Re: building 2.6.35
On Fri, 13 Aug 2010 10:11:33 -0400 (EDT), Celejar wrote:
> On Thu, 12 Aug 2010 12:34:34 -0400 (EDT), Stephen Powell wrote:
>> ...
>> I suppose the most secure method would be to create an id just
>> for kernel building which is a member of group src and its login
>> group, and that's it.
>
> How about copying the source to an unprivileged location, assuming you
> have the space?
Yes, that is an option also; but it too has drawbacks, especially if
you are building out-of-kernel-source-tree module packages in addition
to your kernel package. Here's an excerpt from one of my previous posts
on this thread:
(3) If I am using out-of-kernel-source-tree module source packages,
I have to copy them too. By default, the source code installs to
/usr/src/modules, I think. All the same issues arise here. And
then I have to use the $MODULE_LOC environment variable to tell
make-kpkg where to find the module source code. More overrides.
It's just simpler to be root and do everything in its default location.
Then of course there are disk space requirements, if the source is
copied instead of moved. "Every solution breeds more problems."
(author unknown)
The latest version of my kernel building web page, revised yesterday
(http://www.wowway.com/~zlinuxman/Kernel.htm), recommends unpacking,
configuring, and compiling the kernel from its default location
as a non-root user which is a member of group src. It can be the
system administrator's non-superuser self or an id created
specifically for kernel building that is enrolled in group src,
at the administrator's discretion. I have tested the procedure,
and it works. That's my current recommendation. Obviously, you
are entitled to disagree if you like.
--
.''`. Stephen Powell
: :' :
`. `'`
`-
Reply to: