Indeed, as pointed out by other folks this "feature" was introduced in our very early days, when clients started to install Linux into LPARs with possibly tens of thousands of devices they would need if IPLing z/OS into it. Not only did it take long to boot, but we initially only operated on the first 1024 devices found, and didn't have plugging rules yet. And other z/OS holding permanent RESERVEs on shared ECKD devices it owned didn't help much either. We'd discussed whether to introduce black lists or white lists addressing the challenges at hand and eventually implemented both.
Much has changed since then and whether it should be a default or not is a valid discussion to have. You may consider it paranoia but its introduction served a purpose - and still does. If running under z/VM and/or if using Linux in LPAR with your IODF written in a way that only devices the LPAR is supposed to operate on are configured to it you can presumably safely turn it off. Best regards Ingo Ingo Adlung IBM Deutschland Research & IBM Distinguished Engineer Development GmbH Chief Architect, System z Vorsitzender des Aufsichtsrats: Virtualization & Linux Martina Koederitz mail: adl...@de.ibm.com Geschäftsführung: Dirk Wittkopp phone: +49-7031-16-4263 Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 Linux on 390 Port <LINUX-390@VM.MARIST.EDU> wrote on 12.01.2015 20:43:00: > From: Mike Walter <mike.wal...@aon.com> > To: LINUX-390@VM.MARIST.EDU > Date: 12.01.2015 20:43 > Subject: Re: [LINUX-390] cio_ignore vs Linux in System z > Sent by: Linux on 390 Port <LINUX-390@VM.MARIST.EDU> > > Thanks, Sam, Jay, Jim, Harley, and Mark (and anyone else who may > have replied since I looked at the log), > > There are no LPAR-only Linux servers running here, only those > running (RHEL) under z/VM. I suspected that cio_ignore was > something related to security (perhaps an auditor fearing that an > errant z/VM sysprog might attach a wrong device address to a guest, > or poor security rules coupled with use of VMCP would let the wrong > Linux user access the wrong devices), or performance. It appears > that the performance issue was the culprit, but not one of concern > for me with only z/VM guests. > > I've shared the suggestions with our zLinux admins, who will > probably make dynamic updates for the few PoC guests currently > running, and the next Golden Image(s). > > Have to love this list, thanks again! > > Mike Walter > Aon Corporation > The opinions expressed herein are mine alone, not necessarily those > of my employer. > > > > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/