12.3.1. Installation of the kernel
A number of vulnerabilities have come to light after the stable
kernel team stopped supporting 2.6.24. The following patch
addresses them:
patch -Np1 -i ../linux-2.6.24.7-security_fixes-1.patch
Building the kernel involves a few steps—configuration,
compilation, and installation. Read the README file in the kernel source tree for
alternative methods to the way this book configures the kernel.
Prepare for compilation by running the following command:
make mrproper
This ensures that the kernel tree is absolutely clean. The kernel
team recommends that this command be issued prior to each kernel
compilation. Do not rely on the source tree being clean after
un-tarring.
Configure the kernel via a menu-driven interface. Please note that
the udev bootscript requires "rtc" and "tmpfs" to be enabled and
built into the kernel, not as modules. CBLFS has some information
regarding particular kernel configuration requirements of packages
outside of CLFS at http://cblfs.cross-lfs.org/:
make menuconfig
Alternatively, make
oldconfig may be more appropriate in some
situations. See the README file for
more information.
If desired, skip kernel configuration by copying the kernel config
file, .config, from the host system
(assuming it is available) to the root directory of the unpacked
kernel sources. However, we do not recommend this option. It is
often better to explore all the configuration menus and create the
kernel configuration from scratch.
Compile the kernel image and modules:
make
If using kernel modules, an /etc/modprobe.conf file may be needed.
Information pertaining to modules and kernel configuration is
located in the kernel documentation in the Documentation directory of the kernel sources
tree. Also, modprobe.conf(5) may be
of interest.
Be very careful when reading other documentation relating to kernel
modules because it usually applies to 2.4.x kernels only. As far as
we know, kernel configuration issues specific to Hotplug and Udev
are not documented. The problem is that Udev will create a device
node only if Hotplug or a user-written script inserts the
corresponding module into the kernel, and not all modules are
detectable by Hotplug. Note that statements like the one below in
the /etc/modprobe.conf file do not
work with Udev:
alias char-major-XXX some-module
Because of the complications with Udev and modules, we strongly
recommend starting with a completely non-modular kernel
configuration, especially if this is the first time using Udev.
Install the modules, if the kernel configuration uses them:
make modules_install
After kernel compilation is complete, additional steps are required
to complete the installation. Some files need to be copied to the
/boot directory.
Issue the following command to install the kernel:
cp -v arch/i386/boot/bzImage /boot/clfskernel-2.6.24.7
System.map is a symbol file for the
kernel. It maps the function entry points of every function in the
kernel API, as well as the addresses of the kernel data structures
for the running kernel. Issue the following command to install the
map file:
cp -v System.map /boot/System.map-2.6.24.7
The kernel configuration file .config
produced by the make
menuconfig step above contains all the
configuration selections for the kernel that was just compiled. It
is a good idea to keep this file for future reference:
cp -v .config /boot/config-2.6.24.7
It is important to note that the files in the kernel source
directory are not owned by root.
Whenever a package is unpacked as user root (like we do inside the final-system build
environment), the files have the user and group IDs of whatever
they were on the packager's computer. This is usually not a problem
for any other package to be installed because the source tree is
removed after the installation. However, the Linux source tree is
often retained for a long time. Because of this, there is a chance
that whatever user ID the packager used will be assigned to
somebody on the machine. That person would then have write access
to the kernel source.
If the kernel source tree is going to retained, run chown -R 0:0 on the linux-2.6.24.7 directory to ensure all files are
owned by user root.
![[Warning]](../images/warning.png)
Warning
Some kernel documentation recommends creating a symlink from
/usr/src/linux pointing to the
kernel source directory. This is specific to kernels prior to the
2.6 series and must not be
created on a CLFS system as it can cause problems for packages
you may wish to build once your base CLFS system is complete.
Also, the headers in the system's include directory should always be the ones against which Glibc
was compiled (from the Linux-Headers package) and should
never be replaced by the
kernel headers.