Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
container-snap: Atomic Updates from OCI Images using Podman’s Btrfs Driver (asg2025)
Traditional package updates using tools like RPM or Zypper can introduce risks, such as incomplete updates or accidentally breaking the running system. To overcome these challenges, we developed **container-snap**, a prototype plugin designed to deliver atomic OS updates—updates that are fully applied or rolled back without compromising the system's state. container-snap leverages OCI images as the source for updates and integrates seamlessly with openSUSE’s [tukit](https://github.com/openSUSE/transactional-update) to enable transactional OS updates. By utilizing Podman’s btrfs storage driver, it creates btrfs subvolumes directly from OCI images, allowing systems to boot from the OCI image. This approach empowers...
Slim device software with systemd targets and nspawn (asg2025)
It has been 10 years since Axis Communications had a presentation at the systemd conference. Back then, we have shown how we have increased our product quality, stability and boot times by porting our platform to systemd. 10 years later, we had different challenges to keep the resource usages and boot times under control. We have started from bottom up and sliced our software for this purpose. This work also got us inspired to create virtual versions of our hardware products that we cluster deploy using systemd's nspawn. We have hundreds of engineers working on...
New Linux Kernel Coredump Infrastructure (asg2025)
Coredumping on Linux has long been a nightmare. Currently two modes are supported: (1) Dumping directly into a file somewhere on the filesystem. (2) Dumping into a pipe connected to a usermode helper process spawned as a child of the system_unbound_wq or kthreadd. For simplicity I'm mostly ignoring (1). There's probably still some users of (1) out there but processing coredumps in this way can be considered adventurous especially in the face of set*id binaries. The most common option should be (2) by now. It works by allowing userspace to put a string into /proc/sys/kernel/core_pattern like: ...
Privilege delegation for rootless containers, what choices do we have? (asg2025)
Going for minimal containers with restricted system calls and unprivileged users is the usual Kubernetes approach these days, and it works great for most web apps. However, the development of more complex infrastructure extensions frequently hinders application functionality. While looking for a solution to deploy virtiofsd in an unprivileged container for KubeVirt, we stumbled on seccomp notifiers. Seccomp notifiers are a kernel feature which monitors syscalls and get notifications to a userspace application when a syscall is executed. Alternative options involved either the use of a custom protocol using UNIX sockets or the deployment of...
Shipping Flatpak applications with an image based system (asg2025)
Flatpak is the de-facto standard for distributing desktop applications across various Linux based systems. It also offers other advantages such as sandboxing. It is particularly useful for image based systems as it installs the applications into a separate location and doesn't try to modify the system. GNOME OS is GNOME's development, testing and QA operating system. It builds the latest and greatest in-development versions of the GNOME desktop and core applications. It is also Linux based system that tries to fully embrace the systemd ecosystem. The applications are however built into the system. While this might...
pidfd: What have we been up to? (asg2025)
File descriptors for processes on Linux have been available for quite some time now. Userspace has adapted them widely.
Over the last two years or so we've extended the abilities of pidfds significantly. This talk will go over all the new features and deep dive into their implementation and usage.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/3BMJVH/
Video:asg2025-381-eng-pidfd_What_have_we_been_up_to_hd.mp4
GNOME OS' prêt-à-booter image (asg2025)
GNOME OS is a distribution based around systemd-sysupdate. This year, we finally created a live installer image using the same /usr partition as the installed OS. The main innovation however is the ability to install without the need to reboot. The user can start working while the installation is happening.
This live image is built using systemd-repart. And the installer itself also uses systemd-repart. But systemd-repart is not the complete solution and we had to solve some challenges.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/QRJVL3/
Video:asg2025-352-eng-GNOME_OS_pret-a-booter_image_hd.mp4
Dirlock: a new tool to manage encrypted filesystems (asg2025)
In the Linux world there are several tools and technologies to encrypt data on a hard drive, most falling into one of two categories: block device encryption (like LUKS) or stacked filesystem encryption (like EncFs or gocryptfs). This presentation will introduce Dirlock, a new tool that belongs to a third category: native filesystem encryption, using the kernel's fscrypt API. Dirlock is currently being developed and its aim is to provide a flexible way to encrypt files, suitable for both user accounts and arbitrary directories, with full PAM integration, support for hardware-backed mechanisms such as...
OS as a Service at Meta Platforms (asg2025)
I overview how OS management is done at Meta. We run millions of Linux servers and we have to make sure that OS gets updated on all of them in a given period of time. To do that we developed several products: MetalOS (Image based version of CentOS), Antlir (image builder) and Rolling OS Update (a service that keeps a set of DNF repos in sync with upstream repos and uses them to update OS )
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/VNCDRL/
Video:asg2025-332-eng-OS_as_a_Service_at_Meta_Platforms_hd.mp4
A Security Model for systemd (asg2025)
Linux lacks a coherent security model, and by extension we never defined one for the systemd project either. In this talk I'd like to start changing this, and begin defining some general security design guidelines that we so far mostly followed implicitly, and make them more explicit. After all, systemd to a large degree is involved in security subsystems, from SecureBoot, Measured Boot & TPM, to its service sandboxing, dm-verity/dm-crypt support, its FIDO2/PKCS#11 hookups, its many security boundaries, secure parameterization, Linux Security Module initialization and more. While this distributions & applications consuming systemd might follow different...