source: BOOK/bootable/x86/kernel.xml@ 95dd7e1

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 95dd7e1 was c4d47a3, checked in by Joe Ciccone <jciccone@…>, 17 years ago

Change kernel security fixes patch from a1 + a2 to p1 + p2 to avoid a conflift with the alpha page_size patch.

  • Property mode set to 100644
File size: 9.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-bootable-kernel" role="wrap">
9 <?dbhtml filename="kernel.html"?>
10
11 <title>Linux-&linux-version;</title>
12
13 <indexterm zone="ch-bootable-kernel">
14 <primary sortas="a-Linux">Linux</primary>
15 </indexterm>
16
17 <sect2 role="package"><title/>
18 <para>The Linux package contains the Linux kernel.</para>
19
20 </sect2>
21
22 <sect2 role="installation">
23 <title>Installation of the kernel</title>
24
25 <para os="p1">A number of vulnerabilities have come to light after the
26 stable kernel team stopped supporting 2.6.24. The following patch addresses
27 them:</para>
28
29<screen os="p2"><userinput>patch -Np1 -i ../&linux-security-patch;</userinput></screen>
30
31 <para os="a">Building the kernel involves a few steps&mdash;configuration,
32 compilation, and installation. Read the <filename>README</filename>
33 file in the kernel source tree for alternative methods to the way this
34 book configures the kernel.</para>
35
36 <para os="b">Prepare for compilation by running the following command:</para>
37
38<screen os="c"><userinput>make mrproper</userinput></screen>
39
40 <para os="d">This ensures that the kernel tree is absolutely clean. The
41 kernel team recommends that this command be issued prior to each
42 kernel compilation. Do not rely on the source tree being clean after
43 un-tarring.</para>
44
45 <para os="h">Configure the kernel via a menu-driven interface.
46 Please note that the udev bootscript requires "rtc" and "tmpfs" to be
47 enabled and built into the kernel, not as modules. CBLFS has
48 some information regarding particular kernel configuration requirements of
49 packages outside of CLFS at <ulink
50 url="&cblfs-root;"/>:</para>
51
52<screen os="i"><userinput>make menuconfig</userinput></screen>
53
54 <para os="j">Alternatively, <command>make oldconfig</command> may be more
55 appropriate in some situations. See the <filename>README</filename>
56 file for more information.</para>
57
58 <para os="k">If desired, skip kernel configuration by copying the kernel
59 config file, <filename>.config</filename>, from the host system
60 (assuming it is available) to the root directory of the unpacked kernel
61 sources. However, we do not recommend this option. It is often better
62 to explore all the configuration menus and create the kernel configuration
63 from scratch.</para>
64
65 <para os="m">Compile the kernel image and modules:</para>
66
67<screen os="n"><userinput>make</userinput></screen>
68
69 <para os="o">If using kernel modules, an
70 <filename>/etc/modprobe.conf</filename> file may be needed.
71 Information pertaining to modules and kernel configuration is
72 located in the kernel documentation in the <filename
73 class="directory">Documentation</filename> directory of the kernel
74 sources tree. Also, <filename>modprobe.conf(5)</filename> may
75 be of interest.</para>
76
77 <para os="p">Be very careful when reading other documentation relating to
78 kernel modules because it usually applies to 2.4.x kernels only. As
79 far as we know, kernel configuration issues specific to Hotplug and
80 Udev are not documented. The problem is that Udev will create a device
81 node only if Hotplug or a user-written script inserts the corresponding
82 module into the kernel, and not all modules are detectable by Hotplug.
83 Note that statements like the one below in the
84 <filename>/etc/modprobe.conf</filename> file do not work with Udev:</para>
85
86<screen os="q"><literal>alias char-major-XXX some-module</literal></screen>
87
88 <para os="r">Because of the complications with Udev and modules,
89 we strongly recommend starting with a completely non-modular kernel
90 configuration, especially if this is the first time using Udev.</para>
91
92 <para os="s">Install the modules, if the kernel configuration uses
93 them:</para>
94
95<screen os="t"><userinput>make modules_install</userinput></screen>
96
97 <para os="u">After kernel compilation is complete, additional steps are
98 required to complete the installation. Some files need to be copied to
99 the <filename class="directory">/boot</filename> directory.</para>
100
101 <para os="v">Issue the following command to install the kernel:</para>
102
103<screen><userinput>cp -v arch/i386/boot/bzImage /boot/clfskernel-&linux-version;</userinput></screen>
104
105 <para os="w"><filename>System.map</filename> is a symbol file for the kernel.
