Installing monolithic kernel

[grooveman]

Hello.

I am trying to install gentoo on an IBM eserver xseries 305 with 1024 megs of ram and a 2ghz pentium IV processor.

This is going to be a firewall machine, and I am trying to keep security in the fore-front of my mind here. In this spirit, I want to compile the kernel with module support excluded -- that is, compile everything monolithically so no nasties can load modules they are not supposed to be loading.

I made a kernel for this machine that works fine, but uses modules. I have been struggling for a few days now on making one monolithic. I have tried everything, and I get one of two errors on boot:

1) It starts to uncompress the kernel image, but the screen goes black (and hangs) after isapnp scanning.
2) I get this error: Invalid compressed format (err=1) -- system halted.

I went over it at least a dozen times, and this last time I kept the old kernel config, edited it using vi, then substituted all "=m" with "=y", then did a make oldconfig. So I *KNOW* everything I need should be included since it has the same exact components as did the module-based kernel.

So what the heck is goin on here? Any Ideas?


Thanks


G
_________________
To look without without looking within is like looking without without looking at all.

[drjimmy42]

[Moled]

I remember reading something once that I think quoted alan cox saying that he had ways of getting modules into a kernel even with module support disabled

[BradN]

It would seem that if someone were in a position to load an unauthorized module, you would have bigger problems than them loading the module anyway...

At any rate, have you tried "make mrproper" on the source tree? It can fix some strange problems (although they typically show up during compilation). It'll wipe out your .config file, so back it up first.

If you're using lilo, you will have needed to reinstall lilo after updating the kernel file... what is your bootloader configuration like otherwise?

[grooveman]

drjimmy42: Yes, make bzImage: make clean bzImage modules modules_install (I know that there are no mods to install, I am trying different things here as I try to trouble-shoot this, so the last time I left module support in, but got rid of all the mods... strategies like that).

Moled: I have never heard this... If that is true, then one could certainly argue I am wasting my time here...

BradN: Yes, if that were true, someone could do some real damage --BUT it seems that most security hacks come from script kiddies and worms, and not living people. If the offending script says copy over this mod, then load it, we can stop them in their tracks right there. That is what I am looking for here.

No, I haven't tried a make mrproper.... I can try that, but I will be surprised if that works --but hey, it is worth a shot.

When you say reinstall lilo, you don't really mean re-install, right? You mean run it again: /sbin/lilo (assuming one has edited lilo.conf to his/her needs). I don't see why someone would need to completely reinstall it.... I am using lilo on this box, however (for old times' sake).

I am not sitting at the box right now, but the configuration of lilo worked for my modular kernel, and the kernel image names are the same... (bzImage).

Thanks for the input, one and all.

Any other ideas?

Thanks,


G
_________________
To look without without looking within is like looking without without looking at all.

[BradN]

Yeah, to clarify, you need to run "lilo" again. I take it you've done this already by the sound of it. This would sound like the most likely candidate for your problem though - it's as if lilo has loaded some of the wrong sectors and it can't be decompressed... It might be worth a shot to grab a grub bootdisk and try that sometime (you can enter all the commands into the grub command line without configuring it first, just to test), "just in case".

make mrproper (at least in a lot of cases I've seen) fixes issues where some dependencies of things that needed to be rebuilt for some reason weren't (or something like this), and it seemed to lead to modules built against the wrong symbol names. The problem would usually show up in "make modules_install" where it runs depmod.

2.6 might not have this problem with the updated build system, but 2.4 definitely does at times. Who knows what other problems could be caused by whatever happens wrong here... I'd say it's worth a shot. After spending a good while figuring out why my modules weren't right, I now run make mrproper every time now

[grooveman]

very, very, very, very, very, very strange...

I did a make mr. proper, reran lilo, and I get the same damn thing!

This just makes no sense to me.... The kernel has all the same options....




G
_________________
To look without without looking within is like looking without without looking at all.

[drjimmy42]

Kernel mailing list maybe?

Maybe they'll see something we don't.

[BradN]

Oops, I re-read your initial message, and it seems the kernel is loading and decompressing fine. You mentioned the last message you get is from isapnp... If you don't need isapnp (I would imagine that on a new server, you wouldn't), you could try disabling it to see if that works around the problem.

[grooveman]

Ok!

I found the problem...

Aparently, there was something conflicting in the framebuffer components. When they were modularized, the unnecessary components were ignored (loaded as needed), but when they were compiled in the kernel together, they caused some confusion -- Making my screen go blank.

I trimmed the fb stuff to an absolute minumum and worked from there. I guess the ISA pnp thing was just the last thing it did before it started the fb stuff.. It had nothing to do with anything.

What a pain! The system logger didn't even start at that point, so there were no logs to help me troublel-shoot.

Anyway, I really appreciate the input, and especially your time BradN and drJimmy. You are good eggs

Maybe one day I can return the favor.



G
_________________
To look without without looking within is like looking without without looking at all.