2 év óta
One of the longstanding strengths of Linux, and a key to its early success,
is its ability to interoperate with other systems. That interoperability
includes filesystems; Linux supports a wide range of filesystem types,
allowing it to mount filesystems created by many other operating systems.
Some of those filesystem implementations, though, are better maintained
than others; developers at both the kernel and distribution levels are
currently considering, again, how to minimize the security risks presented
by the others.
corbet
2 év óta
Security updates have been issued by Debian (kernel and libmail-dkim-perl), Fedora (openssh), and SUSE (kernel).
jake
2 év óta
Systemd 254 has been released. As usual, there is a long list of changes,
including a new list-paths command for systemctl, the
ability to send POSIX signals to services, a "soft reboot" feature that
restarts user space while leaving the kernel in place, improved support for
"
confidential
virtual machines", and a lot more.
The announcement also notes the support for split-/usr systems
will be removed in the next release, and support for version-one control
groups and for System V service scripts will be deleted in the near
future as well.
corbet
2 év óta
EOSS in Prague was great, lots of hallway track, good talks, good food,
excellent tea at meetea - first time I had proper tea
in my life, quite an experience. And also my first talk since covid, pack room
with standing audience, apparently one of the top ten most attended talks per
LF’s conference
report.
The video recording is now
uploaded, I’ve uploaded the fixed
slides, including the missing slide that I
accidentally cut in a last-minute edit. It’s the same content as my blog posts
from last year, first talking about locking engineering
principles and then the hierarchy of
locking engineering patterns.
2 év óta
Security updates have been issued by Debian (curl), Fedora (kitty, mingw-qt5-qtbase, and mingw-qt6-qtbase), Mageia (cri-o, kernel, kernel-linus, mediawiki, and microcode), SUSE (chromium, conmon, go1.20-openssl, iperf, java-11-openjdk, kernel-firmware, and mariadb), and Ubuntu (libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm,
linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
linux-oracle, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19, linux-intel-iotg-5.15, linux-iot, llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15, open-iscsi, open-vm-tools, and xorg-server-hwe-16.04).
jake
2 év óta
The
fchmodat()
system call on Linux hides a little secret: it does not actually implement
all of the functionality that the man page claims (and that
POSIX
calls for). As a result, C libraries have to do a bit of a complicated
workaround to provide the API that applications expect. That situation
looks likely to change with the 6.6 kernel, though, as the result of
this patch
series posted by Alexey Gladkov.
corbet
2 év óta
The
6.4.7,
6.1.42,
5.15.123,
5.10.188, and
5.4.251 stable kernels have been released. As
usual, they all contain lots of important fixes; users of those series
should upgrade.
jake
2 év óta
NKI
2 év óta
NKI
2 év óta
NKI
2 év óta
The Android Microconference brings the upstream community and Android systems developers together to discuss issues and changes to the Android platform and their dependencies and interactions with the Linux kernel, allowing for collaboration on solutions for upstream.
Since last year’s conference, there has been quite a bit of progress, specifically around:
Currently planned discussion topics for this year include:
- 16k Pages
- RISC-V
- android-mainline on Pixel6
- Updates on Binder
- BPF usage w/ Android
- Kernel and platform integration testing
- Vendor Hook Usage
- Building Modules for Android GKI Kernels
- Resolving Priority Inversion w/ Proxy Execution
- AOSP Devboards
- And likely more…
People are encouraged to submit topics related to new Android functionality as well as issues in getting that functionality upstream.
Please consider that the goal is to discuss open problems, preferably with patch set submissions already in discussion on LKML. The slots are very short (10-15 mins), and the main portion of the time should be given to the debate – thus, the importance of having an open and relevant problem, with people in the community engaged in the solution.
The CFP for the Android Micro-conference closes on Aug 15th, so get your topics in early!
Additionally, we already have a busy tentative schedule, but please submit your topics, and should it not fit, we hope to have additional discussion space in a follow-on BoF.
2 év óta
The LWN.net Weekly Edition for July 27, 2023 is available.
corbet
2 év óta
The
U-Boot
"universal boot loader" is used extensively in the embedded-Linux world.
