Language Selection

English French German Italian Portuguese Spanish

Linux

LWN and Oracle on Linux 5.x Kernel

Filed under
Linux
  • Grabbing file descriptors with pidfd_getfd()

    In response to a growing desire for ways to control groups of processes from user space, the kernel has added a number of mechanisms that allow one process to operate on another. One piece that is currently missing, though, is the ability for a process to snatch a copy of an open file descriptor from another. That gap may soon be filled, though, if the pidfd_getfd() system-call patch set from Sargun Dhillon is merged.
    One thing that is possible in current kernels is to open a file that another process also has open; the information needed to do that is in each process's /proc directory. That does not work, though, for file descriptors referring to pipes, sockets, or other objects that do not appear in the filesystem hierarchy. Just as importantly, though, opening a new file in this way creates a new entry in the file table; it is not the entry corresponding to the file descriptor in the process of interest.

    That distinction matters if the objective is to modify that particular file descriptor. One use case mentioned in the patch series is using seccomp to intercept attempts to bind a socket to a privileged port. A privileged supervisor process could, if it so chose, grab the file descriptor for that socket from the target process and actually perform the bind — something the target process would not have the privilege to do on its own. Since the grabbed file descriptor is essentially identical to the original, the bind operation will be visible to the target process as well.

    For the sufficiently determined, it is actually possible to extract a file descriptor from another process now. The technique involves using ptrace() to attach to that process, stop it from executing, inject some code that opens a connection to the supervisor process and sends the file descriptor via an SCM_RIGHTS datagram, then running that code. This solution might justly be said to be slightly lacking in elegance. It also requires stopping the target process, which is likely to be unwelcome.

  • configfd() and shifting bind mounts

    The 5.2 kernel saw the addition of an extensive new API for the mounting (and remounting) of filesystems; this article covered an early version of that API. Since then, work in this area has mostly focused on enabling filesystems to support this API fully. James Bottomley has taken a look at this API as part of the job of redesigning his shiftfs filesystem and found it to be incomplete. What has followed is a significant set of changes that promise to simplify the mount API — though it turns out that "simple" is often in the eye of the beholder.
    The mount API work replaces the existing, complex mount() system call with a half-dozen or so new system calls. An application would call fsopen() to open a filesystem stored somewhere or fspick() to open an already mounted filesystem. Calls to fsconfig() set various parameters related to the mount; fsmount() is then called to mount a filesystem within the kernel and move_mount() to attach the result to the filesystem hierarchy somewhere. There are a couple more calls to fill in other parts of the interface as well. The intent is for this set of system calls to be able to replace mount() entirely with something that is more flexible, capable, and maintainable.

    Back in November, Bottomley discovered one significant gap with the new API: it is not possible to use it to set up a read-only bind mount. The problem is that bind mounts are special; they do not represent a filesystem directly. Instead, they can be thought of as a view of a filesystem that is mounted elsewhere. There is no superblock associated with a bind mount, which turns out to be a problem where the new API is concerned, since fsconfig() is designed to operate on superblocks. An attempt to call fsconfig() on a bind mount will end up modifying the original mount, which is almost certainly not what the caller had in mind. So there is no way to set the read-only flag for a bind mount.

    David Howells, the creator of the new mount API, responded that what is needed is yet another system call, mount_setattr(), which would change attributes of mounts. That would work for the read-only case, Bottomley said, but it falls down when it comes to more complex situations, such as his proposed UID-shifting bind mount. Instead, he said, the file-descriptor-based configuration mechanism provided by fsconfig() is well suited to this job, but it needs to be made more widely applicable. He suggested that this interface be made more generic so that it could be used in both situations (and beyond).

  • Accelerating netfilter with hardware offload, part 1

    Supporting network protocols at high speeds in pure software is getting increasingly difficult, with 25-100Gb/s interfaces available now and 200-400Gb/s starting to show up. Packet processing at 100Gb/s must happen in 200 cycles or less, which does not leave much room for processing at the operating-system level. Fortunately some operations can be performed by hardware, including checksum verification and offloading parts of the packet send and receive paths.

