mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
b2be807349
flatcar-scripts/changelog/changes
History
Mickaël Salaün b2be807349
sys-kernel/coreos-modules: Enable Landlock 
Landlock is a feature to create security sandboxes thanks to 3 dedicated
system calls.  They are designed to be safe to used by any processes,
which can only drop their privileges, similarly to seccomp.

The new Landlock LSM is build in the kernel (CONFIG_SECURITY_LANDLOCK=y)
but it is not enough to make it usable by default.  As a stackable LSM,
it is required to enable it at boot time with the CONFIG_LSM list.  See
https://docs.kernel.org/userspace-api/landlock.html#kernel-support

As for other stackable LSMs, prepending Landlock to the default LSM list
enables users to potentially get more protection by default by letting
programs sandbox themselves.

As a dependency, CONFIG_SECURITY_PATH=y will be automatically set.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
2024-07-29 15:10:55 +02:00
..
.gitkeep changelog: Add placeholder directory to add the changelogs 2021-11-24 22:50:02 +05:30
2021-12-10-python-update.md changelog: Add an entry 2021-12-10 20:09:53 +01:00
2022-01-11-etc-flatcar-update-conf.md set_lsb_release: only set update-engine GROUP in /usr, not /etc 2022-01-11 15:00:43 +01:00
2022-02-01-azure-fixed-vhd.md changelog: Add entry for Azure VHD format change 2022-02-02 10:01:19 +01:00
2022-02-22-configurable-image-compression.md Update changelog/changes/2022-02-22-configurable-image-compression.md 2022-03-09 17:26:05 +02:00
2022-03-10-sysext-level.md set_lsb_release: define Flatcar sysext level 2022-03-10 18:15:04 +01:00
2023-05-12-coreos-cloudinit.md coreos-base/coreos-cloudinit: Update to latest commit (#814) 2023-05-12 18:52:53 +05:30
2023-05-16-oem-mountpoint.md changelog: Add an entry 2023-05-30 15:59:37 +02:00
2023-05-22-virtio-gpu.md arm64: fix vnc console on qemu-kvm arm64 2023-05-26 15:55:13 +03:00
2023-06-06-sysext-for-azure-and-qemu-oem.md changelog: Improve wording on sysext changes 2023-06-06 15:12:15 +02:00
2023-06-08-cloudinit-multipart.md Update symlinks and changelog 2023-06-09 10:52:30 +03:00
2023-06-15-containerd-service add changelog 2023-06-15 17:50:41 +02:00
2023-06-15-kernel-tls.md Add changelog 2023-06-15 17:33:12 +02:00
2023-06-16-nvidia-drivers-525.105.17.md changelog: Add the changelog for the nvidia-drivers migration 2023-06-16 18:24:44 +05:30
2023-06-22-ext4-inode-size.md changelog: Add entry for ext4 inode size change 2023-06-22 09:53:35 +02:00
2023-06-29-locksmith-cgroup.md changelog: Add an entry 2023-06-29 17:40:06 +02:00
2023-07-05-drop-niftycloud-and-interoute.md changelog: Add an entry 2023-07-05 16:05:27 +02:00
2023-08-08-change-nvidia-oneshot.md Changes to nvidia.service to allow ordering on the subsequent services 2023-08-08 11:52:08 -04:00
2023-08-30-sysext-for-aws-oem.md changelog: add entry 2023-09-26 13:34:09 +02:00
2023-09-06-oem-vendor-tool-updates.md Support OEM systemd-sysext images and Flatcar extensions 2023-09-08 14:50:43 +02:00
2023-09-12-azure-mana-vf.md changelog: Add entry for mana vf support 2023-09-15 11:00:02 +02:00
2023-09-12-qcow2-compression.md changelog: add changelog for qcow2 inline compression 2023-09-26 09:29:50 +02:00
2023-09-20-experimental-prefix-builds.md Prefix: add stabilisation TODOs, changelog entry 2023-09-29 15:22:45 +02:00
2023-09-20-slsa.md changelog: Add an entry 2023-12-06 14:03:10 +01:00
2023-09-20-vmware-sysext.md changelog: Update an entry 2023-09-25 14:50:45 +02:00
2023-09-29-openssh-update.md changelog: Add entries 2023-09-29 13:47:34 +02:00
2023-10-09-kubernetes-usr-libexec.md coreos-base/misc-files: Make Kubernetes work by default through symlink 2023-10-09 18:46:24 +02:00
