On Wed, 2 Aug 2017, Kamil Rytarowski wrote: <snip>
I think we can go into a different direction. Instead of disabling the code - we could turn all compat_ into dynamically loadable modules. I would profit from it for functional out-of-the-box compat for older NetBSD releases (a.out executables).
Most of the compat code is already available as dynamically-loadable modules. But there are a few exceptions. See my PRs kern/51597 and kern/52193 for a couple examples.
For security purposes people can raise securelevel and prevent any modules from insertion into the kernel.
They can also adjust kern.moudle.autoload to enable/disable automatic loading of modules (modulo securelevel).
+------------------+--------------------------+----------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org | +------------------+--------------------------+----------------------------+