Skip to main content
All posts tagged “Container Linux”

CoreOS is celebrating its fourth birthday this month. Join us in a look back at the past four years and at where we are heading, and celebrate with us!

CoreOS was born in 2013

Alex Polvi and Brandon Philips co-founded CoreOS with the fundamental idea of securing the backend of the internet via automated operations. Remember this scrappy company born out of a garage in Palo Alto?

Linux Hackers Rebuild Internet From Silicon Valley Garage (via WIRED).

Background on the Stack Clash

Security researchers at Qualys recently disclosed new techniques to exploit stack allocations on several operating systems, even in the face of a number of security measures. Qualys was able to find numerous local-root exploits — exploits which allow local users of a system to gain root privileges — by applying stack allocation techniques against various pieces of userspace software.

CoreOS develops modern container cluster infrastructure guided by a philosophy of automation in pursuit of security. Beginning with the automatically-updating Container Linux operating system and extending through the Tectonic Kubernetes platform for the enterprise, CoreOS aims to deliver “continuous availability” – automated deployment, lifecycle management, and security updates at each layer of the infrastructure stack.

 

Locksmith is the component included in CoreOS Container Linux that manages machine reboots after an update has been downloaded. This is a critical part of the operating system that we’ve had in place since the launch of our distribution, and today is part of the reason why when a security vulnerability is released we can update every auto-updating Container Linux machine on the order of hours.

Locksmith has four update strategies:

This week, CoreOS released Matchbox v0.6.0 with new Terraform integrations, which enables you to create and share resources within teams for reproducible production infrastructure.

The Double-Free vulnerability in the Linux kernel, as reported in CVE-2017-6074, has been patched in CoreOS Container Linux. This vulnerability could allow a local user to escalate to root privileges.

Container Linux by CoreOS ships dm-verity, a technology that builds on trusted boot and secure boot to make it impossible for attackers to modify the underlying filesystem containing the OS. This security mechanism is enabled by default, helping ensure that the whole system is in a trustworthy state.

A core part of Container Linux is the automated image-based update strategy. Each Container Linux install has three partitions that are used by the OS:

CoreOS etcd’s first commits happened some three and a half years ago, and a lot has changed since that initial version 0 of the etcd API. etcd version 3, introduced last summer, offers a streamlined, gRPC-based API and dramatic performance improvements over both competitive solutions and its own prior versions, while maintaining the distributed reliability and rolling upgrade capabilities that make etcd manageable in production.

Today we’re announcing a new training series from the engineers at CoreOS. Join us for classes on Kubernetes, containers, and CoreOS Linux. You can sign up today for public classes starting in September, or contact us to request a private class for your company.

International Friendship day

Sunday, August 7th is International Friendship Day. This got us thinking about how Facebook has been so successful in connecting the world by friends sharing information.

Subscribe to Container Linux