From e0fb1098a4b0f5059f029fd88eff78ca244beec1 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Wed, 8 Mar 2023 11:01:18 +0800 Subject: kernel: Recommend to disable CONFIG_EXPERT Let's not encourage users to try tricky things and shoot their own foot. For systemd, if CONFIG_EXPERT is disable, CONFIG_FHANDLE will be enabled automatically. So there is no need to enable CONFIG_EXPERT and then set CONFIG_FHANDLE manually. --- chapter10/kernel.xml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'chapter10') diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index e7bcfdb87..4618cc18e 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -111,6 +111,7 @@ General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] @@ -137,8 +138,7 @@ General setup ---> [*] Control Group support [CONFIG_CGROUPS] ---> [*] Memory controller [CONFIG_MEMCG] [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED] - [*] Configure standard kernel features (expert users) [CONFIG_EXPERT] ---> - [*] open by fhandle syscalls [CONFIG_FHANDLE] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] @@ -236,6 +236,19 @@ Device Drivers ---> + + + + Configure standard kernel features (expert users) + + + + This will make some options show up in the configuration + interface but changing those options may be dangerous. Do not use + this unless you know what you are doing. + + + Strong Stack Protector -- cgit v1.2.3-54-g00ecf From d0a9bda4e696f4be02499b87c2bd6d8f40a3d4a3 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Thu, 9 Mar 2023 01:14:15 +0800 Subject: kernel: Use for make defconfig and... tell people not to messing the options enabled by defconfig up. Yes, I messed them up and shot my own foot. --- chapter10/kernel.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'chapter10') diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 4618cc18e..7c64e0983 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -96,12 +96,18 @@ information about configuring and building the kernel can be found at - + A good starting place for setting up the kernel configuration is to run make defconfig. This will set the base configuration to a good state that takes your current system architecture into account. + Do not disable any option enabled by make + defconfig unless the following note explicitly makes it + disabled or you really know what you are doing. + + + Be sure to enable/disable/set the following features or the system might not work correctly or boot at all: -- cgit v1.2.3-54-g00ecf From de679165f9a63ce94202d356abbae2b9a3bff5c3 Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Wed, 8 Mar 2023 22:27:34 +0100 Subject: Suggest make localmodconfig for kernel This is less generic than defconfig, and you can then tell not to tweak options... --- chapter10/kernel.xml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'chapter10') diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 7c64e0983..023aa32b9 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -98,15 +98,25 @@ A good starting place for setting up the kernel configuration is to - run make defconfig. This will set the base - configuration to a good state that takes your current system architecture - into account. + run make localmodconfig. If the host kernel version + is not too different from the version of the kernel you are building, + this will set the base configuration to a good state similar to what + the host uses. Another possibility is to use make + localyesconfig, which does the same except everything is built + into the kernel. Do not disable any option enabled by make - defconfig unless the following note explicitly makes it + localmodconfig unless the following notes explicitly make it disabled or you really know what you are doing. + + Another possibility is to run make defconfig, + which creates a more generic configuration for your architecture. You + may then have to disable drivers for hardware you do not have if + you want to reduce the kernel size. + + Be sure to enable/disable/set the following features or the system might not work correctly or boot at all: @@ -312,7 +322,7 @@ Device Drivers ---> Support running the interrupt controller of 64-bit x86 processors in x2APIC mode. x2APIC may be enabled by firmware on 64-bit x86 systems, and a kernel without this option enabled will - panic on boot if x2APIC is enabled by firmware. This option has + panic on boot if x2APIC is enabled by firmware. This option has no effect, but also does no harm if x2APIC is disabled by the firmware. -- cgit v1.2.3-54-g00ecf