mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-24 23:21:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
flatcar-scripts/changelog
History
Mickaël Salaün b2be807349
sys-kernel/coreos-modules: Enable Landlock 
Landlock is a feature to create security sandboxes thanks to 3 dedicated
system calls.  They are designed to be safe to used by any processes,
which can only drop their privileges, similarly to seccomp.

The new Landlock LSM is build in the kernel (CONFIG_SECURITY_LANDLOCK=y)
but it is not enough to make it usable by default.  As a stackable LSM,
it is required to enable it at boot time with the CONFIG_LSM list.  See
https://docs.kernel.org/userspace-api/landlock.html#kernel-support

As for other stackable LSMs, prepending Landlock to the default LSM list
enables users to potentially get more protection by default by letting
programs sandbox themselves.

As a dependency, CONFIG_SECURITY_PATH=y will be automatically set.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
2024-07-29 15:10:55 +02:00
..
bugfixes
coreos-base/coreos-init: Bump to fix flatcar-install custom key issue (#2062)
2024-06-25 16:56:02 +01:00
changes
sys-kernel/coreos-modules: Enable Landlock
2024-07-29 15:10:55 +02:00
security
changelog: Add entries
2024-07-16 12:38:05 +02:00
updates
app-misc/ca-certificates: Update from 3.102 to 3.102.1
2024-07-29 07:21:21 +00:00
README.md
Use new github org name "flatcar"
2022-09-14 14:33:27 +02:00

README.md

The changelog directory contains the description of the changes introduced into the repository. The changes are essentially divided into 4 categories:

  • changes: PRs bringing Changes and/or Enhancements
  • bugfixes: PRs fixing existing issues
  • security: PRs fixing security issues
  • updates: PRs updating packages

How to add the file

Based on the category the PR falls into create a new file in the respective directory with the filename format YYYY-MM-DD-<few-words-about-the-change>.md (can be generated via: $(date '+%Y-%m-%d')-<few-words-about-the-change>.md). The file should contain a markdown bullet point entry (- TEXT...).

Example for the bugfix section:

- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker [scripts#1456](https://github.com/flatcar/scripts/pull/1456)

The contents of the file should describe the changes in a concise manner, and only contain information relevant for the end users. (use the past tense for the change/bugfix description to avoid confusion with the imperative voice for actions the user should do as a result). Security fixes of upstream packages and package updates can be kept short in most cases and follow a standard format.

As Updates refer to the package updates, contents of the file should be of the following format: - Package Name ([Version](link to changelog)). Example: - Linux ([5.10.77](https://lwn.net/Articles/874852/)). Note the leading dash that will create a bullet list in the rendered markdown.

The security section follows this format:

- Package Name ([CVE-NUMBER](NIST-LINK), [CVE-NUMBER](NIST-LINK), ...)

E.g., Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820)).