Re: [PATCH v2] Restrict unprivileged access to kernel syslog
From: Dave Jones
Date: Wed Nov 10 2010 - 12:51:43 EST
On Wed, Nov 10, 2010 at 07:26:38AM -0800, Andrew Morton wrote:
> a) I'd question the need for the config option. Are distros really
> so lame that they can't trust themselves to poke a number into
> procfs at boot time?
short answer: yes.
* /etc/sysctl.conf is for users to override decisions distros have made,
rather than a catalog of those decisions.
* Sometimes we change our mind on those decisions. Flipping a config option
in the kernel means we push out an update, and forget about it.
Users /etc/sysctl.conf's contain all kinds of crazyness. ask Davem about
the stale TCP 'tuning' crap that lingered for years in Fedora users configs
before anyone noticed.
(We could update the sysctl.conf at post-install of the kernel package,
but if you've ever seen a distro kernel packaging schema, you'd understand
why adding more magic like this isn't desirable)
There's a bunch of patches we carry in Fedora that change defaults because there's
no CONFIG option for them, which I've been meaning to get around to
hacking up into options so we can carry a few less patches.
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/