Jarkko Sakkinen
jarkko
A new git tidbit learned: git branch --edit-description
Read:
git config --get branch.container.description
Now git-format-patch will import it as the body of the cover-letter:
git format-patch --cover-letter master
Read:
git config --get branch.container.description
Now git-format-patch will import it as the body of the cover-letter:
git format-patch --cover-letter master
0
2
8
Jarkko Sakkinen
jarkko
I'm worried that it will be a murder to send container object patch set tbh. We'll see. Everytime I think it is ready I see something that makes me unhappy.
And even if it was right technical sense it is not high odds patch set by definition.
Especially trying to nail Al Viro's and Eric W. Biedermann's feedback to previous iteration from 2019 but I'm sure I'll miss some detail, ugh :-)
And even if it was right technical sense it is not high odds patch set by definition.
Especially trying to nail Al Viro's and Eric W. Biedermann's feedback to previous iteration from 2019 but I'm sure I'll miss some detail, ugh :-)
0
0
0
Jarkko Sakkinen
jarkko
I'm trying to figure out a name for C file containing minimal container manager (or distantly a container manager). All I can make up is kontainer.c :-/ I guess I have to fix to that then. This is for kselftest.
2
0
0
Jarkko Sakkinen
repeated
repeated
Thorsten Leemhuis (acct. 1/4)
kernellogger@hachyderm.ioThe #Rust support in the #Linux #kernel is now officially a first class citizen and not considered experimental any more:
https://git.kernel.org/torvalds/c/9fa7153c31a3e5fe578b83d23bc9f185fde115da; for more details, see also: https://lwn.net/Articles/1050174/
This is one of the highlights from the main #RustLang for #LinuxKernel 7.0 that was merged a few hours ago ; for others, see https://git.kernel.org/torvalds/c/a9aabb3b839aba094ed80861054993785c61462c
2
15
1
Jarkko Sakkinen
jarkko
Edited 3 months ago
I'll replace the test-container.c from the original patch set with kcontainer.c, which is a stripped down container manager, and a shell script containing the test cases.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
0
0
0
Jarkko Sakkinen
jarkko
A new Git subcommand I was not aware of: git range-diff. It compares two versions of branch.
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
0
1
2
Jarkko Sakkinen
jarkko
Edited 3 months ago
Overall this looks stil very wrong but some very basics have been put in place:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
0
0
0
Jarkko Sakkinen
jarkko
hooray, i have container_create() syscall running on top of mainline tip.
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
1
0
2
Jarkko Sakkinen
jarkko
The defence project in EU that could not get enough funding: https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
Because option B is to call to Musk :-)
Because option B is to call to Musk :-)
0
0
0
Jarkko Sakkinen
jarkko
Edited 3 months ago
I think getting some kind of version of QEMU TPM integrated emulation by LSS 2026 CfP would be a resonable goal.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
0
0
0
Jarkko Sakkinen
jarkko
https://github.com/rust-vmm/vm-memory/issues/371
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
0
0
1
Jarkko Sakkinen
jarkko
The first time I got copilot feedback: https://github.com/himmelblau-idm/himmelblau/pull/1079
4/7 require additional feedback i.e., this pretty much explains why *what* is really the time consuming part, at least when aiming to production quality. In other words, you have unlimited ways to implement a functionality but no computation can cherry pick exactly right form from the unlimited options.
4/7 require additional feedback i.e., this pretty much explains why *what* is really the time consuming part, at least when aiming to production quality. In other words, you have unlimited ways to implement a functionality but no computation can cherry pick exactly right form from the unlimited options.
0
0
1
Jarkko Sakkinen
jarkko
I started rebasing and tuning dhowell's old container patches.
Right now I've bumped into use of "init_cred", which was made static in the recent past.
I guess I can address this by:
1. Removing static initialization of the field from struct container.
2. Adding a snippet of code to kernel initialization that assigns the same field dynamically using kernel_cred().
Is this the path I should take?
#linux #kernel
Right now I've bumped into use of "init_cred", which was made static in the recent past.
I guess I can address this by:
1. Removing static initialization of the field from struct container.
2. Adding a snippet of code to kernel initialization that assigns the same field dynamically using kernel_cred().
Is this the path I should take?
#linux #kernel
1
0
0
Jarkko Sakkinen
jarkko
0
1
1
Jarkko Sakkinen
jarkko
Edited 3 months ago
Created beginnings of TPM 2.0 emulator integrated directly to QEMU based on Infineon SLB9672. It requires compilation with optionally enabled Rust shenanigans.
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
3
4
10
Jarkko Sakkinen
jarkko
Edited 3 months ago
Speaking of swcam R&D benefits.
I talked about drones at LKML but you don't have to go that far in order to find useful places to improve QA using a software-define camera.
E.g., one could use it to improve tests of libcamera, pipewire and gstreamer ;-)
EDIT: and it could be utilized with WSL2 to provide video source for the VM environment.
I talked about drones at LKML but you don't have to go that far in order to find useful places to improve QA using a software-define camera.
E.g., one could use it to improve tests of libcamera, pipewire and gstreamer ;-)
EDIT: and it could be utilized with WSL2 to provide video source for the VM environment.
0
0
2
Jarkko Sakkinen
jarkko
Edited 3 months ago
Not posting this any time soon but now I think swcam has a decent uAPI where vidioc configuration is decoupled from producer of the stream. The producer provides a dataset of <pix_format, frame_rate> pairs that constraint the vidioc API upon creation and via SWCAM_IOC_WAIT gets the specs for the currently playing stream, always in the expected space of configurations.
The streaming pipeline itself has remained the same from the get go.
See:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/tree/include/uapi/linux/swcam.h?h=vcam
Just wanted to put this to rebasable and complete state just in case (and I will continue to rebase the branch).
The streaming pipeline itself has remained the same from the get go.
See:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/tree/include/uapi/linux/swcam.h?h=vcam
Just wanted to put this to rebasable and complete state just in case (and I will continue to rebase the branch).
1
0
0
Jarkko Sakkinen
jarkko
drafted my first ever himmelblau idm patch for dynamic user credential resolution :-) will take a while before any prs result.
0
0
0