1.4. Customising a Kernel
Prev Chapter 1. The Linux Kernel Next

1.4. Customising a Kernel

1.4.1. Loading Kernel modules

Loadable modules are inserted into the kernel at runtime using various methods.

The modprobe tool can be used to selectively insert or remove modules and their dependencies.

The kernel can automatically insert modules using the kmod module. This module has replaced the kerneld module.

When using kmod the kernel will use the tool listed in /proc/sys/kernel/modprobe whenever a module is needed.

Check that kmod has been selected in the source tree as a static component:

grep -i kmod /usr/src/linux/.config
CONFIG_KMOD=y

When making a monolithic kernel the CONFIG_MODULES option must be set to no.

1.4.2. The /proc/ directory

The kernel capabilities that have been selected in a default or a patched kernel are reflected in the /proc directory. We will list some of the files containing useful information:

/proc/cmdline

Contains the command line passed at boot time to the kernel by the bootloader

/proc/cpuinfo

CPU information is stored here

/proc/meminfo

Memory statistics are written to this file

/proc/filesystems

Filesystems currently supported by the kernel. Notice that by inserting a new module (e.g cramfs) this will add an entry to the file. So the file isn't a list of all filesystems supported by the kernel!

/proc/partitions

The partition layout is displayed with further information such as the name, the number of block, the major/minor numbers, etc

/proc/sys/

The /proc/sys directory is the only place where files with write permission can be found (the rest of /proc is read-only). Values in this directory can be changed with the sysctl utility or set in the configuration file /etc/sysctl.conf

/proc/sys/kernel/hotplug

Path to the utility invoked by the kernel which implements hotplugin (used for USB devices or hotplug PCI and SCSI devices)

/proc/sys/kernel/modprobe

Path to the utility invoked by the kernel to insert modules

/proc/sys/kernel/overflowgid[uid]

Maximum number of users on a system. The filesystem uses 16 bits for the user and group fields, so the maximum is 216 = 65534 which is usually mapped to the user nobody or nfsnobody more recently

/proc/modules

List of currently loaded modules, same as the output of lsmod

1.4.3. Task

Patch the linux-2.4.22-1.2149.nptl kernel to support Extended Attributes and Posix Access Control Lists (ACL) for ext2 and ext3 filesystems.

ACLs are beyond this course. All we need to know is that they provide a greater flexibility for directory and file permissions on the filesystem allowing, for example, several groups to access resources with different permissions.

[Warning]Warning

This patch will fail on older kernel versions (e.g linux-2.4.22-1.2115.nptl)

Install the 2.4.22-1.2149.nptl kernel and point the /usr/src/linux link to the new source. Then do:

cd /usr/src/linux
bzcat /usr/src/ea+acl+nfsacl-2.4.22-0.8.65.patch.bz2 | patch -p1 dry-run

If there are no error messages then run patch with no dry-run option. Next, we compile the new kernel:

  1. Use an editor to add EXTRAVERSION=-acl to the Makefile

  2. make mrproper
cp configs/kernel-2.4.22-i686.config .config
make oldconfig    # (answer y to all questions relative to ACLs)
make dep bzImage modules modules_install

1.4.4. A quick test

Once you have rebooted with the new kernel, add the acl option into /etc/fstab on any ext3 filesystem

LABEL=/usr   /usr       ext3    defaults,acl    1 2

You can then use the setfacl to add assign permissions for different groups on the same directory.

We first create two groups eng and sales:

groupadd eng
groupadd sales

Then add a directory called /usr/NEWS:

mkdir /usr/NEWS

The getfacl is a tool that lists ACL privileges. So before we do anything lets look at the following output:

getfacl /usr/NEWS
# file: share
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Next add rwx permissions on NEWS for the group sales:

setfacl -m g:sales:rwx NEWS/

List the ACL privileges:

getfacl NEWS/
# file: NEWS
# owner: root
# group: sales
user::rwx
group::r-x
group:sales:rwx
mask::rwx
other::r-x

Finally add r-x permissions for the group eng and list the permissions:

setfacl -m g:eng:r-x NEWS/

getfacl NEWS/
# file: NEWS
# owner: root
# group: sales
user::rwx
group::r-x
group:sales:rwx
group:eng:r-x
mask::rwx
other::r-x

The kernel patch has worked.

[Note]Note

The above tools are not in the 201 objectives.

Prev Up Next
1.3. Patching a Kernel Home Chapter 2. System Startup