Re: [PATCH v2] Restrict unprivileged access to kernel syslog

[Dave Jones]

On Wed, Nov 10, 2010 at 07:26:38AM -0800, Andrew Morton wrote:
 
 > a) I'd question the need for the config option.  Are distros really
 >    so lame that they can't trust themselves to poke a number into
 >    procfs at boot time?

short answer: yes.

* /etc/sysctl.conf is for users to override decisions distros have made,
  rather than a catalog of those decisions.

* Sometimes we change our mind on those decisions. Flipping a config option
  in the kernel means we push out an update, and forget about it.
  Users /etc/sysctl.conf's contain all kinds of crazyness. ask Davem about
  the stale TCP 'tuning' crap that lingered for years in Fedora users configs
  before anyone noticed.
  (We could update the sysctl.conf at post-install of the kernel package,
   but if you've ever seen a distro kernel packaging schema, you'd understand
   why adding more magic like this isn't desirable)

There's a bunch of patches we carry in Fedora that change defaults because there's
no CONFIG option for them, which I've been meaning to get around to
hacking up into options so we can carry a few less patches.

	Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/