We are getting a lot of very low-quality security reports recently where we need to spend time explaining why what was reported is not an issue at all.
Is there any security bug bounty program going on?
14.12.2022 09:40We are getting a lot of very low-quality security reports recently where we need to spend time explaining why what was reported is not an...we've finally sent upstream composefs. It is a new file system to mount read-only images with a bunch of cool features:
https://lkml.org/lkml/2022/11/28/349
Let's see what the upstream Linux community thinks about it.
28.11.2022 11:28we've finally sent upstream composefs. It is a new file system to mount read-only images with a bunch of cool...some of the hardening features used with containers can also be useful for other use cases.
For example, a quick hack to run "yum upgrade" without the expensive sync calls (use at your own risk!):
# printf "\$syscall in (@sync,@syncfs,@fsync) => ERRNO(0);\n=> ALLOW();\n" | easyseccomp | seccomp-run /dev/stdin yum upgrade -y
The script uses easyseccomp from: https://github.com/giuseppe/easyseccomp
25.11.2022 10:01some of the hardening features used with containers can also be useful for other use cases.For example, a quick hack to run "yum...crun 1.7 supports running the same #WebAssembly image used by Docker without any modification:
$ readlink /usr/bin/crun-wasm
../bin/crun
$ podman --runtime /usr/bin/crun-wasm run --platform=wasi/wasm32 -t --rm michaelirwin244/wasm-example
[...]
Server is now running
It is almost 10 years that I sleep where I work and I've never bragged about it
7.11.2022 17:22It is almost 10 years that I sleep where I work and I've never bragged about itjust released crun 1.7 with improved performance and better support for #webassembly
7.11.2022 13:07just released crun 1.7 with improved performance and better support for #webassemblyif you've not already seen it:
https://blogs.gnome.org/alexl/2022/06/02/using-composefs-in-ostree/
8.6.2022 17:16if you've not already seen it:https://blogs.gnome.org/alexl/2022/06/02/using-composefs-in-ostree/⬆️
⬇️