| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jul 2012 11:47:43 +0200 (CEST) From: Jiri Kosina <jkosina@...e.cz> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Dave Jones <davej@...hat.com>, Greg Kroah-Hartman <greg@...ah.com>, Ubuntu Kernel Team <kernel-team@...ts.ubuntu.com>, Debian Kernel Team <debian-kernel@...ts.debian.org>, OpenSUSE Kernel Team <opensuse-kernel@...nsuse.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [RFC] Simplifying kernel configuration for distro issues On Fri, 13 Jul 2012, Linus Torvalds wrote: > So this has long been one of my pet configuration peeves: as a user I > am perfectly happy answering the questions about what kinds of > hardware I want the kernel to support (I kind of know that), but many > of the "support infrastructure" questions are very opaque, and I have > no idea which of the them any particular distribution actually depends > on. > > And it tends to change over time. For example, F14 (iirc) started > using TMPFS and TMPFS_POSIX_ACL/XATTR for /dev. And starting in F16, > the initrd setup requires DEVTMPFS and DEVTMPFS_MOUNT. There's been > several times when I started with my old minimal config, and the > resulting kernel would boot, but something wouldn't quite work right, > and it can be very subtle indeed. > > Similarly, the distro ends up having very particular requirements for > exactly *which* security models it uses and needs, and they tend to > change over time. And now with systemd, CGROUPS suddenly aren't just > esoteric things that no normal person would want to use, but are used > for basic infrastructure. And I remember being surprised by OpenSUSE > suddenly needing the RAW table support for netfilter, because it had a > NOTRACK rule or something. > > The point I'm slowly getting to is that I would actually love to have > *distro* Kconfig-files, where the distribution would be able to say > "These are the minimums I *require* to work". So we'd have a "Distro" > submenu, where you could pick the distro(s) you use, and then pick > which release, and we'd have something like I agree that this would be very nice to have exactly for the reasons you have pointed out. [ ... snip ... ] > and then depending on the DISTRO config, we'd include one of the > distro-specific ones with lists of supported distro versions and then > the random config settings for that version: > > - distro/Kconfig.suse: > > config OPENSUSE_121 > select OPENSUSE_11 > select IP_NF_RAW # .. > > - distro/Kconfig.Fedora: > > config FEDORA_16 > select FEDORA_15 > select DEVTMPFS # F16 initrd needs this > select DEVTMPFS_MOUNT # .. and expects the kernel to mount > DEVTMPFS automatically > ... > > config FEDORA_17 > select FEDORA_16 > select CGROUP_xyzzy > ... > > and the point would be that it would make it much easier for a normal > user (and quite frankly, I want to put myself in that group too) to > make a kernel config that "just works". But we'll first have to make 'select' to actually work, right? It currently doesn't resolve the dependencies of the selected configs, so it will just produce some very broken config. -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists