Re: Reducing the need to compile a custom kernel

看板FB_stable作者時間14年前 (2012/02/11 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串14/43 (看更多)
On 10/2/2012 15:56, Alexander Leidinger wrote: > Hi, > > during some big discussions in the last monts on various lists, one of > the problems was that some people would like to use freebsd-update but > can't as they are using a custom kernel. With all the kernel modules we > provide, the need for a custom kernel should be small, but on the other > hand, we do not provide a small kernel-skeleton where you can load just > the modules you need. > > This should be easy to change. As a first step I took the generic kernel > and removed all devices which are available as modules, e.g. the USB > section consists now only of the USB_DEBUG option (so that the module is > build like with the current generic kernel). I also removed some storage > drivers which are not available as a module. The rationale is, that I > can not remove CAM from the kernel config if I let those drivers inside > (if those drivers are important enough, someone will probably fix the > problem and add the missing pieces to generate a module). > > Such a kernel would cover situations where people compile their own > kernel because they want to get rid of some unused kernel code (and > maybe even need the memory this frees up). > > The question is, is this enough? Or asked differently, why are you > compiling a custom kernel in a production environment (so I rule out > debug options which are not enabled in GENERIC)? Are there options which > you add which you can not add as a module (SW_WATCHDOG comes to my > mind)? If yes, which ones and how important are they for you? Hello, we are currently using on every server (in order to maintain a single custom kernel) the following options: IPFIREWALL IPFIREWALL_DEFAULT_TO_ACCEPT IPFIREWALL_FORWARD ROUTETABLES=n Soon, we will also add: IPSEC IPSEC_FILTERTUNNEL IPSEC_NAT_T crypto enc Finally, once we upgrade our jail setup VIMAGE will be also a must. Regards, Panagiotis -- Panagiotis J. Christias Network Management Center p.christias@noc.ntua.gr National Technical Univ. of Athens, GREECE _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
更多 p. 的文章
文章代碼(AID): #1FDLjX0B (FB_stable)
討論串 (同標題文章)
完整討論串 (本文為第 14 之 43 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共43篇)
更多 p. 的文章
文章代碼(AID): #1FDLjX0B (FB_stable)