BOUNTY: Custom kernel config for PVE KVM's

JustaGuy

Renowned Member
Jan 1, 2010
324
2
83
I've customized my linux-4.0.4 kernel for use with a KVM guest w/ virtio & VMWare display. The .conf is here: http://pastebin.com/JNdZ8VnN

I'm posting it here in hopes that someone w/ more experience w/ configuring kernels could edit the .conf file as I have it configured such that it's more appropriate for use in the KVM guest.

I'm just not familiar enough with all the options & the hardware of one of our KVM VM's.

If it works, I can PayPal or Bitcoin you a free coffee.

-Thanks,
-J
 
Maybe I'm missing your point but why compile a new kernel ?
Debian and Centos already has vmware and virtio virtual devices available as modules. Why compile a new kernel ? To save a few kilobytes of RAM is not worth the hassle, and you will not getter better performance.
To the best of my knowledge, the VMware display driver is an Xorg driver, also available in Debian and Centos. So it looks like the work has already been done :)
 
I have a heavily customised kernel which i use inside of KVM, based on the gentoo hardened-sources (includes a number of additional security features).. The config is available at http://www.firenzee.com/config-4.0.5-hardened and if applied to a generic kernel source tree will just ignore the extra features.

I use serial console on my linux images, so my kernel has display support disabled... You can access the serial console both from the proxmox gui and from the shell using ssh, which makes it more useful for me (e.g. usable on a slow connection where a vnc connection would be too slow, or from a phone where vnc is more cumbersome).

Obviously this is *my* custom kernel, built to suit my requirements and therefore may not suit yours...

As for why build a custom kernel:

It may only save a few kilobytes of ram but multiply that by the number of VMs running on the physical host...
Bootup can be a bit quicker because it's not looking for hardware that will never exist, plus it doesn't have to load and process an initrd.
Turning off unused features decreases the chance of kernel vulnerabilities being exploitable.
I've always disliked inefficiency and wastage.