kernel config optimized

Giorgos Keramidas keramida at
Tue Apr 20 07:42:16 PDT 2004

On 2004-04-19 14:31, "Kevin D. Kinsey, DaleCo, S.P." <kdk at> wrote:
> Brian Henning wrote:
> >The following is a copy of my kernel config file. I am trying to
> >optimize it as much as possible.
> >
> >do i need any of these psudo devices?
> >pseudo-device loop     # Network loopback
> Most people would leave this in.  I've no idea what might break
> without it, but I'll wager something might ... for example, what would
> you think of a box that couldn't find "localhost" with both hands?  No
> lo, that's what you might well get ...

Yes please, leave it in!

There aren't many things that *do* depend on being able to connect to
localhost:* ports for doing useful work.  However, one should be very
careful with this option.  The loopback interface is considered so
'essential' to the Unix culture that a lot of things might implicitly
depend on it being there and working all the time.  Examples of this
include programs like:

	* Sendmail's local mail submission daemon (which listens for
	  connections to by default).

	* Caching name servers.  My workstation at home runs, for
	  various reasons, a caching named service.  This happens to
	  listen on for incoming connections.

Other services might need to use the loopback interface too.  It's not
as if the code of lo0 takes up a huge amount of memory or space.
Risking breakage now or in 'surprisingly unexpected moments' the future
just to save a few KB isn't worth the trouble IMHO.

> >pseudo-device ether    # Ethernet support
> >pseudo-device sl 1     # Kernel SLIP
> >pseudo-device ppp 1    # Kernel PPP
> >pseudo-device tun      # Packet tunnel.
> "tun" is necessary for userland PPP.  If you take out "tun", "ppp",
> and "ether" as well as SLIP, what protocols do you figure on using?
> Are you planning on connecting to anything? (Note that I'm not saying
> there's no other way, but these are so common ....)

I usually remove only SLIP support from my kernels, since I prefer using
PPP if available and it generally *is* available at the places I had to
move my workstation (either PPP or some form of Ethernet connection).

> >pseudo-device pty      # Pseudo-ttys (telnet etc)

A lot of things can break if you remove this.  In fact, a lot of things
*will* break since pseudo-ttys are essential for a number of tasks that
are considered "very common" in every day Unix operation.  For example,
without ptys you can't:

	* Run xterm(1) or any other program that requires ptys, like
	  script(1) or screen(1).

	* Connect to your machine over telnet, rsh, or ssh.

It's not a good idea to remove pty support from your kernel.

> I may be wrong, but wouldn't removing this cause remote access (most
> of it, ftp, telnet, ssh, etc.) to fail?

You're not mistaken.

> Most of your list is stuff that is generally standard and fairly
> essential ... if you've minimized down this far, I'd say you're
> getting close to small enough, wouldn't you?

True :)


- Giorgos

More information about the freebsd-questions mailing list