Re: [PATCH v2] Restrict unprivileged access to kernel syslog

[Ingo Molnar]

* Dave Jones <davej@xxxxxxxxxx> wrote:

> On Wed, Nov 10, 2010 at 07:26:38AM -0800, Andrew Morton wrote:
>  
>  > a) I'd question the need for the config option.  Are distros really
>  >    so lame that they can't trust themselves to poke a number into
>  >    procfs at boot time?
> 
> short answer: yes.
> 
> * /etc/sysctl.conf is for users to override decisions distros have made,
>   rather than a catalog of those decisions.
> 
> * Sometimes we change our mind on those decisions. Flipping a config option
>   in the kernel means we push out an update, and forget about it.
>   Users /etc/sysctl.conf's contain all kinds of crazyness. ask Davem about
>   the stale TCP 'tuning' crap that lingered for years in Fedora users configs
>   before anyone noticed.
>   (We could update the sysctl.conf at post-install of the kernel package,
>    but if you've ever seen a distro kernel packaging schema, you'd understand
>    why adding more magic like this isn't desirable)
> 
> There's a bunch of patches we carry in Fedora that change defaults because there's 
> no CONFIG option for them, which I've been meaning to get around to hacking up 
> into options so we can carry a few less patches.

_YES_.

A self-contained .config that carries all kernel related defaults is a very powerful 
thing. We need more of that.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/