This Time Self-Hosted
dark mode light mode Search

Tips & Tricks: building the kernel as user

One of the interesting changes in 2.6.19 seems to be that building the kernel as root is now totally discouraged, although on Gentoo we more or less just allow the kernel to be built from root already.

But as I’m a concerned person, I thought it would be neat to be able to build it as user with the least change possible… which means without touching anything Portage does.

The solution comes with ACLs, that I’m already using for a few things out there (like allowing the webserver to write on my user’s home (in a restricted directory) in Farragut to store the cache for the blog, without using 777 permission, or allowing my user to access the data stored on another user’s name (needed for my daily job) without having to chown it around.

So, the trick is to enable acl for the partition you have /usr in, and then run the following command:

setfacl -d -m g:wheel:rwx /usr/src

to allow users in the wheel group to write on /usr without being root. Now merge the kernel, and you’ll be all set.. you could also change the permissions for all the directories on an already installed source tree, but it’s kinda slow and boring:

find /usr/src -type d | xargs setfacl -d -m g:wheel:rwx
find /usr/src -type f | xargs setfacl -d -m g:wheel:rw

so I’ve just changed it for the 2.6.19 tree.

You might not want to entrust all the users in the wheel group with access to the kernel source tree (neither I do, even if I don’t have any other user on my system), in which case you can replace “g:wheel” with “u:youruser” and it will work only for the given user.

This saves me from having to deal with scim’s panel for root every time I try a “make xconfig” 🙂

Edit: of course there was an error, the first command had to be run on /usr/src, not /usr :/ Thanks Fabrizio.

Comments 3
  1. Better than building the kernel in /usr/src/linux, is to set ‘O’ when running make.mkdir -p ${HOME}/my-kernelcd /usr/src/linuxmake -O=${HOME}/my-kernel xconfigmake -O=${HOME}/my-kernelObviously installation of modules and the kernel itself remain privileged:cd ${HOME}/my-kernelsudo make modules-installsudo <whatever you=”” do=”” to=”” install=”” your=”” kernel=”” image=”” etc=””>The Makefiles, along with the .config file and everything generated are stored in ${HOME}/my-kernel, so you can build differently configured (indeed differently targeted) kernels from the same source tree just by supplying different directories.Obviously the sources have to be readable by whoever is building the kernel – but the kernel sources are not a secret so there’s no harm in having them 644.Gentoo ebuilds for external kernel modules cope with this as well – set KBUILD_OUTPUT and KERNELPATH (KERNELPATH is legacy I think; may no longer be relevant) to the kernel build directory (e.g. ${HOME}/my-kernel) in make.conf.

  2. er – ok – obviously stick newlines between the commands that got merged into one line by the blog s/w!

  3. Kevin, please be aware that some external kernel modules could not be emerged using the method you’ve just described, for example, dazuko. However, the problem of dazuko is very easy to fix. I will post a patch to later.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.