-
Review [Ubuntu's Security Features](https://wiki.ubuntu.com/Security/Features) to look for potential criterion questions. It might be useful to phrase at least some of these as separate criteria if #…
-
aka switch `template` from being trusted to untrusted.
### Proposal
Nomad should fetch artifacts and render templates inside their task's container so that they have the same permissions, capabi…
-
When using non-file access rights on files (rather than directories),
it is possible to get go-landlock to return a `BUG(go-landlock)` error.
This is unintended and should be fixed.
Reported by…
-
On my old Ubuntu 16.04 LTS box I never bothered to build Firejail with `--enable-analyzer`. But after migrating that machine to Ubuntu 22.04 LTS I gave it a try. The below warnings showed up (which do…
-
If I have a target:
```
cxx_library(
name=“foo”,
srcs=[“foo.cpp”],
include_directories=[“include”]
)
```
And foo.cpp looks like this:
```
#include “foo.h”
```
this will…
-
bpf core
- stringmap {?}
- bounded loops { DanielB }
- func calls and indirect calls { @4ast }
- C-Type Format : kernel { @iamkafai } bcc { @drzaeus77 }
- lsm hooks { android folks }
- read only…
-
### systemd version the issue has been seen with
251.6-2
### Used distribution
Arch Linux
### Linux kernel version used
6.0.2-arch1-1
### CPU architectures issue was seen on
x86_6…
-
nomad: 1.4.2 os: centos7 core:4 mem:8GB
Using exec as the driver to create a job with count of 100, causing the cluster to freeze
Docker, raw_ Docker, these two drivers do not have this issue
…
-
Using a [`kmem_cache`](https://docs.kernel.org/core-api/mm-api.html) per Landlock's kernel type could improve performance, and it would also be useful to get some metrics via `/proc/slabinfo`.
One …
l0kod updated
3 weeks ago
-
**Description**
Currently `karmor sysdump` generated output doesn't contains information about the node's support for KubeArmor (available LSMs, the mode of enforcement, etc.) which are already a par…