[CS-FSLUG] Have You Built a Custom Kernel and Why?

Tim Young Tim.Young at LightSys.org
Mon Jan 23 12:36:32 CST 2012 

I have done a number of custom kernels.  I usually recommend against 
it for a number of reasons, unless you really find it will help...

The default kernel has lots of "modules", each module is the driver 
for certain sets of hardware.  A custom kernel allows you to have 
hardware that is not-by-default supported on your release.

There are a number of security patches that you can apply to a 
kernel, if you want to run a firewall or something.  Selinux now 
allows you to do many of those same security features, but in an 
"easier to manage" way than building a custom kernel.  But I do know 
of people who have custom build kernels so that they have a lot of 
much better security on their Linux box.

While the out-of-the-box kernels are generically optimized for your 
computer (i686, i386, etc), each CPU has different features.  
Compiling a kernel for a specific computer can get that computer to 
run faster.  For the most part, however, I find this is a silly 
argument.  Most Linux boxes hover around %2 CPU usage.  The 
improvement of a few clock-cycles is not going to make a huge 
difference.  When you are really using a computer heavily, the 
bottlenecks are rarely the kernel, but rather memory and HD access.  
So I do not think you get much of a performance gain by building a 
custom kernel.

The down-sides to a custom kernel, as I see them, are primarily due 
to the difficulty in keeping the computer updated.  I have seen 
people have a lot of fun rebuilding a kernel one time, but then they 
realize that, now, every time they want to update to a newer kernel, 
they need to rebuild it again.  Once is fun.  Once a month is a 
pain.  Usually, people who build custom kernels end up only updating 
the kernel every so often, which can result in various security 
patches not being applied regularly.  On most home computers which 
are behind firewalls, this is usually not a huge deal.  But for 
servers, especially web or email servers that have holes punched 
through firewalls so people can access the computer remotely, this is 
a big deal.  Most Linux hacking where the hacker gains root is 
because the hacker is able to connect to a server, gain "unprivileged 
access" (a non-root user), and then use that access to attack through 
"unpatched vulnerabilities."  One of the best things you can do for a 
system is keep it updated.  Building a custom kernel keeps many 
people from updating their system, therefore I think it is a bad 
idea.  ;)

By two cents,

     - Tim Young

On 1/23/2012 11:52 AM, Don Parris wrote:
> As I am gearing up for one of the Linux certs, I was reading a 
> chapter on building a custom kernel.  I did not follow the 
> exercise, as I honestly feel I need a pretty compelling reason to 
> build a custom kernel, other than "just because I can".  I did do 
> this years ago with the Mach kernel that ran under Red Hat 5, but 
> have never really seen the need to do so again.  I think simply 
> modifying the loading of modules (something else I have done at 
> least once or twice) is sufficient in most cases.  I am certain 
> there are really compelling reasons to build a custom kernel, though.
>
> I am curious to know if any of you have actually built a custom 
> kernel, and what advantages (if any) this gave you over (a) the 
> default kernel and (b) a comparable Windows system.  I ask about 
> Windows, because - as far as I know, no one can build a custom 
> kernel (since we cannot access the source code).  To build a custom 
> kernel "just because you can" - even though that, in and of itself 
> is a great thing - is not good enough for this question.  I want to 
> know if your custom kernel made Windows look even slower than 
> molasses or if you gained some special feature that is not normally 
> needed, or that does not exist in Windows.  Any compelling cases 
> out there for building a custom kernel?
>
>
> Blessings,
> Don
> -- 
> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
> Minister, Security/FM Coordinator, Free Software Advocate
> https://www.xing.com/profile/Don_Parris  | 
> http://www.linkedin.com/in/dcparris
> GPG Key ID: F5E179BE
>
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com

More information about the Christiansource mailing list