    As modern hardware adds more functionality, new options are becoming available. The 5.3 kernel includes a patch set from Pablo Neira Ayuso that added support for offloading some packet filtering with netfilter. This patch set not only adds the offload support, but also performs a refactoring of the existing offload paths in the generic code and the network card drivers. More work came in the following kernel releases. This seems like a good moment to review the recent advancements in offloading in the network stack.

  • Linux Kernel Developments Since 5.0: Features and Developments of Note

    Last year, I covered features in Linux kernel 5.0 that we thought were worth highlighting. Unbreakable Enterprise Kernel 6 is based on stable kernel 5.4 and was recently made available as a developer preview. So, now is as good a time as any to review developments that have occurred since 5.0. While the features below are roughly in chronological order, there is no significance to the order otherwise.

    BPF spinlock patches
    BPF (Berkeley Packet Filter) spinlock patches give BPF programs increased control over concurrency. Learn more about BPF and how to use it in this seven part series by Oracle developer Alan Maguire.

    Btrfs ZSTD compression
    The Btrfs filesystem now supports the use of multiple ZSTD (Zstandard) compression levels. See this commit for some information about the feature and the performance characteristics of the various levels.

    Memory compaction improvements
    Memory compaction has been reworked, resulting in significant improvements in compaction success rates and CPU time required. In benchmarks that try to allocated Transparent HugePages in deliberatly fragmented virtual memory, the number of pages scanned for migration was reduced by 65% and the free scanner was reduced by 97.5%.

Lakka 2.3.2 with RetroArch 1.8.4

Filed under
GNU
Linux

The Lakka team wishes everyone a happy new year and welcomes 2020 with a new update and a new tier-based releases system!

This new Lakka update, 2.3.2, contains RetroArch 1.8.4 (was 1.7.2), some new cores and a handful of core updates.

Read more

Videos/Audiocasts/Shows: System76 Serval WS, Linux Headlines, FLOSS Weekly and LCARS System 47 Screensaver on Linux

Filed under
GNU
Linux
  • System76 Serval WS Workstation Laptop Full Review

    The System76 Serval WS laptop is crazy powerful, with a desktop CPU and a powerful Nvidia video card. In this review, I show off the hardware, weigh the pros and cons, and give my overall thoughts.

  • 2020-01-22 | Linux Headlines

    Major improvements come to Wine, Debian makes a significant change post systemd debate, and the world’s most popular open source API gateway gets an update.

  • FLOSS Weekly 563: Apprentice Program

    The Apprentice Program is an initiative to train and mentor female junior developers in open source, creating a pipeline of talent and changing the ratio in tech.

  • LCARS System 47 Screensaver on Linux | Install and Service Creation

    This video goes over the infamous LCARS System 47 Screensaver on Linux. You have seen it in my background and now I show how to use an old 90s screensaver scr file on Linux. I then show how to make a systemd service to activate the screensaver when you are idle for a set amount of time.

Orange Pi 4B Review: Raspberry Pi Competitor Has Built-in A.I.

Filed under
Linux
Reviews

There’s a lot of buzz around deep learning and machine intelligence these days, and almost every processor manufacturer claims it has the answer for accelerating the computationally-heavy workloads of building your own artificial intelligence. Intel is working on neuromorphic computing, inspired by the human brain, with its recently-scaled Loihi research processor; Nvidia, meanwhile, has products like the Jetson Nano which leverage its graphics processing technology as a general-purpose accelerator; Google has its in-house Tensor Processing Units (TPUs), launched for the enthusiast market in March last year and due a refresh early this year.

Read more

Easy Librem 5 App Development: Take a Screenshot

Filed under
GNU
Linux

I’m not a professional application developer but I know a few programming languages and have contributed to FOSS projects over the years. I like to write my personal programs as simple shell script that tend to run on my Linux laptop or server but never on my old Android phone. This is the first time my phone hasn’t restricted me from developing apps how I like to.

