JP Vossen on 16 Sep 2010 21:38:53 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] kernel config/compile sanity check

First, thanks to everyone who gave this some thought, I appreciate the feedback!

I wanted to follow up and comment on some things, just to close the loop.

I ended up finding most, but not all, of the source tarballs, and then just moving all of the instances of the code into a parent dir, and adding a README to call out some of the specific oddness.

Jason and Kevin suggested looking at the CentOS kernel spec file. Great thought, I have only this to say:

$ mkdir kernel && cd $_
$ wget '' # 79M
$ rpm2cpio kernel-2.6.18-194.el5.src.rpm | cpio -i
$ wc -l kernel-2.6.spec
17361 kernel-2.6.spec

Date: Wed, 15 Sep 2010 10:09:04 -0400
From: "Sean M. Collins"<>

Do you know the reasoning behind all these special kernels? If there
wasn't a compelling reason, such as special hardware, perhaps this would
be an excellent opportunity to bring everything back into a more
maintainable state.

You could end up spending more time trying to figure out what the heck
he was doing, compared to installing packaged versions of the kernel
from the distro.

The point of the custom kernel is hardening, and adding some things we need. It specifically disallows modules, and thus monolithically loads what we need and only what we need (no init.rd either). It's also deployed on many hundreds of boxes in the field, so I'd kinda like to have a clue about it.

Also, see previous point about 'wc -l'...  :-)

> Date: Wed, 15 Sep 2010 10:23:20 -0400
> From:
> By 'custom' you mean hacked kernel source, or custom selection of
> config options?

I most sincerely hope and understand it to be custom selection of config options only. But good question.

If you're looking to retrieve config choices from a compiled kernel, it
may not be so bad. [I'm out of the office right now, doing this from
memory, so the following statements will lack many specifics.] Modern
Linux kenrnels have the option to embed a compressed copy of the config
file in the kernel. That is accessible from /proc on a running system
(depending on options), or can be extracted from the kernel binary.

It's /proc/config.gz and it isn't compiled in (even though I asked for that years ago).

Anyway, thanks for the sanity checks,
JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --