From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3B382158020 for ; Sun, 23 Oct 2022 15:05:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DABFCE091F; Sun, 23 Oct 2022 15:05:06 +0000 (UTC) Received: from mout.web.de (mout.web.de [217.72.192.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3EB1EE08F6 for ; Sun, 23 Oct 2022 15:05:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1666537499; bh=fUuu27YT+hEHkB7p8npT0TwP2dBIchkMe7Oy4pTkSts=; h=X-UI-Sender-Class:From:To:Subject:Date:In-Reply-To:References; b=cJrxzOePrrhPwDLRGBFIC0KlqaciNmZSKO1BA6JyAs8jKMRfrhyN0+rSAHumY0k1u 8IqF6L7VuyYVXk+f9gzJh6EPVa2Cg+JPbCUvt+/f5O05Pu1cQWR61ALyYsRKt/w6zx 7K392bZWq4CRs5DWdg5aVnOhV31xcOgR3uxl9s12syBducE8CgvUB7kJ1yxrhNW2AD CpAG0zaq8j5we+QnA9OqhNIuwy8YgmeV5sfA5+B/e45VM3sJN9R4TrmLWH+IlD5TDZ tO9DtUtPp6WZRcqdRT/cFL9Sg54atj5DTVgqiV/347qvpHlJPP687KpyF/MAHf4Rau 2b0G4PwFMzxyQ== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from big.localnet ([87.143.239.79]) by smtp.web.de (mrweb106 [213.165.67.124]) with ESMTPSA (Nemesis) id 1N8Vop-1p8QqQ18ef-014GkO for ; Sun, 23 Oct 2022 17:04:59 +0200 From: Peter =?ISO-8859-1?Q?B=F6hm?= To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How to disable the modules service? Date: Sun, 23 Oct 2022 17:04:58 +0200 Message-ID: <12080132.O9o76ZdvQC@big> In-Reply-To: <25429.19845.935650.644014@tux.local> References: <20221023095600.gaoyw56xtxiclecd@localhost> <2652251.mvXUDI8C0e@big> <25429.19845.935650.644014@tux.local> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" X-Provags-ID: V03:K1:IkWhuY3SMQnHvvjZEarzRVhWLAZw4aAm3YHjGd/JujjjWfKQSg4 UA9OHLHJ7zlfeQRckaAelFDOPL+3T9MqvoXjYUZQ6Wr+FtcIOAI3bRy5qtT5l/6OPucBL+y uOqrZk5parzn4pY9w7l5D2zveL/daxYp38uIVyKfMYDTsvhntpHT056ezWlAHS3VdWtxhH5 PcOQsMFv2gDkfeh9++I5g== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:9SoO7FoIs5g=;zhMgAYYnDfeUja4NGWuIG8S0ZEY Wzd+UV51OZidNQ28nJeiuqqGH7XfDTAGFKS8PLS5t3E/wKTf8c/Pa6odxVLBfh81DcrJPz3rN 8BuK8I+K9u5uP+Tn3PFJETCP2MPVmjXUElmCG7WcXtf2eJMRpeVLorZoG0cIpgKrrKLTSQ597 uUQgX/K9Ut/Wf2WR4E6ItBF7oHNb3IjBCcKs25DzkR1oqtFvW3wCddHvg1ea7o+uFkX/9XUF3 rbEJliIfRY0hJw17V8iLRlNKs/6R2K0kQpb0sFY7bfGNWOybpUZeQ6WePxpFxwtCBEpfwrQD6 gkoqJ7pI7mAC5HKaqmf/0l7DnDCEWbitF8IZP8yoQ7GRZSDehM9SX+zyAtykosQUJaBWzsFpT IqwLxc5w8OQS8iZ3RU3/zrEeWIQb8lpLHSr9YMpzB2L19S3N1ZJKGkJnlpOsHLBPTj/whxyMc Bhi3aO2rUMZsEzKDquxEWQ6/1aJXkiF3RuiCLkSptnrpSkh6lIAKfMF+c8Vn7B4gOO9pKFbzW nCfBWGySUKofWED1XDS61JvIA4d4a+5PFgxFwW5gJAlVcLU/p2afzUgmNtTithl3HFF/yIUtc fqSpLAp0qx+ESVbeTXOkSviLGzPG5Dj2QcsCAFj5LyMmMO+UrZEZ4qk3KFqGfWEe51uS0Lnve gIoju7EJRu0QFZielIyA8O0rJ6Ybdh20LOe7JYdfzyHq7p0Vk/gkNf7xuZCbvFxiJv5YigIzk 1x80G8M+8eM2YO2ewdBlOvyHfux3z2QGWnGFktjNpAr22/63obiMO1j8EvW2SP7kUuS6G5KTY Mwkofnvhn8oydc3Y42FTN9MFVC7oYvd2UM0YMdgbpMFI2p/EY3zmZcWzbc6odAAzBarKb2XZK VJt47FO3XfKaZuS6R0UN0Rjp+76mI6OXdLMdNqWBdOIeRkxaHFYRU7IWFXYVp6mpGclqe4yVK fRNLDthB2gZpzB55E7+FA1t+jK4= X-Archives-Salt: 9719db12-1746-4e60-a14f-7a21f58fe484 X-Archives-Hash: eec9e1077ea0ab2895fd6ff4e879c0c1 Rainer, the handbook still recommends to build sound modules (and many many others= ) as module, because it is easier than doing a static configuration. Now, you c= an ask, why someone wants to build it static into the kernel. The answer is: Security ! Maybe you know this wiki article: https://wiki.gentoo.org/wiki/Signed_kernel_module_support This is a pre-condition for enabling LOCKDOWN in the kernel ... OR ... you have NO modules support (=3Dmonolithic kernel) ! So, you have the choice w= hich way you want to go. I am using a monolithic kernel also. Dont try to enable lockdown in your kernel if you use unsigned modules. ;-) I wrote a big warning in my wiki article: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/ Kernel_Hardening_with_KSPP Regards, Peter Am Sonntag, 23. Oktober 2022, 16:19:49 CEST schrieb Dr Rainer Woitok: > Peter, > > On Sunday, 2022-10-23 12:45:42 +0200, you wrote: > > ... > > we have a wiki article for this: > > https://wiki.gentoo.org/wiki/Kernel_Modules#Going_completely_.22module= -les > > s.22 > When I built my first Gentoo system in 2019, the Handbook instructed to > build anything sound related as modules, if I remember correctly. Is > this no longer true? > > Sincerely, > Rainer