My previous Android phone always felt like a locked box, especially when it came to writing my own programs. I needed to read guides to set up a local phone development environment, learn the language and frameworks used for the platform, and only then could I write a native phone application. Once it was written I’d need to figure out how to sideload it onto the phone or otherwise get it into an official app store. Since I’m not a professional application developer, I never had the time or motivation to overcome that learning curve.

Read more

Do You Really Need Antivirus Software on Linux?

Filed under
GNU
Linux
Security

There’s a myth that Linux doesn’t have viruses. but for most people, it’s true that they don’t need an antivirus on Linux. How can both those claims be true? Do you really need antivirus on your Linux machine?

Although there have been cases like EvilGnome, a piece of malware that made headlines last year for infecting Linux desktops, they are ultra-rare. The short answer is that thanks to being more securely designed, better maintained, and, truth be told, less popular, Linux ends up being safer than Windows.

There’s no simple yes or no answer to the question of our title, though, as it depends on the user and their needs.

Read more

Also: Security updates for Wednesday

Linux needs easier bug reporting tools

Filed under
Linux

I get that developers need specific information for bug reports, but in many cases, the extraction of that information is beyond the pay grade of the average user. Take, for instance, the backtrace. The backtrace command is a powerful tool that allows the user to start an application while gathering specific information about why a program might not be running properly. This is not a command built for the new user. I've been using Linux since the late 1990s and I have to remind myself how the tool is used (because I don't use it often).

Read more

Raspberry Pi 4: Chronicling the Desktop Experience – Screencasting – Week 13

Filed under
Linux

This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers.

Given the multimedia strengths of the RPI4, I’ve spent a few weeks covering video streaming, then examining the viability of the RPI4 to play locally stored video, before turning to examining the RPI4 as a home theater. Continuing this theme, for this week’s blog I look at the RPI4 as a screencaster (i.e. screen recording).

In the field of open source video recording, my preferred application is OBS Studio. It’s a truly first class cross-platform application that’s excellent for both video recording and live streaming. Open source at its very best. Sadly, the software is not available in the Raspbian repositories. I did expend considerable effort trying to compile the software on the RPI4. While I got fairly close, I wasn’t able to successfully build the software. If you’ve got OBS Studio running on the RPI4, I’d love to hear from you.

Read more

Screenshot your Linux system configuration with Bash tools

Filed under
Linux

There are many reasons you might want to share your Linux configuration with other people. You might be looking for help troubleshooting a problem on your system, or maybe you're so proud of the environment you've created that you want to showcase it to fellow open source enthusiasts.

You could get some of that information with a cat /proc/cpuinfo or lscpu command at the Bash prompt. But if you want to share more details, such as your operating system, kernel, uptime, shell environment, screen resolution, etc., you have two great tools to choose: screenFetch and Neofetch.

Read more

Screencasts/Audiocasts/Shows: GNU/Linux Laptop Screencast, LINUX Unplugged and Linux Headlines

Filed under
GNU
Linux
  • [VIDEO] Linux Laptop Screencast

    A few weeks ago, I wrote about tuning up my Linux laptop for writing. Via YouTube, here’s a very quick (20 minute) screencast. Enjoy!

  • Mystical Users | LINUX Unplugged 337

    We make an appeal to keep Linux powerful and avoid the Macification of the desktop, and review the latest developer-focused XPS 13.

    Plus some community news that's getting missed, picks, and more.

  • 2020-01-21 | Linux Headlines

    Canonical announces a cloud delivery suite for Android apps, EarlyOOM is on hold for the next Fedora, and ProtonMail open sources its VPN clients.

