Jarkko Sakkinen
Posts
5227Following
340Followers
521OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Moxie seems to be only person in the planet nailing login like it was 2021 :-)
Linear email-link-passkey track.
First time I witnessed this like it should be done everywhere really since five years ago.
Linear email-link-passkey track.
First time I witnessed this like it should be done everywhere really since five years ago.
0
0
0
Jarkko Sakkinen
jarkko
I'm slowly putting together a software clone slash inspired of first edition of Polyend Tracker:
https://bsky.app/profile/jarkk0.bsky.social/post/3mesd3hefkk22
All the graphics code is going throug rewrite (undoing egui for other than layouts, per-pixel rendering to texture for each block) and doing direct pipewire backend, and later on CoreAudio for macOS :-)
#polyend #chiptune
https://bsky.app/profile/jarkk0.bsky.social/post/3mesd3hefkk22
All the graphics code is going throug rewrite (undoing egui for other than layouts, per-pixel rendering to texture for each block) and doing direct pipewire backend, and later on CoreAudio for macOS :-)
#polyend #chiptune
1
0
2
Jarkko Sakkinen
jarkko
Test case naming conventions people use for kselftest when you have broad spectrum of them?
0
0
0
Jarkko Sakkinen
jarkko
The update I 'm still fine-tuning for dhowell's patch set is not just respin but is actually conceptually different.
I.e. from being task_struct centered into nsproxy centered, and repeated spawning that Eric Biedermann complained about (for legit reasons) is being addressed.
Containers are 1st class namespace now members managed by nsproxy to address the need of not wanting to use namespaces ;-)
I.e. from being task_struct centered into nsproxy centered, and repeated spawning that Eric Biedermann complained about (for legit reasons) is being addressed.
Containers are 1st class namespace now members managed by nsproxy to address the need of not wanting to use namespaces ;-)
0
0
0
Jarkko Sakkinen
jarkko
Edited yesterday
Getting there: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
# /usr/lib/kselftests/run_kselftest.sh -t containers:run.sh
TAP version 13
1..1
# timeout set to 45
# selftests: containers: run.sh
# create: alpha: pass
# create: beta: pass
# list/json: fetch: pass
# list/json: has alpha: pass
# list/json: has beta: pass
# list/json: has ready state: pass
# ps/json: fetch: pass
# ps/json: has alpha: pass
# ps/json: has beta: pass
# create: reject invalid name: pass
# run: no procfs without --proc: pass
# run: procfs with --proc: pass
# wait: observes termination: pass
# stop: SIGTERM exits init: pass
# stop: fails when TERM ignored: pass
# kill: SIGKILL exits init when TERM ignored: pass
# run: non-zero exit fails: pass
ok 1 selftests: containers: run.sh
# /usr/lib/kselftests/run_kselftest.sh -t containers:run.sh
TAP version 13
1..1
# timeout set to 45
# selftests: containers: run.sh
# create: alpha: pass
# create: beta: pass
# list/json: fetch: pass
# list/json: has alpha: pass
# list/json: has beta: pass
# list/json: has ready state: pass
# ps/json: fetch: pass
# ps/json: has alpha: pass
# ps/json: has beta: pass
# create: reject invalid name: pass
# run: no procfs without --proc: pass
# run: procfs with --proc: pass
# wait: observes termination: pass
# stop: SIGTERM exits init: pass
# stop: fails when TERM ignored: pass
# kill: SIGKILL exits init when TERM ignored: pass
# run: non-zero exit fails: pass
ok 1 selftests: containers: run.sh
1
0
0
Jarkko Sakkinen
jarkko
Opaque container objects can be sealed better or that can be tuned very far at least.
This has the advantage when you actually want bare metal + containers instead of bare metal + vm wrapping the containers.
I mean when you want that in *production* and don't want to worry too much of security aspects.
One example use case is to maximize the throughput in video streaming service for each node. This is the "Netflix use case" (they use FreeBSD).
This has the advantage when you actually want bare metal + containers instead of bare metal + vm wrapping the containers.
I mean when you want that in *production* and don't want to worry too much of security aspects.
One example use case is to maximize the throughput in video streaming service for each node. This is the "Netflix use case" (they use FreeBSD).
1
0
0
Jarkko Sakkinen
jarkko
A new git tidbit learned: git branch --edit-description
Read:
git config --get branch.container.description
Now git-format-patch will import it as the body of the cover-letter:
git format-patch --cover-letter master
Read:
git config --get branch.container.description
Now git-format-patch will import it as the body of the cover-letter:
git format-patch --cover-letter master
0
2
8
Jarkko Sakkinen
jarkko
I'm worried that it will be a murder to send container object patch set tbh. We'll see. Everytime I think it is ready I see something that makes me unhappy.
And even if it was right technical sense it is not high odds patch set by definition.
Especially trying to nail Al Viro's and Eric W. Biedermann's feedback to previous iteration from 2019 but I'm sure I'll miss some detail, ugh :-)
And even if it was right technical sense it is not high odds patch set by definition.
Especially trying to nail Al Viro's and Eric W. Biedermann's feedback to previous iteration from 2019 but I'm sure I'll miss some detail, ugh :-)
0
0
0
Jarkko Sakkinen
jarkko
I'm trying to figure out a name for C file containing minimal container manager (or distantly a container manager). All I can make up is kontainer.c :-/ I guess I have to fix to that then. This is for kselftest.
2
0
0
Jarkko Sakkinen
repeated
repeated
Thorsten Leemhuis (acct. 1/4)
kernellogger@hachyderm.ioThe #Rust support in the #Linux #kernel is now officially a first class citizen and not considered experimental any more:
https://git.kernel.org/torvalds/c/9fa7153c31a3e5fe578b83d23bc9f185fde115da; for more details, see also: https://lwn.net/Articles/1050174/
This is one of the highlights from the main #RustLang for #LinuxKernel 7.0 that was merged a few hours ago ; for others, see https://git.kernel.org/torvalds/c/a9aabb3b839aba094ed80861054993785c61462c
2
17
1
Jarkko Sakkinen
jarkko
Edited 4 days ago
I'll replace the test-container.c from the original patch set with kcontainer.c, which is a stripped down container manager, and a shell script containing the test cases.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
0
0
0
Jarkko Sakkinen
jarkko
A new Git subcommand I was not aware of: git range-diff. It compares two versions of branch.
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
0
1
2
Jarkko Sakkinen
jarkko
Edited 5 days ago
Overall this looks stil very wrong but some very basics have been put in place:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
0
0
0
Jarkko Sakkinen
jarkko
hooray, i have container_create() syscall running on top of mainline tip.
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
1
0
2
Jarkko Sakkinen
jarkko
The defence project in EU that could not get enough funding: https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
Because option B is to call to Musk :-)
Because option B is to call to Musk :-)
0
0
0
Jarkko Sakkinen
jarkko
Edited 6 days ago
I think getting some kind of version of QEMU TPM integrated emulation by LSS 2026 CfP would be a resonable goal.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
0
0
0
Jarkko Sakkinen
jarkko
https://github.com/rust-vmm/vm-memory/issues/371
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
0
0
1