106 It maps the function entry points of every function in the kernel API,
107 as well as the addresses of the kernel data structures for the running
108 kernel. Issue the following command to install the map file:</para>
109
110<screen os="w1"><userinput>cp -v System.map /boot/System.map-&linux-version;</userinput></screen>
111
112 <para os="x">The kernel configuration file <filename>.config</filename>
113 produced by the <command>make menuconfig</command> step above contains
114 all the configuration selections for the kernel that was just compiled.
115 It is a good idea to keep this file for future reference:</para>
116
117<screen os="x1"><userinput>cp -v .config /boot/config-&linux-version;</userinput></screen>
118
119 <para os="y">It is important to note that the files in the kernel source
120 directory are not owned by <systemitem class="username">root</systemitem>.
121 Whenever a package is unpacked as user <systemitem
122 class="username">root</systemitem> (like we do inside the final-system
123 build environment), the files have the user and group IDs of whatever
124 they were on the packager's computer. This is usually not a problem
125 for any other package to be installed because the source tree is
126 removed after the installation. However, the Linux source tree is
127 often retained for a long time. Because of this, there is a chance
128 that whatever user ID the packager used will be assigned to somebody
129 on the machine. That person would then have write access to the kernel
130 source.</para>
131
132 <para os="y1">If the kernel source tree is going to retained, run
133 <command>chown -R 0:0</command> on the <filename
134 class="directory">linux-&linux-version;</filename> directory to
135 ensure all files are owned by user <systemitem
136 class="username">root</systemitem>.</para>
137
138 <warning os="z">
139 <para>Some kernel documentation recommends creating a symlink from
140 <filename class="symlink">/usr/src/linux</filename> pointing to the
141 kernel source directory. This is specific to kernels prior to the
142 2.6 series and <emphasis>must not</emphasis> be created on a CLFS
143 system as it can cause problems for packages you may wish to build
144 once your base CLFS system is complete.</para>
145
146 <para>Also, the headers in the system's <filename
147 class="directory">include</filename> directory should
148 <emphasis>always</emphasis> be the ones against which Glibc was
149 compiled (from the Linux-Headers package) and should
150 <emphasis>never</emphasis> be replaced by the kernel headers.</para>
151 </warning>
152
153 </sect2>
154
155 <sect2 id="contents-kernel" role="content">
156 <title>Contents of Linux</title>
157
158 <segmentedlist>
159 <segtitle>Installed files</segtitle>
160
161 <seglistitem>
162 <seg>config-[linux-version], clfskernel-[linux-version],
163 and System.map-[linux-version]</seg>
164 </seglistitem>
165 </segmentedlist>
166
167 <variablelist>
168 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
169 <?dbfo list-presentation="list"?>
170 <?dbhtml list-presentation="table"?>
171
172 <varlistentry id="config">
173 <term><filename>config-[linux-version]</filename></term>
174 <listitem>
175 <para>Contains all the configuration selections for the kernel</para>
176 <indexterm zone="ch-bootable-kernel config">
177 <primary sortas="e-/boot/config">/boot/config-[linux-version]</primary>
178 </indexterm>
179 </listitem>
180 </varlistentry>
181
182 <varlistentry id="clfskernel">
183 <term><filename>clfskernel-[linux-version]</filename></term>
184 <listitem>
185 <para>The engine of the Linux system. When turning on the
186 computer, the kernel is the first part of the operating system
187 that gets loaded. It detects and initializes all components of
188 the computer's hardware, then makes these components available
189 as a tree of files to the software and turns a single CPU into
190 a multitasking machine capable of running scores of programs
191 seemingly at the same time.</para>
192 <indexterm zone="ch-bootable-kernel clfskernel">
193 <primary sortas="b-clfskernel">clfskernel-[linux-version]</primary>
194 </indexterm>
195 </listitem>
196 </varlistentry>
197
198 <varlistentry id="System.map">
199 <term><filename>System.map-[linux-version]</filename></term>
200 <listitem>
201 <para>A list of addresses and symbols; it maps the entry points
202 and addresses of all the functions and data structures in the
203 kernel</para>
204 <indexterm zone="ch-bootable-kernel System.map">
205 <primary sortas="e-/boot/System.map">/boot/System.map-[linux-version]</primary>
206 </indexterm>
207 </listitem>
208 </varlistentry>
209
210 </variablelist>
211
212 </sect2>
213
214</sect1>
Note: See TracBrowser for help on using the repository browser.