IBM/Red Hat Leftovers
-
Red Hat and Samsung Collaborate to Drive 5G Adoption with Kubernetes-Based Networking for Service Providers
Red Hat, Inc., the world's leading provider of open source solutions, today announced collaboration with Samsung to deliver 5G network solutions built on Red Hat OpenShift, the industry’s most comprehensive enterprise Kubernetes platform, and will help service providers make 5G a reality across use cases, including 5G core, edge computing, IoT, machine learning and more.
-
Red Hat wins the Bronze Stevie Award for Quarkus
Red Hat’s Quarkus framework modernizes Java software by making it cloud-native
Revolutionary open-source project helps applications consume 1/10th the memory and startup 300x faster when compared to traditional Java
Quarkus helps Java maintain its platform leader status through modern innovation designed to meet the fast-paced, ever-changing demands of today’s businesses
-
Season 6: Meet the Inventors
Inventors don’t always get the credit they deserve, even for world-changing breakthroughs.
Season 6 of Command Line Heroes tells the stories of ingenious inventors who haven’t been given their full due. These heroes did nothing less than create new industries, dazzle our imaginations, and reshaped the world as we know it.
The first episode drops October 13, 2020. Subscribe today and sign up for the newsletter to get the latest updates.
-
Removing run-time disabling for SELinux in Fedora
Disabling SELinux is, perhaps sadly in some ways, a time-honored tradition for users of Fedora, RHEL, and other distributions that feature the security mechanism. Over the years, SELinux has gotten easier to tolerate due to the hard work of its developers and the distributions, but there are still third-party packages that recommend or require disabling SELinux in order to function. Up until fairly recently, the kernel has supported disabling SELinux at run time, but that mechanism has been deprecated—in part due to another kernel security feature. Now Fedora is planning to eliminate the ability to disable SELinux at run time in Fedora 34, which sparked some discussion in its devel mailing list.
SELinux is a Linux Security Module (LSM) for enforcing mandatory access control (MAC) rules. But the "module" part of the LSM name has been a misnomer since a 2007 change to make the interface static and remove the option to load LSMs at run time. So kernels are built with a list of supported LSMs, and they can be enabled or disabled at boot time using kernel command-line options. Certain architectures had bootloaders that made it difficult for users to add parameters to the command line, though, so the SELinux developers added a way to disable it at run time. The need for that functionality has faded, and removing it will allow another kernel hardening feature to be used.
The post-init read-only memory feature provides a way to mark certain kernel data structures as read-only after the kernel has initialized them. The idea is that various data structures are prime targets for kernel exploits; function-pointer structures, like those used by the LSM hooks, are of particular interest. So the LSM hooks were protected that way. However, that hardening is only enabled if the ability to disable SELinux at run time is not present in the kernel. The presence of the SELinux feature is governed by the CONFIG_SECURITY_SELINUX_DISABLE kernel build option.
In order to get that hardening feature, Ben Cotton posted a proposal for Fedora 34 to remove the support for disabling SELinux at run time. The proposal is owned by Petr Lautrbach and Ondrej Mosnacek; it would migrate users to the selinux=0 command-line option if they are currently disabling SELinux via the SELINUX=disabled setting in /etc/selinux/config. The proposal, which has been updated on the Fedora wiki based on feedback, would not change the ability to switch SELinux between enforcing and permissive modes at run time using setenforce
The 5.6 kernel deprecated the run-time-disable feature for SELinux. The kernel currently prints a message to that effect, but there are plans to make using it even more painful by sleeping for five seconds when it is used. It may get even more obnoxious over time; eventually the plan is to remove it altogether. Red Hat distributions (Fedora, CentOS, RHEL) are the only known users of the feature at this point, so once they have all moved away, the feature can be removed from the kernel. RHEL and CentOS systems will stick around for a lot longer than Fedora systems, since it is only supported for a bit over year. But Red Hat will just continue to maintain the feature in the RHEL/CentOS kernels; removing the run-time disable from Fedora presumably means that the next RHEL/CentOS major release will no longer support it either.
-
Beyond autonomous vehicles: how automakers are partnering to shape the future
Autonomous driving is movie-level science fiction poised to become our everyday reality. To remain competitive and relevant, manufacturers are employing the latest autonomous capabilities and partnering to develop self-driving vehicles. There is no shortage of investor or consumer enthusiasm.
Self-driving vehicles bask in the media spotlight, so it’s easy to overlook how hard automotive IT teams are working to transform the underlying infrastructure and processes needed to create that reality. The goal is to both support autonomous driving capabilities and, perhaps more importantly, improve their organizational agility, security, data focus, and ultimately, innovation.
- Login or register to post comments
- Printer-friendly version
- 2070 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago