Re: Kernel options

From: Andrew Konstantinov (abkonstantinov_at_earthlink.net)
Date: 07/28/04

Next message: Joerg Sonnenberger: "License of dev/arl"

Previous message: bsd hack: "Kernel options"
In reply to: bsd hack: "Kernel options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: hackers@freebsd.org
Date: 28 Jul 2004 14:10:39 -0700

On Wed, 2004-07-28 at 11:14, bsd hack wrote:
> Hi,
> I am working with the Kernel config file to optimize it and also to improve the overall security of the system!
>
> I have the following quetions:
> (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file!

I think this is related to the thread about "next generation" kernel
config stuff, but for starters you might want to take a look at the
NOTES file.

> (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel?

Perhaps what you are looking for is the tuning manual page?

> (3) and also my aim includes optimizing the kernel... so by enabling only the options I need to I should get a get optimization... is there anything else that can be done?

By excluding all the unnecessary code from the kernel you are
performing kernel minimization. What you are really looking for
is the run time system optimizaion (configuration process) for a
particular task that it is going to perform.

> (4) My aim is to improve local and network security. I guess enabling IPFIREWALL helps with the network security part.... are there any special options for local security?

Enabling IPFIREWALL option won't help your security, but configuring
your firewall properly will. Also, there is some useful theoretical
information in the security manual page.

Andrew
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

Next message: Joerg Sonnenberger: "License of dev/arl"

Previous message: bsd hack: "Kernel options"
In reply to: bsd hack: "Kernel options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

build issue #349 for v2.6.26-rc1-279-g28a4acb :
... The build was made with an old .config from kernel 2.6.25-rc1 ... # CAN Device Drivers ... # PCI IDE chipsets support ...
(Linux-Kernel)
Re: [BUG] soft lockup detected with ipcs
... kernel BUG message once, I think it is not printed out all the time it ... I attached screenshot from 2.6.18 freeze and config. ... # Device Drivers ... # PCI IDE chipsets support ...
(Linux-Kernel)
Re: nfs: __setup_str_nfs_root_setup causes a section type conflict
... Helge Deller alerted me to the fact that the config I sent did not have ... # Linux kernel version: 2.6.31-rc5 ... # Device Drivers ... # PCI IDE chipsets support ...
(Linux-Kernel)
Re: commit "radeonfb: Fix resume from D3Cold on some platforms" breaks resume from RAM on PowerBook
... I then reverted to bisecting with my original kernel config. ... # Processor support ... # Bluetooth device drivers ...
(Linux-Kernel)
build #351 issue for v2.6.25-rc1-51-g96b5a46 in ./drivers/acpi/osl.c
... The build was made with an old .config from kernel 2.6.25-rc1 ... # CAN Device Drivers ... # PCI IDE chipsets support ...
(Linux-Kernel)