On Tue, Jul 23, 2002 at 12:38:03PM +0200, Stephan Uhlmann wrote:

Also makes me wonder what else is in the kernel binary and not in the sources.

Compiling the kernel on SuSE takes some getting used to. Basically what you need to do is get the k_deflt or k_smp source RPM (or whatever it is you're using), and start from there. At the top of the spec file, there's a line saying "neededforbuild" which contains a list of RPMs you need for building this RPM. In the case of k_deflt this lists, among others kernel-source km_freeswan lots of other km_* packages kernel-source is where the kernel source proper comes from, with all patches required by SuSE. The km_* (binary!) packages contain the kernel module sources that should be compiled along with the main kernel. Each of these km_ modules creates a directory below /usr/src/kernel-modules/, and the build instructions from your k_deflt spec file process these subdirectories one by one. Doing what you want to do is probably a bit difficult with this sort of setup :) You'd probably have to apply the freeswan patches manually and use the defconfig file from k_deflt or something. An easier approach may be to put all modules you want to load into the initrd and patch /sbin/init to drop the CAP_SYS_MODULES capability. Maybe you don't even need to mess with initrd and patching init; loading your modules and echoing the appropriate value to /proc/sys/kernel/cap-bound very early in the /etc/init.d/boot script may do the trick, too. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann