Skip to main content
All posts tagged “Container Linux”

In recent months, we've talked about our plans for Red Hat CoreOS, the new immutable, container-centric operating system bringing automated operations to Red Hat OpenShift. This week, the Fedora project announced the official launch of the Fedora CoreOS project, a new open source community effort under the Fedora banner.

In the months since CoreOS was acquired by Red Hat, we’ve been building on our vision of helping companies achieve greater operational efficiency through automation. Today at Red Hat Summit we’ve outlined our roadmap for how we plan to integrate the projects and technologies started at CoreOS with Red Hat’s, bringing software automation expertise to customers and the community.

New releases of Container Linux addressing the Meltdown attack, caused by vulnerabilities in many modern processors, are now available in all three Container Linux release channels: Alpha 1649.0.0, Beta 1632.1.0, and Stable 1576.5.0. Updates are rolling out to the Alpha and Beta channels now, and should complete over the next 24-48 hours. By default, Container Linux will apply these updates automatically, but systems with non-default configurations should be manually updated as soon as possible.

As a modern, minimal, container-focused operating system, Container Linux by CoreOS strives to deliver the most recent stable versions of the key software needed to run containers: the Docker and rkt container engines, the Linux kernel, systemd, and

CoreOS is celebrating its fourth birthday this month. Join us in a look back at the past four years and at where we are heading, and celebrate with us!

CoreOS was born in 2013

Alex Polvi and Brandon Philips co-founded CoreOS with the fundamental idea of securing the backend of the internet via automated operations. Remember this scrappy company born out of a garage in Palo Alto?

Linux Hackers Rebuild Internet From Silicon Valley Garage (via WIRED).

Background on the Stack Clash

Security researchers at Qualys recently disclosed new techniques to exploit stack allocations on several operating systems, even in the face of a number of security measures. Qualys was able to find numerous local-root exploits — exploits which allow local users of a system to gain root privileges — by applying stack allocation techniques against various pieces of userspace software.

CoreOS develops modern container cluster infrastructure guided by a philosophy of automation in pursuit of security. Beginning with the automatically-updating Container Linux operating system and extending through the Tectonic Kubernetes platform for the enterprise, CoreOS aims to deliver “continuous availability” – automated deployment, lifecycle management, and security updates at each layer of the infrastructure stack.

 

Locksmith is the component included in CoreOS Container Linux that manages machine reboots after an update has been downloaded. This is a critical part of the operating system that we’ve had in place since the launch of our distribution, and today is part of the reason why when a security vulnerability is released we can update every auto-updating Container Linux machine on the order of hours.

Locksmith has four update strategies:

This week, CoreOS released Matchbox v0.6.0 with new Terraform integrations, which enables you to create and share resources within teams for reproducible production infrastructure.

The Double-Free vulnerability in the Linux kernel, as reported in CVE-2017-6074, has been patched in CoreOS Container Linux. This vulnerability could allow a local user to escalate to root privileges.

Subscribe to Container Linux