Fedora / Red Hat Leftovers

posted by Roy Schestowitz on Dec 23, 2022,
updated Dec 23, 2022

• Fedora 38 To Prohibit Byte Swapped Xorg and Xwayland Clients - Slashdot

  A rather exotic feature in Xorg and Xwayland is being proposed to have the default value turned off going forward in Fedora 38 due to its use in attacks (CVE-2014-8095, CVE-2014-8099, CVE-2014-8103. . . to name a few). The feature allows servers running on one endianess to byte-swap to allow clients of a different endianess to connect to it. This was more common in the 1980s when X servers ran on big-endian and clients would connect who were little-endian.

• Career builders: Upskill in the new year with these 10 free Red Hat Training webinars

  Throughout 2022, training experts from Red Hat Training and Certification delivered free monthly Taste of Training webinars built around our existing curricula to provide viewers valuable insight into our course catalog and the latest updates on Red Hat technology. Don’t worry if you weren’t able to attend the live sessions – each webinar is available on-demand for one year after the live session. Here is a look back at the topics that were covered this year:

• Customer success: Highlights from our public customer stories in 2022

  As this year draws to a close, we stop to reflect on what 2022 has meant to us. For many, it’s been a year that saw people returning to the office and other public venues, mingling with coworkers, family and friends—some of whom we haven’t seen in more than two years. Gatherings are becoming more frequent, restrictions are being lifted and fewer masks are worn in grocery stores and doctor’s offices, among a number of other things.

  Red Hat Summit went hybrid for the first time, with more than 900 attendees in Boston and in excess of 14,000 logging into the virtual experience. AnsibleFest was another popular event, showcasing the benefits of automation for organizations—from development and operations to security and network teams.

• ELF section retrieval with debuginfod

  It's been almost a year since our last blog regarding debuginfod, an HTTP file server that provides debugging resources to debugger-like tools. Since then we have been busy working on improvements to the server itself, as well as the debuginfod clients built into tools such as GDB, Valgrind and Systemtap. One feature that we recently added is the ability to download specific ELF sections from ELF binaries available from the server. First I'll give brief summaries of how debuginfod works and what ELF sections are. For more information you can check out our other debuginfod blog posts.

• Kubernetes 1.26: Support for Passing Pod fsGroup to CSI Drivers At Mount Time | Kubernetes

  Delegation of fsGroup to CSI drivers was first introduced as alpha in Kubernetes 1.22, and graduated to beta in Kubernetes 1.25. For Kubernetes 1.26, we are happy to announce that this feature has graduated to General Availability (GA).

  In this release, if you specify a fsGroup in the security context, for a (Linux) Pod, all processes in the pod's containers are part of the additional group that you specified.

  In previous Kubernetes releases, the kubelet would always apply the fsGroup ownership and permission changes to files in the volume according to the policy you specified in the Pod's .spec.securityContext.fsGroupChangePolicy field.

  Starting with Kubernetes 1.26, CSI drivers have the option to apply the fsGroup settings during volume mount time, which frees the kubelet from changing the permissions of files and directories in those volumes.