Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Aug 2011 14:46:31 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: initrd/udev in Owl?

Solar,

On Mon, Aug 29, 2011 at 01:42 +0400, Solar Designer wrote:
> Then this topic was brought up on our not-yet-public development list a
> few years ago.  IIRC, at the time mjt suggested that udev was somewhat
> likely to be replaced with something else in a few years (which would be
> now).  We could want to ask for his opinion now.

I don't think udev is replaced by anything in the near future.

> > I don't insist on udev as it also complicates modules loading rules (it
> > is not fully controlled by an admin anymore),
> 
> Lacking full control by admin is really nasty/unacceptable - we'd need
> to provide some easy/supported way to regain such control.

udev is a configurable thing :)

There is a special rule for autoloading:

DRIVER!="?*", ENV{MODALIAS}=="?*", RUN+="/sbin/modprobe -b $env{MODALIAS}"

So, we can replace "modprobe" by a script, which maintains a list of
modules, which were requested by the kernel, but haven't been loaded
yet.  Then sysadmin does:

$ cat /var/run/modules_requested
ath9k MODALIAS=pci:v0000168Cd00000027sv*sd*bc*sc*i* DEPENDENCIES=ath9k_hw.ko,ath9k_common.ko,ath9k.ko
...

and gets a list of not-yet-loaded modules with the dependencies.

Or there could be a list of modules, which are OK to autoload.  Other
modules are not loaded and added to the modules_requested list.


BTW, the same list can be compiled from sysfs entries, without udev.


> > except (2).
> 
> Yes, (2) is serious (I trust your description of it; I am not familiar
> with this myself).

I don't know whether it can be disabled.  If yes, it is a way to go.


FWIW, as to hard drives - the stable naming for fstab can be obtained
two ways:

1) UUID for partitions.

2) symlinks created by udev and used in fstab instead /dev/sda1.

AFAIK, all modern distros do (1).


Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