I shudder. | | So all of that simply boils down to "root should not be running those | complex rules for our config and dependency magic". | | At the same time, "make install" obviously needs to be done as root. | | All of which is why I opine that "make install" should never build | anything at all, it should purely be used as a "install previously | built files". So, is it time to chown the kernel source in page 8.3 to lfs, su lfs and then for 'make modules_install' and the cp steps, 'as root, ...' and finally 'exit' to get back to root without being nested ? For the initial kernel, I usually do build as root unless I think I might need to post to lkml for reporting a problem. But that kernel source gets thrown away later. For upgrading a running system I always manually build as user 'ken', so apart from the aggravation of chown, su, ... su etc this will not affect what I do. It's just like, as in BLFS, encouraging good practice. Oh, and of course I don't run 'make install' for the kernel. ĸen -- With a few red lights, a few old bits, we made the place to sweat. No matter what we get out of this, I know, I know we'll never forget. Smoke on the water, a fire in the sky. Smoke, on the water. -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
