On Fri, Sep 27, 2019 at 10:57:12 +0200, Jarom?r Dole?ek wrote: > Le jeu. 26 sept. 2019 ? 18:08, Manuel Bouyer <bou...@antioche.eu.org> a ?crit > : > > > > On Thu, Sep 26, 2019 at 05:10:01PM +0200, Maxime Villard wrote: > > > issues for a clearly marginal use case, and given the current general > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > This is where we dissagree. You guess it's marginal but there's no > > evidence of that (and there's no evidence of the opposite either). > > FYI - I've put also a lot of efford into fixing & enhancing > compat_linux in past. I also greatly appreciate all the work work of > other folks working on the layer, it's super useful in some situations > - browser with flash support used to be important (thankfully not > anymore), also vmware and matlab, I also used some Oracle dev tools. > However, that is not the topic of the discussion. > > Let's concentrate on whether it should be enabled by default.
Yes, please. This discussion has veered way off topic. > Given the history, to me it's completely clear compat_linux shouldn't > be on by default. Any possible linux-specific exploits should only be > problem for people actually explicitly enabling it. Let's just stop > pretending that we'd setup any kind of reasonable testing suite for > this - it has not been done in last >20 years, it's even less likely > to happen now that most of the major use cases are actually moot. > > As Maya suggested, let's keep this concentrated on COMPAT_LINUX only > to avoid further bikeshed flogging, so basically I propose doing this: > 1) Comment out COMPAT_LINUX from all kernels configs for all archs > which support modular > 2) Disable autoload for compat_linux, requiring the user to explicitly > configure system to load it. No extra sysctl. > > Any major and specific objections? At some point it became very hard to follow the technical content of this thread, but I don't think there were any. Thanks! -uwe