lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 28 Apr 2009 10:13:59 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	david@...g.hm
cc:	Tejun Heo <tj@...nel.org>, Dave Airlie <airlied@...il.com>,
	Ingo Molnar <mingo@...e.hu>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: kms in defconfig



On Tue, 28 Apr 2009, david@...g.hm wrote:
> 
> as a end-user creating my own configs, I use the defaults as a guide to
> understand when something moves from "we think it's a good idea" to "things
> really need this"

I'm not talking about the defaults in the Kconfig files themselves, I'm 
talking about the millions of "*_defconfig" files that have tons of random 
default values.

> there's a _lot_ of stuff that goes in that is useful only is some situations,
> and the help text frequently doesn't help understanding what's really needed
> vs what the author of that feature _thinks_ is really needed (containers are a
> perfect example, they aren't needed in 99% of current systems, but it's
> actually _hard_ to really disable them completely)

Oh, I agree that the help text is not sufficient, and having new Kconfig 
options have sane default values is good. 

> you mention starting from a distro config, but most distro configs have a
> _huge_ number of things enabled that aren't needed for any particular box.

I think starting from the distro config and then turning off all modules 
("sed s/=m/=n/") is a good way to start off. Then enable just the modules 
that are actually loaded.

Of course, you then need to be aware of the things you may want even if 
they're not connected right now (eg things like FAT support). And 
sometimes it's hard to map "module name" -> "config options that need to 
be enabled".

So yes, it would be good to automate it:

> If a tool was available to detect the hardware and create a config tailored
> for the box, this use for a default config would go away

Yeah, I've wished for that.

Although I personally don't find that the actual hardware to be the 
biggest issue (since there are usually just a few options for that, and 
they are mostly not confusing). Instead, it's the issues about knowing 
which software components (netfilter, filesystems, auditing, POSIX ACL's) 
that you really want.

It tends to be easy to just enable them all, but if you want a nice 
efficient build, that's very much against the point.

So having some kind of (probably inevitably fairly complex) script that 
you could run to get a config would be good. The problem is that the 
script would need to be distributed with the kernel, yet it would often 
also have some nasty distro issues.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