Torouter kernel

In an ideal world, I'd like a modern kernel with the grsec/pax patches and ksplice. This should keep the Torouter kernel in good shape. In a realistic world, I think we'd be lucky to simply get a regularly updated kernel that includes the grsec/pax patches.

What do you want to see in the kernel?

added component::archived/torouter owner::ioerror parent::20747 priority::medium resolution::wontfix severity::normal status::closed torouter type::task labels

It seems like our hardware may be fixed enough such that we do not need kernel module loading at all. If we enable everything we need, we can simply remove modules entirely. If we want the device to be a bit more extendable, we'll have to open up module loading and vet specific devices. Otherwise we ship a kitchen sink...

Trac:
Component: - Select a component to Torouter

Here's the list of modules that I currently have loaded with the stock kernel:

ipv6                  236519  18 
ipt_MASQUERADE          1308  1 
iptable_nat             3372  1 
nf_nat                 12327  2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4       9290  3 iptable_nat,nf_nat
nf_conntrack           44802  4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4           861  1 nf_conntrack_ipv4
ip_tables               9257  1 iptable_nat
x_tables               10772  3 ipt_MASQUERADE,iptable_nat,ip_tables
snd_usb_audio          60307  0 
snd_pcm                61044  1 snd_usb_audio
snd_timer              16902  1 snd_pcm
snd_page_alloc          4667  1 snd_pcm
snd_hwdep               4669  1 snd_usb_audio
snd_usb_lib            15767  1 snd_usb_audio
snd_rawmidi            15773  1 snd_usb_lib
snd_seq_device          4823  1 snd_rawmidi
uap8xxx                42476  1 
btmrvl_sdio             7888  0 
btmrvl                 10915  1 btmrvl_sdio
snd                    34564  7 snd_usb_audio,snd_pcm,snd_timer,snd_hwdep,snd_usb_lib,snd_rawmidi,snd_seq_device
libertas_sdio           6764  0 
soundcore                630  1 snd
libertas               81670  1 libertas_sdio
bluetooth              53953  2 btmrvl_sdio,btmrvl
sata_mv                25438  0 
mv_cesa                 4610  0 

If we don't care about sound, sata, bluetooth, I think it's clear that we can easily remove a bunch of those.

If I wanted to go with the most stripped down kernel possible, I'd suggest a static kernel (no module loading) without /dev/mem, with grsec in high security mode, and with support only for the devices we absolutely need.

On the flip side from a stock kernel but a fairly extensible one, I'd take the kernel sources from the DreamPlug website, configure with /proc/config.gz, and then patch with grsec configured for high security mode.

Trac:
Cc: ioerror runa armadev weasel phobos to ioerror, runa, armadev, phobos

Trac:
Cc: ioerror, runa, armadev, phobos to ioerror, armadev, phobos

If this project were to be revived, this discussion would have to take place again around the targeted hardware platform, and so closing this ticket as no longer relevant. See also #20747 (closed).

Trac:
Status: new to closed
Sponsor: N/A to N/A
Parent: N/A to #20747 (closed)
Severity: N/A to Normal
Reviewer: N/A to N/A
Resolution: N/A to wontfix

closed