on Wed, Dec 03, 2003 at 04:10:49PM -0500, David Z Maze ([EMAIL PROTECTED]) wrote: > Bill Moseley <[EMAIL PROTECTED]> writes:
> > So is the purpose of initrd to have a small kernel but be able to > > load whatever modules might be needed for the currently running > > hardware? > > Almost. You also get to have a kernel that's completely generic; if > your machine has a SCSI hard disk with reiserfs, and mine is IDE with > ext3, the an initrd/kernel pair could boot both, without having any of > the drivers compiled in. Right. For stock kernels, initrd cuts down on the permutations which must be built. > > ...why not just build a kernel with everything compiled in? > My fuzzy memory is that there are a couple of factors. One is that > memory for kernel drivers absolutely can't be used for anything else, > so if you're trying to get the last megabyte out of your system, an > unused module is cheaper than an unused in-kernel driver. Another is > that there are a couple of limits on the size of the kernel, and so > building everything in blows you over that limit pretty quickly. For > a distribution kernel you also might want to install it on floppies, > which gives you a hard limit on the size of the kernel. (But yes, all > of these are becoming less of an issue with more modern hardware.) ...however, if you're building your _own_ kernel, for a static configuration, compiling in _can_ make sense. The problem for desktop (and portable) users is that you may still want to be able to accomodate removeable devices you're not aware of when you're building the kernel (PCMCIA, USB, etc.). The _other_ advantage, though of a compile-in-what-you-need kernel is that you can then turn _off_ loadable module support. For highly sensitive servers in hostile-facing environments, this can eliminate an entire class of potential attacks right there. Peace. -- Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Bush/Cheney '04: The last vote you'll ever have to cast.
pgp00000.pgp
Description: PGP signature
