X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from ncopa-desktop.nor.wtbts.net (3.203.202.84.customer.cdi.no [84.202.203.3])
	(using SSLv3 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: nc@alpinelinux.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id B6073DC1B42;
	Tue, 24 Jul 2012 09:49:59 +0000 (UTC)
Date: Tue, 24 Jul 2012 11:49:56 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: <deant@hawaii.rr.com>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] [PATCH] testing/linux-virt-grsec
Message-ID: <20120724114956.2ef69845@ncopa-desktop.nor.wtbts.net>
In-Reply-To: <20120724001815.9MNPK.48733.root@hrndva-web05-z02>
References: <20120724001815.9MNPK.48733.root@hrndva-web05-z02>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-unknown-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 24 Jul 2012 0:18:15 +0000
<deant@hawaii.rr.com> wrote:
 
> Attached patch reduces some of the differences between
> main/linux-grsec/kernelconfig.x86 and
> testing/linux-virt-grsec/kernelconfig.x86, hopefully without breaking
> anything for anyone else.

I am not sure we want them to be similar. The idea of linux-virt-grsec
is to have a kernel that is as small as possible and is optimized for
virtual environments.

This means that we can assume some things of the running environment.
That the disk is virtual (so we pick deadline io scheduler) , that most
likely realtime applications will not be running (so we set config hz
to 100). We are also fairly sure that there will not be any wireless in
the virtual environment. (or am i wrong here?)
 
> Changes included in particular (but not limited to), ramdisk
> compression, kernel profiling, io scheduling.

I picked gz ramdisk compression only to reduce size of kernel. seems
like xen only supports gz. If there is a specific need to other
compression formats then we can enable those.

> CONFIG_NETFILTER_XT_TARGET_LOG is included, which should fix
> shorewall.  SCSI, ATA, 802.11 and WiMAX configs are more closely
> synchronized as well, but not necessarily drivers.

I would be ok to fix things that is broken (like
netfilter_xt_target_log) but I'd like good reasons for why pick CFQ
over dealine etc more than its similar to the default generic grsec
kernel.

So to conclude, changes that makes kernel smaller (ie removing stuff
that does not make sense in virtual environment) is more than welcome.
Stuff that makes it bigger should have good reasons.

Thanks!

-nc
 
> -dean takemori


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---