Linux Systems & Kernel Engineering-A 24-Week Mastery Roadmap¶
Authoring lens: Principal Systems Engineer / Linux Kernel Specialist. Target outcome: A graduate of this curriculum should be capable of (a) reading kernel source and contributing patches to a subsystem, (b) operating a fleet of Linux hosts with a coherent observability and security posture, and (c) writing custom kernel modules, eBPF programs, and systemd integrations to solve real production problems.
This is not "Linux command line in 24 weeks." It assumes the reader is already comfortable on the shell, has shipped userspace code, and is ready to read C source from linux/, man-pages, and the kernel documentation tree as primary literature.
Repository Layout¶
| File | Purpose |
|---|---|
00_PRELUDE_AND_PHILOSOPHY.md |
The Linux design ethics; the kernel/userspace contract; reading list. |
01_MONTH_KERNEL_FOUNDATIONS.md |
Weeks 1–4. Boot, syscalls, VFS, processes & threads. |
02_MONTH_MEMORY_AND_SCHEDULING.md |
Weeks 5–8. Paging, swapping, HugePages, CFS/EEVDF scheduler. |
03_MONTH_NAMESPACES_CGROUPS_EBPF.md |
Weeks 9–12. Namespaces, cgroups v2, eBPF, observability. |
04_MONTH_NETWORKING.md |
Weeks 13–16. Netfilter, IPVS, XDP, bridges, OVS. |
05_MONTH_SECURITY_AND_HARDENING.md |
Weeks 17–20. SELinux/AppArmor, LUKS, sysctl, audit, secure boot. |
06_MONTH_KERNEL_MODULES_CAPSTONE.md |
Weeks 21–24. LKM development, perf tuning, capstone defense. |
APPENDIX_A_HARDENING_AND_TUNING.md |
sysctl, perf, SystemTap, BCC/bpftrace recipes. |
APPENDIX_B_TOOLBOX.md |
Build-from-scratch reference: a tiny init, a custom systemd unit, a kernel module skeleton, an eBPF skeleton. |
APPENDIX_C_CONTRIBUTING_TO_THE_KERNEL.md |
LKML; git send-email; first patch playbook; subsystem map. |
CAPSTONE_PROJECTS.md |
Three terminal projects: self-healing systemd unit, custom LKM, eBPF observability tool. |
How Each Week Is Structured¶
Every weekly module follows the same five-section format:
- Conceptual Core-the why, with a mental model.
- Mechanical Detail-the how, down to kernel source and
man-pagesreferences. - Lab-a hands-on exercise that cannot be completed without internalizing the concept.
- Hardening Drill-
sysctl, AppArmor/SELinux, audit rules, orsystemdsecurity directives that follow from the topic. - Performance Tuning Slice-a
perf/bpftrace/ftracemicro-task that compounds across weeks.
Each week is sized for ~12–16 focused hours.
Progression Strategy¶
Kernel Foundations ──► Memory & Scheduling ──► Namespaces / cgroups / eBPF
│ │ │
└───────────────┬───────┴──────────────────────────┘
▼
Networking
│
▼
Security & Hardening
│
▼
LKM Development & Capstone
Non-Goals¶
- This is not an LPIC/RHCSA exam-prep guide. The exam objectives focus on operational fluency; this curriculum focuses on internals.
- Not a guide to a specific distribution. Examples skew toward modern systemd-based distros (Debian/Ubuntu, Fedora/RHEL, Arch), with kernel paths from upstream.
- Not "How to use Docker." That belongs in the Container Internals curriculum.
Capstone Tracks (pick one in Month 6)¶
- Kernel Module Track-a non-trivial out-of-tree LKM (a character device, a netfilter hook, or a tracepoint consumer) with KUnit tests.
- eBPF Observability Track-a production-grade tracing tool comparable to
bpftrace'srunqlatortcpconnect, packaged with a userspace consumer. - Self-Healing Service Track-a systemd-managed application with health checks, automatic restart, watchdog, and integration with the cgroup memory pressure interface.
Details in CAPSTONE_PROJECTS.md.
Print this path
Want to read offline or archive? Open the printable version - every section of this path concatenated into one page, styled for paper. Use your browser's Print → Save as PDF.
Worked examples
Concrete walkthroughs that pair with the senior weeks - real code, narrated line by line, with the trap and an exercise. Different shape than the syllabus chapters; designed to be read after (or before) the matching week.