Facilitating binary kernel upgrades
Richard Bejtlich
taosecurity at gmail.com
Fri Nov 4 12:38:12 PST 2005
Hello all,
I have become a fan of Colin Percival's freebsd-update, which allows
binary updates of the GENERIC kernel and unmodified userland.
Binary kernel updates are not possible if I modify my kernel to
include support for IPSec or NAT, e.g.
device crypto
options FAST_IPSEC
options IPFIREWALL
options IPDIVERT
After speaking with Colin, he mentioned that IPSec, NAT, and disk
quotas (enabled via options QUOTA) are the three most popular kernel
changes that prevent people from running GENERIC and hence using
freebsd-update for binary kernel updates.
Can anyone shed light on why those three features are not available in GENERIC?
Thank you,
Richard
http://www.taosecurity.com
More information about the freebsd-stable
mailing list