This report covers weekly developments in the linuxkit, linuxkit-ci and virtsock repositories. The Moby Summit held in San Francisco was very active and well attended (blog / notes #2090 #2033 @mgoelzer @justincormack).
-
Kernel GPG verification: The kernel compilation containers now verify the GPG and SHA256 checksums before building the binaries. (#2062 #2083 @mscribe @justincormack @rn @riyazdf). The base Alpine build image now includes
gnupgto support this feature (#2091 @riyazdf @rn). -
Security SIG on Landlock: The third Moby Security SIG focussed on the Landlock security module that provides unprivileged fine-grained sandboxing to applications. There are meeting notes as well as videos and forum links (#2087 #2089 #2073 @riyazdf).
-
Networking drivers now modules: The kernels have been updated to 4.11.6/4.9.33/4.4.73, and many drivers are now loaded as modules to speed up boot-time (#2095 #2061 @rn @justincormack @tych0)
-
Whaley important update: The ASCII logo was updated and we fondly wave goodbye to the waves. (#2084 @thaJeztah @rn)
-
Containerised getty and sshd: The login services now run in their own mount namespace, which was confusing people since they were expecting it to be on the host filesystem. This is now being addressed via a reminder in the
motdupon login (#2078 #2097 @deitch @ijc @justincormack @riyazdf @rn) -
Hardened user copying: The RFC on ensuring that we use a hardened kernel/userspace copying system was closed, as it is enabled by default on all our modern kernels and a regression test is included by default (#2086 @fntlnz @riyazdf).
-
Vultr provider: There is an ongoing effort to add a metadata provider for Vultr (#2101 @furious-luke @justincormack).
- Simplified Makefiles for packages (#2080 @justincormack @rn)
- The MirageOS SDK is integrating many upstream changes from dependent libraries, for the DHCP client (#2070 #2072 @samoht @talex5 [@avsm]).
- A comprehensive test suite for containerd is now integrated into LinuxKit tests (#2062 [@AkihiroSuda] @justincormack @rn)
- Fix documentation links (#2074 @ndauten @justincormack)
- Update RTF version (#2077 @justincormack)
- tests: add build test for Docker for Mac blueprint (#2093 @riyazdf @MagnusS)
- Disable Qemu EFI ISO test for now (#2100 @justincormack)
- The CI whitelists and ACLs were updated (linuxkit-ci#11 linuxkit-ci#15 [linuxkit/linuxkit-ci#10] @rn @justincormack)
- Fix spelling errors (#2079 @ndauten)
- Fix typo in dev report (#2094 @justincormack)
- Fix dead Link to VMWare File (#2082 @davefreitag)
Other reports in this series can be browsed directly in the repository at linuxkit:/reports.