Barebone kernel options request
galtsev at kicp.uchicago.edu
Mon Mar 11 16:03:11 UTC 2019
On 3/11/19 10:56 AM, tech-lists wrote:
> On Mon, Mar 11, 2019 at 01:54:48PM +0000, Carmel NY wrote:
>> Just out of some sort of morbid curiosity, I would be interested in
>> knowing exactly what problem the OP is trying to correct or alleviate
>> here. If his storage, memory or whatever resources are stretched to the
>> limit, he would be better served by purchasing a newer, more powerful
>> machine. "You can't make a silk purse out of a sow's ear."
> I dunno if this applies to the OP but I also compile custom kernels and
> world for some machines. My basic reasons:
> 1. I want available only what is needed, for the os/machine's purpose,
> so that there's more resources for the machine's job. Each disabled
> option means that some resource of some type, however tiny, becomes
> available. These add up.
> 2. Having only what you need means you have less to maintain, which is
> important for security. I guess it makes the "vulnerability surface"
> smaller, at least in theory.
I mostly achieve that by running these things in jails. Sometimes I have
multiple jails representing one "server" - with the same IP, say, these
may be in separate jails: shell (where users can ssh to), www, mail,
Just my $0.02
> 3. It might be the case that the machine I'm maintaining isn't mine, so
> the option to "buy better hardware" is out of the question.
> Being able to tailor the OS for exactly the requirement in hand is a
> major plus point in favour of FreeBSD for me. point #2 above is
> particularly relevant for an internet-facing machine.
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the freebsd-questions