Solved NULLFS missing from the GENERIC file

[max21]

Would anyone know why the FreeBSD Development team removed NULLFS from GENERIC kernel? I did not pay attention of it being missing until now.

I had to compile this in the GENERIC kernel back in the 9x something days.

option GEOM_ELI
option NULLFS

Maybe I did not need it at all because I did not touch the 10.0 or the 10.1 kernel and I was still able to encrypt the swap slice.

/dev/ada0s1b.eli	/	swap	sw	0	0

I'm not really sure that it had anything to do with this, or not. I'm just wondering if it will be a mistake to put NULLFS back in the file? I want to compile my new kernel tonight with less unused devices as possible.

 

[nakal]

Why not kldload(8) it?

kldload nullfs

or in loader.conf:

nullfs_load="YES"

Stick with GENERIC whenever possible!

 

[max21]

That's an excellent question nakal. Here's a link I am reading up on now. I'm hoping to learn that it can be a very controllable pass-through because I have read here at some threads that it poses a security risk. This links talks about other pass-through also. I want to use it for jails that only have a single process in each. They will not be users jails.

http://www.systhread.net/texts/200702nullfs1.php

 

[SirDice]

As far as I've been able to find it never was part of GENERIC. At least not on 8.x, 9.x and 10.x.

 

[max21]

Hi SirDice, I use to use custom Generics found on the INTERNET back than so that's where it came from.

After this crash-course I understand the pitfalls of NULLFS.

http://www.cvedetails.com/vulnerabi...-7/version_id-152069/Freebsd-Freebsd-9.2.html

It don't seem to be a way around it. I think I use kldload nullfs or nullfs_load="YES" for now since I'm not into developing file-systems. But I wonder if it would be safe enough when using only for (bug-less) processes in jails (if that ever become possible).

 

[SirDice]

Hi SirDice@, I use to use custom Generics found on the INTERNET back than so that's where it came from.

Custom kernels should never be called GENERIC to avoid this kind of confusion.

 

[wblock@]

"So you're not named Bruce, then? That'll cause some confusion."

 

[max21]

I was rudely interrupted last night and did not get to this last line. Today, just now, I read this:

Stick with GENERIC whenever possible!

So that was the answer I was hoping for. I thought it was included than removed from GENERIC by Development and that made me concern (my bad). Either way, now I know it is safe to compile it into kernel. Thanks a lot nakal.

Sorry about all the confusion guys.

Yours truly

Bruce