source: BOOK/bootable/x86/kernel.xml @ 4a7ae16

clfs-1.2clfs-2.1clfs-3.0.0-systemdclfs-3.0.0-sysvinitsystemdsysvinit
Last change on this file since 4a7ae16 was 4a7ae16, checked in by Ken Moffat <zarniwhoop@…>, 16 years ago

Fix the known kernel vulnerabilities.

  • Property mode set to 100644
File size: 9.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4  <!ENTITY % general-entities SYSTEM "../../general.ent">
5  %general-entities;
6]>
7
8<sect1 id="ch-bootable-kernel" role="wrap">
9  <?dbhtml filename="kernel.html"?>
10
11  <title>Linux-&linux-version;</title>
12
13  <indexterm zone="ch-bootable-kernel">
14    <primary sortas="a-Linux">Linux</primary>
15  </indexterm>
16
17  <sect2 role="package"><title/>
18    <para>The Linux package contains the Linux kernel.</para>
19
20  </sect2>
21
22  <sect2 role="installation">
23    <title>Installation of the kernel</title>
24
25    <para os="a1">A number of vulnerabilities have come to light after the
26    stable kernel team stopped supporting 2.6.24.  The following patch addresses
27    them:</para>
28
29<screen os="a2"><userinput>patch -Np1 -i ../&linux-security-patch;</userinput></screen>
30
31    <para os="a">Building the kernel involves a few steps&mdash;configuration,
32    compilation, and installation. Read the <filename>README</filename>
33    file in the kernel source tree for alternative methods to the way this
34    book configures the kernel.</para>
35
36    <para os="b">Prepare for compilation by running the following command:</para>
37
38<screen os="c"><userinput>make mrproper</userinput></screen>
39
40    <para os="d">This ensures that the kernel tree is absolutely clean. The
41    kernel team recommends that this command be issued prior to each
42    kernel compilation. Do not rely on the source tree being clean after
43    un-tarring.</para>
44
45    <para os="h">Configure the kernel via a menu-driven interface.
46    Please note that the udev bootscript requires "rtc" and "tmpfs" to be
47    enabled and built into the kernel, not as modules. CBLFS has
48    some information regarding particular kernel configuration requirements of
49    packages outside of CLFS at <ulink
50    url="&cblfs-root;"/>:</para>
51
52<screen os="i"><userinput>make menuconfig</userinput></screen>
53
54    <para os="j">Alternatively, <command>make oldconfig</command> may be more
55    appropriate in some situations. See the <filename>README</filename>
56    file for more information.</para>
57
58    <para os="k">If desired, skip kernel configuration by copying the kernel
59    config file, <filename>.config</filename>, from the host system
60    (assuming it is available) to the root directory of the unpacked kernel
61    sources. However, we do not recommend this option. It is often better
62    to explore all the configuration menus and create the kernel configuration
63    from scratch.</para>
64
65    <para os="m">Compile the kernel image and modules:</para>
66
67<screen os="n"><userinput>make</userinput></screen>
68
69    <para os="o">If using kernel modules, an
70    <filename>/etc/modprobe.conf</filename> file may be needed.
71    Information pertaining to modules and kernel configuration is
72    located in the kernel documentation in the <filename
73    class="directory">Documentation</filename> directory of the kernel
74    sources tree. Also, <filename>modprobe.conf(5)</filename> may
75    be of interest.</para>
76
77    <para os="p">Be very careful when reading other documentation relating to
78    kernel modules because it usually applies to 2.4.x kernels only. As
79    far as we know, kernel configuration issues specific to Hotplug and
80    Udev are not documented. The problem is that Udev will create a device
81    node only if Hotplug or a user-written script inserts the corresponding
82    module into the kernel, and not all modules are detectable by Hotplug.
83    Note that statements like the one below in the
84    <filename>/etc/modprobe.conf</filename> file do not work with Udev:</para>
85
86<screen os="q"><literal>alias char-major-XXX some-module</literal></screen>
87
88    <para os="r">Because of the complications with Udev and modules,
89    we strongly recommend starting with a completely non-modular kernel
90    configuration, especially if this is the first time using Udev.</para>
91
92    <para os="s">Install the modules, if the kernel configuration uses
93    them:</para>
94
95<screen os="t"><userinput>make modules_install</userinput></screen>
96
97    <para os="u">After kernel compilation is complete, additional steps are
98    required to complete the installation. Some files need to be copied to
99    the <filename class="directory">/boot</filename> directory.</para>
100
101    <para os="v">Issue the following command to install the kernel:</para>
102
103<screen><userinput>cp -v arch/i386/boot/bzImage /boot/clfskernel-&linux-version;</userinput></screen>
104
105    <para os="w"><filename>System.map</filename> is a symbol file for the kernel.
106    It maps the function entry points of every function in the kernel API,
