Flatseal is a GUI utility app that enables you to review and modify all the permissions given to your Flatpak applications. If you are familiar with managing app permissions on an Android device then this will not be a new concept to you. If you are a frequent FossMinter, then you must know what Flatpak is – the utility that allows developers to sandbox applications with curated access to network interfaces, system resources, file storage, etc. Unlike Android, however, which has native support for tweaking its permissions via the CLI and GUI, Flatpak has these settings available only via the command line as Flatpak commands. Flatseal has stepped into the chat room and given users the ability to control their Flatpak permissions via the convenience of a GUI.

LVM (Logical Volume Manager) is the recommended way to manage disk or volume in Linux system. One of the major benefits of LVM partitions is that we can extend their size on the fly without any down time. In this post, we will learn how to create LVM partition in linux step by step. For demonstration purpose, I have attached 10 GB disk to my Ubuntu system and will create lvm partition on it. Let’s deep dive into the steps.

Whether you are a system administrator, network administrator, or a normal user under a Linux operating system, it is important to ensure your system is set to the correct date and time in regard to your location. For instance, your prowess in Linux administration might take you to different time zones and locations. Under such circumstances, you might need to update your Linux system with the correct date and time values so that you are not caught off guard during important activities like project presentations. Also, some programs that run under Linux reference the system date and time values as part of their input and output data. The misrepresentation of such values can yield logical consequences.

Shell scripts are a great way to automate repetitive tasks on Linux. You can write Bash scripts that perform system-related tasks such as installing software, adding new users, dynamically configuring the desktop, just to name a few. But what's the prerequisite? You should have in-depth knowledge of the Bash shell and its commands, including how to wrap these commands in a script—and the most important—how to run the script. Here's how you can create and execute Bash scripts on Linux.

How to update GIMP in Ubuntu 20.04 LTS without using Flatpak or Snap, GIMP is a special application for me, which I use almost daily -for little things in general, but that is another story- and that I like to keep updated, although it has not been easy for me in the last year … because for this specific case, neither Flatpak nor Snap meet what I need. My needs, of course, are what they are: I mainly use distributions based on the latest Ubuntu LTS that has come out, and I use several of the plugins that are still packaged in the Ubuntu repositories. This is the basics, and since Ubuntu does not update applications like GIMP in the same version, and that versions like Ubuntu LTS last for me installed for more or less a couple of years, the price to pay is to miss all the news that GIMP is implementing , which for some time now has accelerated its development and leaves us releases as interesting as the recent GIMP 2.10.28.

Kernel Articles From LWN (Just Released From Paywall) FIPS-compliant random numbers for the kernel [LWN.net] The Linux random-number generator (RNG) seems to attract an outsized amount of attention (and work) for what is, or seemingly should be, a fairly small component of the kernel. In part that is because random numbers, and their quality, are extremely important to a number of security protections, from unpredictable IP-packet sequence numbers to cryptographic keys. A recent post of version 43 of the Linux Random Number Generator (LRNG) by Stephan Müller is not likely to go any further than its predecessors, but the discussion around it may lead to support for a feature that some distributions need. The cover letter for the LRNG patch set is titled "/dev/random - a new approach", which is true, but also sure to elicit highly skeptical responses or cause the patches to be ignored entirely. As was reiterated in the discussion, kernel development generally does not proceed along the "wholesale replacement" path; features are added slowly, in bite-sized chunks, instead. But LRNG is meant to be a drop-in replacement for the existing kernel RNG, while adding a long list of additional features—some of which would likely be welcome if they were separated out.

A reference-count tracking infrastructure [LWN.net] Reference counts are a commonly used mechanism for tracking the life cycle of objects in a computing system. As long as every user of an object correctly maintains its references by incrementing and decrementing the reference count, that object will persist for as long as it is needed and will be properly destroyed once the last user is done. The "correctly" in that sentence is important, though; things do not work as well in the presence of reference-counting errors. Networking developer Eric Dumazet is working on a reference-count tracking system that could prove useful for finding these errors in the networking subsystem and, someday, throughout the kernel. Bugs in reference-count manipulation can be hard to find because the references themselves are anonymous. It may become clear, for example, that some user of an object has failed to release a reference before forgetting about that object, but there is generally no way to know which user has done this. So the kernel ends up with an unused object that cannot be released, but there is no way to know where the reference-counting mechanism failed, or even which reference was lost. If there were a way to determine which of (say) several dozen references to an object was leaked, the task of finding the erroneous release path would be made considerably easier.

A filesystem for namespaces [LWN.net] It is natural, when looking at the kernel development process, to focus on patches that find their way to acceptance and become a part of future kernels. But there can be value in looking at work that doesn't clear the bar; in failing, these patches often reveal things about the kernel and the community that creates it. Such is the case with the proof-of-concept namespacefs patch series recently posted by Yordan Karadzhov. One should not expect to see namespacefs in a future kernel but, in failing, this work showed a real use case and why it is hard to satisfy that use case in the kernel. Namespacefs is, as one might expect, a virtual filesystem implemented by the kernel. Its job is to display the hierarchy of namespaces running on the system; this information reflects the hierarchy of containers that are running. By using namespacefs, administrators can more readily see what is happening on their systems; it is also meant to facilitate complicated use cases like tracing multiple containers and watching how they interact. The initial implementation was limited to the PID and time namespaces. One can use it to traverse the hierarchy of PID namespaces (time namespaces are not hierarchical) and obtain the list of processes running in each. Other types of namespaces are not supported in this posting, but the intent was seemingly to add that support in a future version if namespacefs looked like the right solution to the problem.

Detecting missing memory barriers with KCSAN [LWN.net] Writing (correct) concurrent code that uses locking to avoid race conditions is difficult enough. When the objective is to use lockless algorithms, relying on memory barriers instead of locks to eliminate locking overhead, the problem becomes harder still. Bugs are easy to create and hard to find in this type of code. There may be some help on the way, though, in the form of this patch set from Marco Elver that enhances the Kernel Concurrency Sanitizer (KCSAN) with the ability to detect some types of missing memory barriers. KCSAN works in a statistical manner by watching accesses to specific memory addresses and trying to detect racy patterns; the algorithm used is described in this article. In its current form, though, KCSAN can only catch certain types of race conditions, specifically those that arise from locking errors. Other types of races remain invisible to this tool, including a number that can arise in incorrect lockless code. KCSAN is, by design, blind to the kinds of problems that occur when CPUs and memory controllers reorder the visibility of memory writes.