从 Linux 发行版试图减少攻-击面,同时仍使用户无需重新编译内核即可运行旧版软件的角度来看,SUSE 已带头努力在启动时启用/禁用 x86 32 位支持(无论是否为 32 位) 可以执行 32 位用户空间程序和 32 位系统调用。 该代码已针对即将到来的 Linux 6.7 合并窗口提交。
Linux 内核已经具有“IA32_EMULATION”Kconfig 旋钮,用于在构建时切换 32 位支持,而大多数(所有?)Linux 发行版都启用它,以允许 32 位用户空间软件正常工作。 但 Linux 6.7 的新补丁允许在启动时选择性地启用/禁用它。 因此,未来 Linux 发行版可以选择默认关闭该支持,但如果用户想要运行 32 位旧版软件,则可以添加新的“ia32_emulation=1”启动时间标志来启用该支持,而无需 重建内核。 或者,服务器管理员可以决定更轻松地先发制人地禁用此 32 位支持。
这些针对 Linux 6.7 的补丁不会对默认策略进行任何更改。
此启动时间 ia32_emulation 控制是在周六的 Linux 6.7 x86/entry 更改中发出的。 该拉取请求还对快速系统调用返回验证代码进行了清理。
原文如下:
标题:Linux 6.7 Will Let You Enable/Disable 32-bit Program服务器托管网s Support At Boot-Time
From the perspective of Linux distributions trying to reduce their attack surface while still making it possible for users to run legacy software without recompiling their kernel, SUSE has spearheaded the effort forboot-time enabling/disabling of x86 32-bit supportfor whether 32-bit user-space programs and 32-bit system calls can be executed. That code has been submitted for the imminent Linux 6.7 merge window.
The Linux kernel already has the “IA32_EMULATION” Kconfig knob for toggling the 32-bit support at build time, while most (all?) Linux distributions leave it enabled for allowing 32-bit user-space software to work fine. But the new patches coming for Linux 6.7 allow optionally enabling/disabling it at boot time. So in the future Linux distributions could choose to have the support off-by-default but then users if they want to run 32-bit legacy software could add the new “ia32_emulation=1” boot time flag to have the support enabled without having to rebuild the kernel. Or alternatively, server administrators could decide to preemptively disable this 32-bit support more easily.
These patches for Linux 6.7 a服务器托管网ren’t making any default policy changes.
This boot time ia32_emulation control was sent out in Saturday’sx86/entry changesfor Linux 6.7. That pull request also has a clean-up to the fast syscall return validation code.
服务器托管,北京服务器托管,服务器租用 http://www.fwqtg.net
机房租用,北京机房租用,IDC机房托管, http://www.fwqtg.net
相关推荐: Helm实战案例二:在Kubernetes(k8s)上使用helm安装部署日志管理系统EFK
目录 一.系统环境 二.前言 三.日志管理系统EFK简介 四.helm安装EFK 4.1 helm在线安装EFK 4.2 helm离线安装EFK(推荐) 五.访问kibana5.1 数据分片 六.卸载EFK 七.总结 一.系统环境 本文主要基于Kubernet…
