lwn.net

LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
업데이트: 37분 13초 지남
[$] Resource limits in user namespaces
User namespaces provide a number of
interesting challenges for the kernel. They give a user the illusion of
owning the system, but must still operate within the restrictions that
apply outside of the namespace. Resource
limits represent one type of
restriction that, it seems, is proving too restrictive for some users. This
patch set from Alexey Gladkov attempts to address the problem by way of
a not-entirely-obvious approach.
GNU Radio 3.9.0.0 released
Version
3.9.0.0 of the GNU Radio software-defined radio system has been
released. "All in all, the main breaking change for pure GRC users
will consist in a few changed blocks – an incredible feat, considering the
amount of shift under the hood."
Security updates for Monday
Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).
A set of stable kernel updates
Kernel prepatch 5.11-rc4
The 5.11-rc4 kernel prepatch is out
for testing. "Things continue to look fairly normal for this release:
5.11-rc4 is solidly average in size, and nothing particularly scary stands
out."
Stenberg: Food on the table while giving away code
Daniel Stenberg writes
about getting paid to work on curl — 21 years after starting the
project. "I ran curl as a spare time project for decades. Over the
years it became more and more common that users who submitted bug reports
or asked for help about things were actually doing that during their paid
work hours because they used curl in a commercial surrounding – which
sometimes made the situation almost absurd. The ones who actually got paid
to work with curl were asking the unpaid developers to help them
out."
Security updates for Friday
Security updates have been issued by Debian (flatpak, ruby-redcarpet, and wavpack), Fedora (dia, mingw-openjpeg2, and openjpeg2), Mageia (awstats, bison, cairo, kernel, kernel-linus, krb5, nvidia-current, nvidia390, php, and thunderbird), openSUSE (cobbler, firefox, kernel, libzypp, zypper, nodejs10, nodejs12, and nodejs14), Scientific Linux (thunderbird), Slackware (wavpack), SUSE (kernel, nodejs8, open-iscsi, openldap2, php7, php72, php74, slurm_20_02, and thunderbird), and Ubuntu (ampache and linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-lts-xenial).
[$] Fast commits for ext4
The Linux 5.10 release included a change
that is expected to significantly increase the performance of the ext4
filesystem; it goes by the name "fast commits" and introduces a new,
lighter-weight journaling method. Let us look into how the feature works, who
can benefit from it, and when its use may be appropriate.
[$] MAINTAINERS truth and fiction
Since the release of the 5.5 kernel in January 2020, there have been almost
87,000 patches from just short of 4,600 developers merged into the mainline
repository. Reviewing all of those patches would be a tall order for even
the most prolific of kernel developers, so decisions on patch acceptance
are delegated to a long list of subsystem maintainers, each of whom takes
partial or full responsibility for a specific portion of the kernel. These
maintainers are documented in a file called, surprisingly, MAINTAINERS.
But the MAINTAINERS file, too, must be maintained; how well does
it reflect reality?
Wine 6.0 released
Version 6.0 of the Wine
Windows not-an-emulator has been released. "This release is
dedicated to the memory of Ken Thomases, who passed away just before
Christmas at the age of 51. Ken was an incredibly brilliant developer, and
the mastermind behind the macOS support in Wine. We all miss his skills,
his patience, and his dark sense of humor." Significant features
include core modules built as PE executables, an experimental Direct3D
renderer, DirectShow support, a new text console, and more.
Security updates for Thursday
Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).
[$] LWN.net Weekly Edition for January 14, 2021
The LWN.net Weekly Edition for January 14, 2021 is available.
[$] A license change for Nmap
It may be kind of an obvious statement, but licensing terms matter in our
communities. Even a misplaced word or three can be fatal for a license,
which is part of the motivation for hte efforts to reduce license
proliferation in free-software projects. Over the last few months, various
distribution projects have been discussing changes made to the license for
the Nmap network scanner; those changes
seemed to be adding restrictions that would make the software non-free, though
that was not the intent. But the incident does serve to show the importance of
license clarity.
The Default Router (Tedium)
Tedium is running a
history of the Linksys WRT54G router. "But the reason the WRT54G
series has held on for so long, despite using a wireless protocol that was
effectively made obsolete 12 years ago, might come down to a feature that
was initially undocumented—a feature that got through amid all the
complications of a big merger. Intentionally or not, the WRT54G was hiding
something fundamental on the router’s firmware: Software based on
Linux."
Rosenzweig: Desktop OpenGL 3.1 on Mali GPUs with Panfrost
Alyssa Rosenzweig presents
a progress report on the Panfrost driver for Arm Mali Midgard and
Bifrost GPUs, which now provides non-conformant OpenGL ES 3.0 on Bifrost
and desktop OpenGL 3.1 on Midgard. "Architecturally, Bifrost shares most of its fixed-function data structures with Midgard, but features a brand new instruction set. Our work for bringing up OpenGL ES 3.0 on Bifrost reflects this division. Some fixed-function features, like instancing and transform feedback, worked without any Bifrost-specific changes since we already did bring-up on Midgard. Other shader features, like uniform buffer objects, required "from scratch" implementations in the Bifrost compiler, a task facilitated by the compiler's maturing intermediate representation with first-class builder support. Yet other features like multiple render targets required some Bifrost-specific code while leveraging other code shared with Midgard. All in all, the work progressed much more quickly the second time around, a testament to the power of code sharing. But there is no need to limit sharing to just Panfrost GPUs; open source drivers can share code across vendors."
Final days for some Arm platforms
Arnd Bergmann stirred up a bit of a discussion with his January 8 "bring
out your dead" posting, wherein he raised the idea of removing support
for a long list of seemingly unloved Arm platforms — and a few non-Arm ones
as well. Many of these have seen no significant work in at least six
years. In a
January 13 followup, he notes that several of those platforms will
be spared for now due to ongoing interest. Several others, though (efm32,
picoxcell, prima2, tango, u300, and zx) remain on the chopping block, and
the status of another handful remains uncertain. Readers who care about
old Arm platforms may want to have a look at the list now and speak up if
they still need support for one of the platforms that might otherwise be
deleted.
Security updates for Wednesday
Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).
[$] Debian discusses vendoring—again
The problems with "vendoring" in packages—bundling dependencies rather than
getting them from other packages—seems to crop up frequently these days.
We looked at Debian's concerns about
packaging Kubernetes and its myriad of Go
dependencies back in October. A more recent discussion in that
distribution's community looks at another famously dependency-heavy
ecosystem: JavaScript libraries from the npm repository. Even C-based ecosystems
are not immune to the problem, as we saw with
iproute2 and libbpf back in November; the discussion of vendoring seems
likely to recur over the coming years.
A set of stable kernels
Google series on in-the-wild exploits
The Google Project Zero blog is carrying a
six-part series exploring, in great detail, a set of sophisticated
exploits discovered in the wild. "These exploit chains are designed
for efficiency & flexibility through their modularity. They are
well-engineered, complex code with a variety of novel exploitation methods,
mature logging, sophisticated and calculated post-exploitation techniques,
and high volumes of anti-analysis and targeting checks. We believe that
teams of experts have designed and developed these exploit chains. We hope
this blog post series provides others with an in-depth look at exploitation
from a real world, mature, and presumably well-resourced actor."