107    as well as the addresses of the kernel data structures for the running
108    kernel. Issue the following command to install the map file:</para>
109
110<screen os="w1"><userinput>cp -v System.map /boot/System.map-&linux-version;</userinput></screen>
111
112    <para os="x">The kernel configuration file <filename>.config</filename>
113    produced by the <command>make menuconfig</command> step above contains
114    all the configuration selections for the kernel that was just compiled.
115    It is a good idea to keep this file for future reference:</para>
116
117<screen os="x1"><userinput>cp -v .config /boot/config-&linux-version;</userinput></screen>
118
119    <para os="y">It is important to note that the files in the kernel source
120    directory are not owned by <systemitem class="username">root</systemitem>.
121    Whenever a package is unpacked as user <systemitem
122    class="username">root</systemitem> (like we do inside the final-system
123    build environment), the files have the user and group IDs of whatever
124    they were on the packager's computer. This is usually not a problem
125    for any other package to be installed because the source tree is
126    removed after the installation. However, the Linux source tree is
127    often retained for a long time. Because of this, there is a chance
128    that whatever user ID the packager used will be assigned to somebody
129    on the machine. That person would then have write access to the kernel
130    source.</para>
131
132    <para os="y1">If the kernel source tree is going to retained, run
133    <command>chown -R 0:0</command> on the <filename
134    class="directory">linux-&linux-version;</filename> directory to
135    ensure all files are owned by user <systemitem
136    class="username">root</systemitem>.</para>
137
138    <warning os="z">
139      <para>Some kernel documentation recommends creating a symlink from
140      <filename class="symlink">/usr/src/linux</filename> pointing to the
141      kernel source directory. This is specific to kernels prior to the
142      2.6 series and <emphasis>must not</emphasis> be created on a CLFS
143      system as it can cause problems for packages you may wish to build
144      once your base CLFS system is complete.</para>
145
146      <para>Also, the headers in the system's <filename
147      class="directory">include</filename> directory should
148      <emphasis>always</emphasis> be the ones against which Glibc was
149      compiled (from the Linux-Headers package) and should
150      <emphasis>never</emphasis> be replaced by the kernel headers.</para>
151    </warning>
152
153  </sect2>
154
155  <sect2 id="contents-kernel" role="content">
156    <title>Contents of Linux</title>
157
158    <segmentedlist>
159      <segtitle>Installed files</segtitle>
160
161      <seglistitem>
162        <seg>config-[linux-version], clfskernel-[linux-version],
163        and System.map-[linux-version]</seg>
164      </seglistitem>
165    </segmentedlist>
166
167    <variablelist>
168      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
169      <?dbfo list-presentation="list"?>
170      <?dbhtml list-presentation="table"?>
171
172      <varlistentry id="config">
173        <term><filename>config-[linux-version]</filename></term>
174        <listitem>
175          <para>Contains all the configuration selections for the kernel</para>
176          <indexterm zone="ch-bootable-kernel config">
177            <primary sortas="e-/boot/config">/boot/config-[linux-version]</primary>
178          </indexterm>
179        </listitem>
180      </varlistentry>
181
182      <varlistentry id="clfskernel">
183        <term><filename>clfskernel-[linux-version]</filename></term>
184        <listitem>
185          <para>The engine of the Linux system. When turning on the
186          computer, the kernel is the first part of the operating system
187          that gets loaded. It detects and initializes all components of
188          the computer's hardware, then makes these components available
189          as a tree of files to the software and turns a single CPU into
190          a multitasking machine capable of running scores of programs
191          seemingly at the same time.</para>
192          <indexterm zone="ch-bootable-kernel clfskernel">
193            <primary sortas="b-clfskernel">clfskernel-[linux-version]</primary>
194          </indexterm>
195        </listitem>
196      </varlistentry>
197
198      <varlistentry id="System.map">
199        <term><filename>System.map-[linux-version]</filename></term>
200        <listitem>
201          <para>A list of addresses and symbols; it maps the entry points
202          and addresses of all the functions and data structures in the
203          kernel</para>
204          <indexterm zone="ch-bootable-kernel System.map">
205            <primary sortas="e-/boot/System.map">/boot/System.map-[linux-version]</primary>
206          </indexterm>
207        </listitem>
208      </varlistentry>
209
210    </variablelist>
211
212  </sect2>
213
214</sect1>
Note: See TracBrowser for help on using the repository browser.