2023-10-19-torcx-removal.md changelog: improved messaging for torcx removal and docker 24 upgrade 2023-11-21 15:16:32 +01:00
2023-10-25-docker-gentoo-upstream.md changelog: improved messaging for torcx removal and docker 24 upgrade 2023-11-21 15:16:32 +01:00
2023-11-14-brightbox.md Use OpenStack image for Brightbox 2023-11-15 13:33:55 +01:00
2023-11-29-sysext-for-gce-oem.md changelog: add entry 2023-12-04 18:16:19 +01:00
2024-01-25-flatcar-update-oem.md coreos-base/coreos-init: Add flatcar-update flag to skip OEM payloads 2024-02-01 19:27:38 +01:00
2024-01-25-shim-secureboot-update.md sys-boot/shim: Add the changelog for shim upgrade, and secureboot 2024-02-26 15:46:12 +01:00
2024-02-21-scaleway.md changelog: add entry 2024-03-05 13:51:07 +01:00
2024-02-23-coreos-cloudinit.md changelog: add entry 2024-02-23 14:33:29 +01:00
2024-03-08-libcrypt-migration.md changelog: Add an entry 2024-05-23 11:19:30 +02:00
2024-03-12-remove-mlnx-switch-asics-drivers.md initrd_size_decrease: remove mlxsw_spectrum/mlxsw_core kernel modules 2024-03-12 16:51:35 +00:00
2024-03-13-zfs.md changelog: Add entry for zfs sysext 2024-03-13 23:23:44 +01:00
2024-03-14-tpm-tang-encryption.md changelog: add entry for disk encryption 2024-03-14 12:09:16 +01:00
2024-03-19-amd-pstate.md changelog: Add entry for X86_AMD_PSTATE 2024-03-19 16:38:19 +01:00
2024-03-19-multipath.md changelog: Add entry for multipath realtime change 2024-03-19 14:37:04 +00:00
2024-03-22-intel-igc.md Changelog: sys-kernel/coreos-modules: Enable CONFIG_IGC=y 2024-03-26 00:45:51 +09:00
2024-03-26-hyperv-vhdx-images.md image_to_vm: add support for hyper-v vhdx format 2024-04-09 10:52:06 +03:00
2024-03-28-ntp-chrony.md changelog: Add entry for PTP/NTP changes 2024-03-28 12:13:48 +01:00
2024-03-28-systemd-cryptenroll.md sys-kernel/bootengine: Install libcryptsetup-token-systemd-tpm2 plugin 2024-03-28 16:55:19 +09:00
2024-04-02-remove-actool-and-acbuild.md app-emulation/actool,acbuild: Remove actool and acbuild 2024-04-03 16:18:56 +09:00
2024-04-03-qemu-script.md vm_image_util.sh: Bump default VM memory to 2 GB 2024-04-04 12:55:37 +09:00
2024-04-08-unify-qemu-images.md Set up symlinks for same image artifacts to remove qemu/qemu_uefi_secure 2024-04-09 15:09:29 +02:00
2024-04-09-grub-tpm.md build_library/grub.cfg: Enable TPM module by default 2024-04-09 22:17:18 +09:00
2024-04-11-hyperv-images-compression.md ci-automation/vms: provide Hyper-V images with .zip compression 2024-04-11 15:43:07 +03:00
2024-04-11-openstack-autologin.md coreos-base/common-oem-files: Enable flatcar.autologin for OpenStack 2024-04-11 16:48:31 +09:00
2024-04-16-hetzner.md changelog: add entry for hetzner images 2024-04-16 17:08:04 +02:00
2024-04-22-systemd-sysext.md changelog: Add entries 2024-04-22 16:47:47 +02:00
2024-04-24-azure-nvme-utils.md changelog: Add entry for azure-nvme-utils 2024-04-24 16:03:31 +00:00
2024-04-24-scaleway.md changelog: add entry 2024-04-26 09:47:29 +02:00
2024-04-29-kubevirt-images.md image: add kubevirt image build 2024-04-30 09:19:16 +03:00
2024-05-03-podman.md sysext: Add podman sysext 2024-05-03 22:59:36 +09:00
2024-05-04-python.md sysext: Add python sysext 2024-05-29 19:18:18 +02:00
2024-06-03-openstack-configdrive.md OpenStack: Changed metadata hostname source order 2024-06-03 14:18:19 +02:00
2024-06-19-akamai.md changelog: add entry 2024-06-19 15:38:03 +02:00
2024-06-21-remove-unused-grub-files.md grub_install: add changelog for the file removals 2024-06-21 11:10:20 +03:00
2024-07-15-repo-rename.md Upgrade to Catalyst 4 2024-07-15 14:27:59 +01:00
2024-07-29-landlock.md sys-kernel/coreos-modules: Enable Landlock 2024-07-29 15:10:55 +02:00