At the 2023
Embedded
Open Source Summit (EOSS), Simon Glass gave a presentation (
slides,
YouTube video) on
the status of the project, with a focus on new features added over the last
several years. He also wanted to talk about complexity in the firmware
world, which he believes is increasing, and how U-Boot can help manage that
complexity. The talk was something of a grab bag of ideas and changes
throughout the increasingly large footprint of the project.
jake
2 év óta
The
extensible scheduler class enables the
creation of CPU schedulers in BPF. After
the fourth
version of this series was greeted with relative silence, Tejun Heo
asked about
the status of this work:
We are comfortable with the current API. Everything we tried fit
pretty well. It will continue to evolve but sched_ext now seems
mature enough for initial inclusion. I suppose lack of response
doesn't indicate tacit agreement from everyone, so what are you
guys all thinking?
Scheduler maintainer Peter Zijlstra gave
him his answer: "I'm still hating the whole thing with a
passion". He went on to make it clear that this work will not be
merged into the mainline. So, it seems, developers wanting to try their
hand at BPF scheduler development will need to apply an out-of-tree patch
series, for now at least.
corbet
2 év óta
Security updates have been issued by Debian (amd64-microcode, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, iperf3, openjdk-17, and pandoc), Fedora (389-ds-base, kitty, and thunderbird), SUSE (libqt5-qtbase, libqt5-qtsvg, mysql-connector-java, netty, netty-tcnative, openssl, openssl-1_1, openssl1, php7, python-scipy, and xmltooling), and Ubuntu (amd64-microcode, avahi, libxpm, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,
linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15,
linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm,
linux-lowlatency, linux-oracle, linux-raspi, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, openstack-trove, and python-django).
corbet
2 év óta
Kiberbiztonsági szakértők arra figyelmeztetnek, hogy megemelkedtek a VMware vSphere ESXi virtuális szerverkörnyezetek elleni ransomware támadások ─ sajnos az NBSZ NKI már hazai cég is szerepel az áldozatok között. A Truesec ajánlása szerint ─ az olyan általános jó gyakorlatokon túlmenően, mint például erős jelszavak alkalmazása az admin fiókokon, illetve a biztonsági frissítések mielőbbi telepítése ─ az ESXi hosztokat ellenállóbbá tehetjük a ransomware támadásokkal szemben egy kevésbé ismert beállítás, a „VMkernel.Boot.execInstalledOnly” alkalmazásával.
The post Így védhetjük az ESXi virtuális környezeteket egy új, egyre gyakoribb ransomware taktikával szemben first appeared on Nemzeti Kibervédelmi Intézet.
NKI
2 év óta
There was something of a space theme that pervaded the Embedded Linux
Conference (ELC) portion of the 2023
Embedded
Open Source Summit (EOSS), which is an umbrella event for various
sub-conferences related to embedded open-source development. That may
partly be because one of the organizers of EOSS (and ELC), Tim Bird,
described himself as "a bit of a space junkie"; he made that observation
during a panel session that he led on embedded Linux in space. Bird and
four panelists discussed various aspects of the use of Linux in
space-related systems, including where it has been used, the
characteristics and challenges of aerospace deployments, certification of
Linux for aerospace use, and more.
jake
2 év óta
Security updates have been issued by Debian (python-git and renderdoc), Red Hat (edk2, kernel, kernel-rt, and kpatch-patch), Slackware (kernel), SUSE (firefox, libcap, openssh, openssl-1_1, python39, and zabbix), and Ubuntu (cinder, ironic, nova, python-glance-store, python-os-brick, frr, graphite-web, and openssh).
corbet
2 év óta
NKI
2 év óta
The buzzword bug of the week is
Zenbleed, which affects various
AMD processors and is explained in more detail
here.
On OpenBSD, the latest -current snapshots already have the fixes, and errata patches will go out for the supported releases (7.2 and 7.3) shortly.
In a post to the tech@ list, Theo de Raadt described the situation:
List: openbsd-tech
Subject: Zenbleed
From: "Theo de Raadt" <deraadt () openbsd ! org>
Date: 2023-07-24 16:11:45
Zenbleed errata for 7.2 and 7.3 will come out soon.
sysupgrade of the -current snapshot already contains a fix.
Read more…