diff options
Diffstat (limited to 'chapter10/kernel.xml')
| -rw-r--r-- | chapter10/kernel.xml | 43 |
1 files changed, 36 insertions, 7 deletions
diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index e7bcfdb87..023aa32b9 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -96,12 +96,28 @@ information about configuring and building the kernel can be found at <ulink url="http://www.kroah.com/lkn/"/> </para> - <note> + <caution> <para>A good starting place for setting up the kernel configuration is to - run <command>make defconfig</command>. This will set the base - configuration to a good state that takes your current system architecture - into account.</para> + run <command>make localmodconfig</command>. If the host kernel version + is not too different from the version of the kernel you are building, + this will set the base configuration to a good state similar to what + the host uses. Another possibility is to use <command>make + localyesconfig</command>, which does the same except everything is built + into the kernel.</para> + + <para>Do not disable any option enabled by <command>make + localmodconfig</command> unless the following notes explicitly make it + disabled or you really know what you are doing.</para> + </caution> + + <note> + <para>Another possibility is to run <command>make defconfig</command>, + which creates a more generic configuration for your architecture. You + may then have to disable drivers for hardware you do not have if + you want to reduce the kernel size.</para> + </note> + <note> <para>Be sure to enable/disable/set the following features or the system might not work correctly or boot at all:</para> @@ -111,6 +127,7 @@ General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] @@ -137,8 +154,7 @@ General setup ---> [*] Control Group support [CONFIG_CGROUPS] ---> [*] Memory controller [CONFIG_MEMCG] [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED] - [*] Configure standard kernel features (expert users) [CONFIG_EXPERT] ---> - [*] open by fhandle syscalls [CONFIG_FHANDLE] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] @@ -237,6 +253,19 @@ Device Drivers ---> </varlistentry> <varlistentry> + <term> + <parameter> + Configure standard kernel features (expert users) + </parameter> + </term> + <listitem> + <para>This will make some options show up in the configuration + interface but changing those options may be dangerous. Do not use + this unless you know what you are doing.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><parameter>Strong Stack Protector</parameter></term> <listitem> <para>Enable SSP for the kernel. We've enabled it for the entire @@ -293,7 +322,7 @@ Device Drivers ---> <para>Support running the interrupt controller of 64-bit x86 processors in x2APIC mode. x2APIC may be enabled by firmware on 64-bit x86 systems, and a kernel without this option enabled will - panic on boot if x2APIC is enabled by firmware. This option has + panic on boot if x2APIC is enabled by firmware. This option has no effect, but also does no harm if x2APIC is disabled by the firmware.</para> </listitem> |