Kernel, Security, and Mesa

posted by Roy Schestowitz on Feb 16, 2024

• LinuxSecurity ☛ Huawei Proposes to Improve Linux Kernel Memory Security with New Sandbox Mode

  Chinese tech giant Huawei has proposed introducing a "SandBox Mode" for the Linux kernel , aimed at bolstering memory security. This mode would create an environment where native kernel code can be executed but with access restricted only to predefined memory addresses.

• Lukas Vrabec: Introduction of deny rules for SELinux policy

  After a few years, I’m glad I can share some SELinux updates.

  For quite some time, I’ve encountered inquiries regarding the potential inclusion of a feature in the SELinux userspace that would facilitate the removal of SELinux rules from the system. Such functionality would indeed be beneficial, considering that SELinux policies utilized in operating systems like Fedora, CentOS, and RHEL are intricate, allowing numerous common operations. However, for specific use cases, this might not align with your preferences. Instead, you might aim to tighten the policy further.

• Graphics Stack

  • Free Desktop ☛ mesa 24.0.1

    Hello everyone,
    
    
    The bugfix release 24.0.1 is now available.
    
    
    If you find any issues, please report them here:
    https://gitlab.freedesktop.org/mesa/mesa/-/issues/new
    
    
    The next bugfix release is due in two weeks, on February 28th.
    
    
    Cheers,
      Eric