Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 Jun 2012 14:05:11 +0400
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: Re: status of 2.6.32-based kernel

On 23-Jun-2012 00:26:26 +0400, Vasily Kulikov wrote:

 > I've reached the state of bootable RHEL6-based kernel with Owl
 > patch.
 > 1. Owl patch is updated and a basic .config file is created.

Great!

 > 2. There are problems with some config options. I had to enable
 > 1) cgroups

That's normal.

Symbol: CGROUPS [=y]
Prompt: Control Group support
Selected by: VE [=y]

 > 2) perf events
 > Does Owl kernel need cgroups and perf events? Cgroups are needed
 > for ovz scheduler (and probably memory) limitations. It looks
 > like OpenVZ is able to exist without perf events, it is only
 > RHEL-related compilation bug.

CONFIG_HAVE_PERF_EVENTS=y
# CONFIG_PERF_EVENTS is not set
# CONFIG_PERF_COUNTERS is not set

 > If both option groups are needed, no significant changes to the
 > Owl patch are needed.

Excellent.

 > 3. The size of the kernel has significantly increased: 2.82 Mb
 > of 2.6.18 vs 3.60 Mb of 2.6.32. Do we need any actions for
 > reducing the size?

No.

 > E.g. moving some config options from =y to =m.

We are not limited by size of floppy or ElTorito block, so there
are good reasons to do the opposite: compile most modules into
the kernel.

Here's the kernel I use at one of production servers:

gremlin@...***:~ > lh /boot/linux-2.6.32-ovz
-rw-r--r-- 1 root root 4.6M 2012-01-23 17:16 /boot/linux-2.6.32-ovz

Even on server with 8Gb RAM this kernel will occupy only about 0.1%

 > Probably we can discuss udev usage once again (and move many
 > device options to =m

Things like udev make crash recovery more complicated, so they are
inacceptable for OS destined for servers.

 > and use initrd)...

The only case where the use of initrd is acceptable is the remote
network installation (IPMI+PXE+...), and even in that case it should
contain only the basic userland.

 > However, we are not constrained with any specific size because
 > of using syslinux as bootloader in ISO case.

We're not constrained with any specific size in all other cases
(USB sticks, PXE, etc.) as well - so there's no reason for wasting
the time.

 > 4. We want to use the latest RHEL6-based OpenVZ kernel branch,
 > right? For now it should be 042stab055.16.

Yes.

 > 5. How do we want to discuss the needness of plenty config options?
 > Most of them are device-related, but a significant number is about
 > secondary features like RCU, ACPI, scheduler things, etc.

I have plenty of different hardware running Owl, and here's my .config:
ftp://ftp.gremlin.people.openwall.com/pub/linux/Owl/kernel/config
SHA1: 142252a4d2f996aa85baedb3eac45c36fc66ab1f


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