1 |
On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht <nsebrecht@×××××.fr> wrote: |
2 |
> The 21/02/14, hasufell wrote: |
3 |
> |
4 |
>> So you are saying compiling a minimal kernel to minimize exposure to |
5 |
>> subsystem bugs is only obscurity? (I really wonder what Greg would say |
6 |
>> to this) |
7 |
> |
8 |
> Developers made the kernel to rely on modules. Distributions relies on |
9 |
> them. Since they are almost always loaded on demand, Gentoo does not |
10 |
> make things better in this area, either. |
11 |
> |
12 |
> -- |
13 |
> Nicolas Sebrecht |
14 |
> |
15 |
|
16 |
Actually, they're loaded on demand when they: |
17 |
a) Are enabled (the kernel doesn't rely on modules, it offers them for |
18 |
versatility, though some user space code does rely on them, i.e. |
19 |
virtualbox, a few drivers for X, etc) |
20 |
b) Are built for that particular kernel |
21 |
c) That kernel has all the dependencies in place to support them |
22 |
d) The tools to load them exist in user space |
23 |
e) They're not specifically blacklisted in user space (assuming a |
24 |
loading mechanism that honors that) |
25 |
|
26 |
Unless it's changed when I wasn't looking, it's entirely possible to |
27 |
build a kernel with module loading disabled entirely and restrict the |
28 |
set of code to be run in kernel space to an explicitly defined series |
29 |
of kernel options. I say "when I wasn't looking" because I use modules |
30 |
to trim down how much of iptables is constantly loaded on my router |
31 |
for rules there I don't use and the only other places I have Gentoo |
32 |
are my multitude of laptops, where the versatility of building and |
33 |
loading a module to test out yet another toy someone has on hand |
34 |
around me, without a reboot in many cases, is incredibly handy. |
35 |
|
36 |
-- |
37 |
Poison [BLX] |
38 |
Joshua M. Murphy |