kernel config optimized
Giorgos Keramidas
keramida at ceid.upatras.gr
Tue Apr 20 07:42:16 PDT 2004
On 2004-04-19 14:31, "Kevin D. Kinsey, DaleCo, S.P." <kdk at daleco.biz> wrote:
> Brian Henning wrote:
> >The following is a copy of my kernel config file. I am trying to
> >optimize it as much as possible.
> >
> >do i need any of these psudo devices?
> >pseudo-device loop # Network loopback
>
> Most people would leave this in. I've no idea what might break
> without it, but I'll wager something might ... for example, what would
> you think of a box that couldn't find "localhost" with both hands? No
> lo, that's what you might well get ...
Yes please, leave it in!
There aren't many things that *do* depend on being able to connect to
localhost:* ports for doing useful work. However, one should be very
careful with this option. The loopback interface is considered so
'essential' to the Unix culture that a lot of things might implicitly
depend on it being there and working all the time. Examples of this
include programs like:
* Sendmail's local mail submission daemon (which listens for
connections to 127.0.0.1:25 by default).
* Caching name servers. My workstation at home runs, for
various reasons, a caching named service. This happens to
listen on 127.0.0.1:53 for incoming connections.
Other services might need to use the loopback interface too. It's not
as if the code of lo0 takes up a huge amount of memory or space.
Risking breakage now or in 'surprisingly unexpected moments' the future
just to save a few KB isn't worth the trouble IMHO.
> >pseudo-device ether # Ethernet support
> >pseudo-device sl 1 # Kernel SLIP
> >pseudo-device ppp 1 # Kernel PPP
> >pseudo-device tun # Packet tunnel.
>
> "tun" is necessary for userland PPP. If you take out "tun", "ppp",
> and "ether" as well as SLIP, what protocols do you figure on using?
> Are you planning on connecting to anything? (Note that I'm not saying
> there's no other way, but these are so common ....)
I usually remove only SLIP support from my kernels, since I prefer using
PPP if available and it generally *is* available at the places I had to
move my workstation (either PPP or some form of Ethernet connection).
> >pseudo-device pty # Pseudo-ttys (telnet etc)
A lot of things can break if you remove this. In fact, a lot of things
*will* break since pseudo-ttys are essential for a number of tasks that
are considered "very common" in every day Unix operation. For example,
without ptys you can't:
* Run xterm(1) or any other program that requires ptys, like
script(1) or screen(1).
* Connect to your machine over telnet, rsh, or ssh.
It's not a good idea to remove pty support from your kernel.
> I may be wrong, but wouldn't removing this cause remote access (most
> of it, ftp, telnet, ssh, etc.) to fail?
You're not mistaken.
> Most of your list is stuff that is generally standard and fairly
> essential ... if you've minimized down this far, I'd say you're
> getting close to small enough, wouldn't you?
True :)
Cheers,
- Giorgos
More information about the freebsd-questions
mailing list