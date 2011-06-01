Neptune 5.1 We are proud to announce version 5.1 of Neptune . This update represents the current state of Neptune 5 and renews the ISO file so if you install Neptune you don't have to download tons of Updates. The Calamares Installer now handles also installing hyphentation, thesaurus and spellecheck for the choosen localization. Main changes in this version are the update of Plasma to version 5.12.4 and KDE Frameworks to version 5.44. Besides that we also updated our default icon theme to include some new icons and Plasma Discover got some minor fixes and a slightly improved UI now featuring a refresh button in the Update dialog. Knetworkmounter should work like usual again and Enlightenment fans should be able to install their beloved desktop in version 0.22.

Kernel: "​Linux is Under Your Hood" and LWN's Latest Kernel Coverage (Paywall Expired) ​Linux is under your hood Much of that work is done via the Automotive Grade Linux (AGL). This Linux Foundation-based organization is a who's who of Linux-friendly car manufacturers. Its membership includes Ford, Honda, Mazda, Nissan, Mercedes, Suzuki, and the world's largest automobile company: Toyota. "Automakers are becoming software companies, and just like in the tech industry, they are realizing that open source is the way forward," said Dan Cauchy, AGL's executive director, in a statement. Car companies know that while horsepower still sells, customers also want smart infotainment systems, automated safe drive features, and, eventually, self-driving cars. I have two young grandsons. I seriously wonder if they'll learn to drive. Just like many people who no longer know how to drive a stick-shift, I can see people in the next 20 years never bothering with driving classes.

wait_var_event() One of the trickiest aspects to concurrency in the kernel is waiting for a specific event to take place. There is a wide variety of possible events, including a process exiting, the last reference to a data structure going away, a device completing an operation, or a timeout occurring. Waiting is surprisingly hard to get right — race conditions abound to trap the unwary — so the kernel has accumulated a large set of wait_event_*() macros to make the task easier. An attempt to add a new one, though, has led to the generalization of specific types of waits for 4.17.

An audit container ID proposal The kernel development community has consistently resisted adding any formal notion of what a "container" is to the kernel. While the needed building blocks (namespaces, control groups, etc.) are provided, it is up to user space to assemble the pieces into the sort of container implementation it needs. This approach maximizes flexibility and makes it possible to implement a number of different container abstractions, but it also can make it hard to associate events in the kernel with the container that caused them. Audit container IDs are an attempt to fix that problem for one specific use case; they have not been universally well received in the past, but work on this mechanism continues regardless. The audit container ID mechanism was first proposed (without an implementation) in late 2017; see this article for a summary of the discussion at that time. The idea was to attach a user-space-defined ID to all of the processes within a container; that ID would then appear in any events emitted by the audit subsystem. Thus, for example, if the auditing code logs an attempt to open a file, monitoring code in user space would be able to use the container ID in the audit event to find the container from which the attempt originated.

Kernel lockdown in 4.17? [Ed: Giving Microsoft the keys to Linux] The UEFI secure boot mechanism is intended to protect the system against persistent malware threats — unpleasant bits of software attached to the operating system or bootloader that will survive a reboot. While Linux has supported secure boot for some time, proponents have long said that this support is incomplete in that it is still possible for the root user to corrupt the system in a number of ways. Patches that attempt to close this hole have been circulating for years, but they have been controversial at best. This story may finally come to a close, though, if Linus Torvalds accepts the "kernel lockdown" patch series during the 4.17 merge window. In theory, the secure-boot chain of trust ensures that the system will never run untrusted code in kernel mode. On current Linux systems, though, the root user (or any other user with sufficient capabilities) can do exactly that. For anybody who wants to use secure boot to ensure the integrity of their systems (or, perhaps, to prevent their customers from truly owning the system), this hole defeats the purpose of the whole exercise. Various kernel lockdown patches have been proposed over the years (LWN first covered them in 2012), but these patches have run into two types of criticism: (1) restricting what root can do goes against the design of Unix-like systems, and (2) locking down the system in this way still does not solve the problem.