Syndicate content

More in Tux Machines

Lakka 2.3.2 with RetroArch 1.8.4

The Lakka team wishes everyone a happy new year and welcomes 2020 with a new update and a new tier-based releases system! This new Lakka update, 2.3.2, contains RetroArch 1.8.4 (was 1.7.2), some new cores and a handful of core updates. Read more

It is time to end the DMCA anti-circumvention exemptions process and put a stop to DRM

Although it is accurate, there's one aspect of the process that is missing from that description: the length. While the process kicks off every three years, the work that goes into fighting exemptions, whether previously granted or newly requested, has a much shorter interval. As you can see from the timeline of events from the 2018 round of the exemptions process, the process stretches on for months and months. For each exemption we have to prepare research, documents, and our comments through wave after wave of submission periods. For the 2018 exemptions round, the first announcements from the United States Copyright Office were in July of 2017, on a process that concluded in October of 2018. Fifteen months, every three years. If you do the math, that means we're fighting about 40% of the time just to ensure that exemptions we already won continue, and that new exemptions will be granted. If the timeline from the last round holds up, then we're only a few short months away from starting this whole circus back up again. Describing it as a circus seems an appropriate label for the purpose of this whole process. It's not meant to be an effective mechanism for protecting the rights of users: it's a method for eating up the time and resources of those who are fighting for justice. If we don't step up, users could lose the ability to control their own computing and software. It's like pushing a rock up a mile-long hill only to have it pushed back down again when we've barely had a chance to catch our breath. Read more

Programming With Python: PyQt5, “Effective Python” and Wing Python IDE

  • PyQt5 plotting with matplotlib, embed plots in your GUI applications

    In the previous part we covered plotting in PyQt5 using PyQtGraph. That library uses the Qt vector-based QGraphicsScene to draw plots and provides a great interface for interactive and high performance plotting. However, there is another plotting library for Python which is used far more widely, and which offers a richer assortment of plots — Matplotlib. If you're migrating an existing data analysis tool to a PyQt GUI, or if you simply want to have access to the array of plot abilities that Matplotlib offers, then you'll want to know how to include Matplotlib plots within your application. In this tutorial we'll cover how to embed Matplotlib plots in your PyQt applications Many other Python libraries — such as seaborn and pandas— make use of the Matplotlib backend for plotting. These plots can be embedded in PyQt5 in the same way shown here, and the reference to the axes passed when plotting. There is a pandas example at the end of this tutorial.

  • “Effective Python” by Brett Slatkin book review

    Let’s start with the target audience for this book. I’d recommend it to the people who are using Python at least several months and are feeling good with the basics. If you need more practical advice you are definitely welcome.

  • Wing Tips: Using Black and YAPF Code Reformatting in Wing Python IDE

    ing version 7.2 has been released, so in the next couple Wing Tips we'll take a look at some of its new features. Wing 7.2 expands the options for automatic code reformatting to include also Black and YAPF, in addition to the previously supported autopep8. Using one of these allows you to develop nicely formatted uniform-looking code without spending time manually adjusting the layout of code.

Videos/Audiocasts/Shows: System76 Serval WS, Linux Headlines, FLOSS Weekly and LCARS System 47 Screensaver on Linux

  • System76 Serval WS Workstation Laptop Full Review

    The System76 Serval WS laptop is crazy powerful, with a desktop CPU and a powerful Nvidia video card. In this review, I show off the hardware, weigh the pros and cons, and give my overall thoughts.

  • 2020-01-22 | Linux Headlines

    Major improvements come to Wine, Debian makes a significant change post systemd debate, and the world’s most popular open source API gateway gets an update.

  • FLOSS Weekly 563: Apprentice Program

    The Apprentice Program is an initiative to train and mentor female junior developers in open source, creating a pipeline of talent and changing the ratio in tech.

  • LCARS System 47 Screensaver on Linux | Install and Service Creation

    This video goes over the infamous LCARS System 47 Screensaver on Linux. You have seen it in my background and now I show how to use an old 90s screensaver scr file on Linux. I then show how to make a systemd service to activate the screensaver when you are idle for a set amount of time.