[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stuff that goes into GENERIC

To: Trevor Schroeder <tschroed@acm.org>
Subject: Re: stuff that goes into GENERIC
From: chuck <chuck@Yerkes.com>
Date: Fri, 4 Jun 1999 17:03:31 -0700
Cc: Matthew Patton <matthew.patton@ra.pae.osd.mil>, tech@openbsd.org
Mail-Followup-To: Trevor Schroeder <tschroed@acm.org>,Matthew Patton <matthew.patton@ra.pae.osd.mil>, tech@openbsd.org
References: <199906042300.RAA11342@openbsd.cs.colorado.edu> <199906042304.QAA13950@oscar.yerkes.com>

Clarification here:
One of my main hatreds of Solaris, esp as a 'secure' machine is that
there is no way to 'lock down' the kernel.  Indeed, Solaris 2.6 used
upto 180 files in it's boot; I know because I had a kernel 'go bad'
when some extra packages were removed and the on-site Sun support
guy couldn't figure out which of the files might have gone wrong.
Nice - a Win9x style reinstall.

I just want to emphasize that secure machines and dynamic kernels are,
to me, a contradiction.  No issue on most desktops, but my servers are
running kernels with LKM.

So for minor boots where security is not paramount (eg. from a floppy
during an install, or for a diskless boot that leading to a rebuild
(the PC version of "boot net" ala Athena), it'd be great to have
'optional' devices LKM.  (even in the latter cases, its usually
easy to build a kernel since you know the machine and it's devices.)

Quoting Trevor Schroeder (tschroed@acm.org):
> On Fri, 4 Jun 1999, Trevor Schroeder wrote:
> 
> > On Fri, 4 Jun 1999, chuck wrote:
> > 
> > > kernel, then perhaps a different one is in order, perhaps with extra
> > > devices loaded as LKMs.  I could certainly see a kernel for initial
> > 
> > There's something:  is there a way to split out kernel functionality into
> > loadable modules (ie, similar to Linux)?
> 
> Hmmmm... I hate to be the lamer that follows up his own message, but the
> original was maybe not very clear.  What I mean to say, is there a way to
> take traditionally monolithic kernel items (such as KMEMSTATS or IPSEC) and
> instead compile them into LKMs?  Like you can when you select portions of
> the Linux kernel to compile as modules.  I would really like to have
> KMEMSTATS available if I wanted, but otherwise unload them without having
> to reboot to a different kernel.
> .......................................................................
> : "Welcome to NSA's Web Server!"                   : Trevor Schroeder :
> :                     -- National Security Agency  : tschroed@acm.org : 
> :........... http://www.zweknu.org/ for PGP key and more .............:

References:
- Re: stuff that goes into GENERIC
  - From: Trevor Schroeder <tschroed@acm.org>

Prev by Date: Re: stuff that goes into GENERIC
Next by Date: Re: nsyslogd?
Prev by thread: Re: stuff that goes into GENERIC
Next by thread: RE: stuff that goes into GENERIC
Index(es):
- Date
- Thread