On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht <nsebre...@piing.fr> wrote: > The 21/02/14, hasufell wrote: > >> So you are saying compiling a minimal kernel to minimize exposure to >> subsystem bugs is only obscurity? (I really wonder what Greg would say >> to this) > > Developers made the kernel to rely on modules. Distributions relies on > them. Since they are almost always loaded on demand, Gentoo does not > make things better in this area, either. > > -- > Nicolas Sebrecht >
Actually, they're loaded on demand when they: a) Are enabled (the kernel doesn't rely on modules, it offers them for versatility, though some user space code does rely on them, i.e. virtualbox, a few drivers for X, etc) b) Are built for that particular kernel c) That kernel has all the dependencies in place to support them d) The tools to load them exist in user space e) They're not specifically blacklisted in user space (assuming a loading mechanism that honors that) Unless it's changed when I wasn't looking, it's entirely possible to build a kernel with module loading disabled entirely and restrict the set of code to be run in kernel space to an explicitly defined series of kernel options. I say "when I wasn't looking" because I use modules to trim down how much of iptables is constantly loaded on my router for rules there I don't use and the only other places I have Gentoo are my multitude of laptops, where the versatility of building and loading a module to test out yet another toy someone has on hand around me, without a reboot in many cases, is incredibly handy. -- Poison [BLX] Joshua M. Murphy