readme: refer to impish kernel

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-09-28 07:08:37 +02:00
parent aaf2b2c31b
commit 5e8e351552

29
README
View File

@ -8,10 +8,6 @@ We currently use the Ubuntu kernel sources, available from:
Ubuntu will maintain those kernels till:
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
or
https://pve.proxmox.com/pve-docs/chapter-pve-faq.html#faq-support-table
whatever happens to be earlier.
Additional/Updated Modules:
@ -64,7 +60,7 @@ pve-kernel-meta
---------------
depends on latest kernel and header package within a certain kernel series,
e.g., pve-kernel-5.11 / pve-headers-5.11
e.g., pve-kernel-4.15 / pve-headers-4.15
git clone git://git.proxmox.com/git/pve-kernel-meta.git
@ -142,34 +138,45 @@ NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS)
CONFIG_BLK_DEV_RBD=m
- enable IBM JFS file system as module
requested by users (bug #64)
enable it as requested by users (bug #64)
- enable apple HFS and HFSPLUS as module
requested by users
enable it as requested by users
- enable CONFIG_BCACHE=m (requested by user)
- enable CONFIG_BRIDGE=y
to avoid warnings on boot, e.g. that net.bridge.bridge-nf-call-iptables is an unknown key
Else we get warnings on boot, that
net.bridge.bridge-nf-call-iptables is an unknown key
- enable CONFIG_DEFAULT_SECURITY_APPARMOR
We need this for lxc
- set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
because if not set, it can give some dynamic memory or cpu frequencies
change, and vms can crash (mainly windows guest).
see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273
- use 'deadline' as default scheduler
This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq.
This is the suggested setting for KVM. We also measure bad fsync
performance with ext4 and cfq.
- disable CONFIG_INPUT_EVBUG
Module evbug is not blacklisted on debian, so we simply disable it to avoid
key-event logs (which is a big security problem)
Module evbug is not blacklisted on debian, so we simply disable it
to avoid key-event logs (which is a big security problem)
- enable CONFIG_MODVERSIONS (needed for ABI tracking)
- switch default UNWINDER to FRAME_POINTER
the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS
- enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)