Re: [PATCH v2] Restrict unprivileged access to kernel syslog
From: Ingo Molnar
Date: Wed Nov 10 2010 - 13:14:05 EST
* Dave Jones <davej@xxxxxxxxxx> wrote:
> On Wed, Nov 10, 2010 at 07:26:38AM -0800, Andrew Morton wrote:
>
> > a) I'd question the need for the config option. Are distros really
> > so lame that they can't trust themselves to poke a number into
> > procfs at boot time?
>
> short answer: yes.
>
> * /etc/sysctl.conf is for users to override decisions distros have made,
> rather than a catalog of those decisions.
>
> * Sometimes we change our mind on those decisions. Flipping a config option
> in the kernel means we push out an update, and forget about it.
> Users /etc/sysctl.conf's contain all kinds of crazyness. ask Davem about
> the stale TCP 'tuning' crap that lingered for years in Fedora users configs
> before anyone noticed.
> (We could update the sysctl.conf at post-install of the kernel package,
> but if you've ever seen a distro kernel packaging schema, you'd understand
> why adding more magic like this isn't desirable)
>
> There's a bunch of patches we carry in Fedora that change defaults because there's
> no CONFIG option for them, which I've been meaning to get around to hacking up
> into options so we can carry a few less patches.
_YES_.
A self-contained .config that carries all kernel related defaults is a very powerful
thing. We need more of that.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/