| 1 |
On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht <nsebrecht@×××××.fr> wrote: |
| 2 |
> The 21/02/14, hasufell wrote: |
| 3 |
> |
| 4 |
>> So you are saying compiling a minimal kernel to minimize exposure to |
| 5 |
>> subsystem bugs is only obscurity? (I really wonder what Greg would say |
| 6 |
>> to this) |
| 7 |
> |
| 8 |
> Developers made the kernel to rely on modules. Distributions relies on |
| 9 |
> them. Since they are almost always loaded on demand, Gentoo does not |
| 10 |
> make things better in this area, either. |
| 11 |
> |
| 12 |
> -- |
| 13 |
> Nicolas Sebrecht |
| 14 |
> |
| 15 |
|
| 16 |
Actually, they're loaded on demand when they: |
| 17 |
a) Are enabled (the kernel doesn't rely on modules, it offers them for |
| 18 |
versatility, though some user space code does rely on them, i.e. |
| 19 |
virtualbox, a few drivers for X, etc) |
| 20 |
b) Are built for that particular kernel |
| 21 |
c) That kernel has all the dependencies in place to support them |
| 22 |
d) The tools to load them exist in user space |
| 23 |
e) They're not specifically blacklisted in user space (assuming a |
| 24 |
loading mechanism that honors that) |
| 25 |
|
| 26 |
Unless it's changed when I wasn't looking, it's entirely possible to |
| 27 |
build a kernel with module loading disabled entirely and restrict the |
| 28 |
set of code to be run in kernel space to an explicitly defined series |
| 29 |
of kernel options. I say "when I wasn't looking" because I use modules |
| 30 |
to trim down how much of iptables is constantly loaded on my router |
| 31 |
for rules there I don't use and the only other places I have Gentoo |
| 32 |
are my multitude of laptops, where the versatility of building and |
| 33 |
loading a module to test out yet another toy someone has on hand |
| 34 |
around me, without a reboot in many cases, is incredibly handy. |
| 35 |
|
| 36 |
-- |
| 37 |
Poison [BLX] |
| 38 |
Joshua M. Murphy |
Archives