Opened 8 years ago

Closed 3 years ago

#3447 closed task (wontfix)

Torouter kernel

Reported by: ioerror Owned by: ioerror
Priority: Medium Milestone:
Component: Archived/Torouter Version:
Severity: Normal Keywords: torouter
Cc: ioerror, armadev, phobos Actual Points:
Parent ID: #20747 Points:
Reviewer: Sponsor:

Description

In an ideal world, I'd like a modern kernel with the grsec/pax patches and ksplice. This should keep the Torouter kernel in good shape. In a realistic world, I think we'd be lucky to simply get a regularly updated kernel that includes the grsec/pax patches.

What do you want to see in the kernel?

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by ioerror

It seems like our hardware may be fixed enough such that we do not need kernel module loading at all. If we enable everything we need, we can simply remove modules entirely. If we want the device to be a bit more extendable, we'll have to open up module loading and vet specific devices. Otherwise we ship a kitchen sink...

comment:2 Changed 8 years ago by rransom

Component: - Select a componentTorouter

comment:3 Changed 8 years ago by ioerror

Here's the list of modules that I currently have loaded with the stock kernel:

ipv6                  236519  18 
ipt_MASQUERADE          1308  1 
iptable_nat             3372  1 
nf_nat                 12327  2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4       9290  3 iptable_nat,nf_nat
nf_conntrack           44802  4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4           861  1 nf_conntrack_ipv4
ip_tables               9257  1 iptable_nat
x_tables               10772  3 ipt_MASQUERADE,iptable_nat,ip_tables
snd_usb_audio          60307  0 
snd_pcm                61044  1 snd_usb_audio
snd_timer              16902  1 snd_pcm
snd_page_alloc          4667  1 snd_pcm
snd_hwdep               4669  1 snd_usb_audio
snd_usb_lib            15767  1 snd_usb_audio
snd_rawmidi            15773  1 snd_usb_lib
snd_seq_device          4823  1 snd_rawmidi
uap8xxx                42476  1 
btmrvl_sdio             7888  0 
btmrvl                 10915  1 btmrvl_sdio
snd                    34564  7 snd_usb_audio,snd_pcm,snd_timer,snd_hwdep,snd_usb_lib,snd_rawmidi,snd_seq_device
libertas_sdio           6764  0 
soundcore                630  1 snd
libertas               81670  1 libertas_sdio
bluetooth              53953  2 btmrvl_sdio,btmrvl
sata_mv                25438  0 
mv_cesa                 4610  0 

If we don't care about sound, sata, bluetooth, I think it's clear that we can easily remove a bunch of those.

comment:4 Changed 8 years ago by ioerror

If I wanted to go with the most stripped down kernel possible, I'd suggest a static kernel (no module loading) without /dev/mem, with grsec in high security mode, and with support only for the devices we absolutely need.

On the flip side from a stock kernel but a fairly extensible one, I'd take the kernel sources from the DreamPlug website, configure with /proc/config.gz, and then patch with grsec configured for high security mode.

comment:5 Changed 8 years ago by weasel

Cc: ioerror runa armadev phobos added; ioerror runa armadev weasel phobos removed

comment:6 Changed 7 years ago by runa

Cc: runa removed

comment:7 Changed 3 years ago by irl

Parent ID: #20747
Resolution: wontfix
Severity: Normal
Status: newclosed

If this project were to be revived, this discussion would have to take place again around the targeted hardware platform, and so closing this ticket as no longer relevant. See also #20747.

Note: See TracTickets for help on using tickets.