💾 Archived View for gemini.tuxmachines.org › n › 2023 › 05 › 24 › Red_Hat_Leftovers.gmi captured on 2023-05-24 at 17:44:50. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-06-20)

-=-=-=-=-=-=-

Tux Machines

Red Hat Leftovers

Posted by Roy Schestowitz on May 24, 2023

Today in Techrights

Security Leftovers

Blog: Using OCI artifacts to distribute security profiles for seccomp, SELinux and AppArmor

=> https://kubernetes.io/blog/2023/05/24/oci-security-profiles/ ↺ Blog: Using OCI artifacts to distribute security profiles for seccomp, SELinux and AppArmor

The Security Profiles Operator (SPO) makes managing seccomp, SELinux and AppArmor profiles within Kubernetes easier than ever. It allows cluster administrators to define the profiles in a predefined custom resource YAML, which then gets distributed by the SPO into the whole cluster. Modification and removal of the security profiles are managed by the operator in the same way, but that’s a small subset of its capabilities.

=> https://github.com/kubernetes-sigs/security-profiles-operator ↺ Security Profiles Operator (SPO)

Another core feature of the SPO is being able to stack seccomp profiles. This means that users can define a baseProfileName in the YAML specification, which then gets automatically resolved by the operator and combines the syscall rules. If a base profile has another baseProfileName, then the operator will recursively resolve the profiles up to a certain depth. A common use case is to define base profiles for low level container runtimes (like runc or crun) which then contain syscalls which are required in any case to run the container. Alternatively, application developers can define seccomp base profiles for their standard distribution containers and stack dedicated profiles for the application logic on top. This way developers can focus on maintaining seccomp profiles which are way simpler and scoped to the application logic, without having a need to take the whole infrastructure setup into account.

=> https://github.com/opencontainers/runc ↺ runc

=> https://github.com/containers/crun ↺ crun

But how to maintain those base profiles? For example, the amount of required syscalls for a runtime can change over its release cycle in the same way it can change for the main application. Base profiles have to be available in the same cluster, otherwise the main seccomp profile will fail to deploy. This means that they’re tightly coupled to the main application profiles, which acts against the main idea of base profiles. Distributing and managing them as plain files feels like an additional burden to solve.

=> https://github.com/kubernetes-sigs/security-profiles-operator ↺ Security Profiles Operator (SPO)

=> https://github.com/opencontainers/runc ↺ runc

=> https://github.com/containers/crun ↺ crun

A developer’s guide to Red Hat Developer Hub and Janus

=> https://developers.redhat.com/articles/2023/05/23/developers-guide-red-hat-developer-hub-and-janus ↺ A developer’s guide to Red Hat Developer Hub and Janus

This article introduces the new Red Hat Developer Hub and Janus project to address the challenges IT organizations face in the development process. A developer’s work can be fraught with disparate development systems and distributed teams, and organizations with multiple development teams often struggle with competing priorities, diverse tools and technologies, and establishing best practices.

=> https://developers.redhat.com/products/developer-hub/overview ↺ Red Hat Developer Hub

These challenges make it difficult to quickly start development and adhere to multiple security and compliance standards. A unified platform that can consolidate these elements of the development process and foster internal collaboration will enable development teams to focus on rapidly enhancing code and functionality to efficiently build high-quality software.

=> https://developers.redhat.com/products/developer-hub/overview ↺ Red Hat Developer Hub

Red Hat Summit Targets Fixing Open-Source Code Flaws

=> https://www.linuxinsider.com/story/red-hat-summit-targets-fixing-open-source-code-flaws-177071.html ↺ Red Hat Summit Targets Fixing Open-Source Code Flaws

A significant portion of the focus for the Red Hat Software Summit held in Boston this week are three core products designed to meet the growing demands for better software security and government regulations requiring enhanced application security across all industries.

Red Hat Pushes New Tools to Secure Software Supply Chain

=> https://www.securityweek.com/red-hat-pushes-new-tools-to-secure-software-supply-chain/ ↺ Red Hat Pushes New Tools to Secure Software Supply Chain

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.

Red Hat Adds Interconnect and Cybersecurity Services for Kubernetes [Ed: This site is funded by Red Hat. It used to be Container Journal, but now it's corporate apparatus.]

=> https://cloudnativenow.com/features/red-hat-adds-interconnect-and-cybersecurity-services-for-kubernetes/ ↺ Red Hat Adds Interconnect and Cybersecurity Services for Kubernetes

Red Hat today added a Red Hat Service Interconnect to its portfolio that is based on an open source Skupper.io project that enables Layer 7 networking between application components running on different platforms.

Podman Desktop 1.0: Local container development made easy

=> https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available ↺ Podman Desktop 1.0: Local container development made easy

As containerization continues to gain popularity in the world of enterprise software development, there is also growing demand for tools and technologies that make container management more accessible and efficient. One such tool is Podman Desktop, which provides a user-friendly interface for managing containers and working with Kubernetes from a local machine (Figure 1).

=> https://developers.redhat.com/topics/containers ↺ container

=> https://developers.redhat.com/topics/kubernetes ↺ Kubernetes

=> https://developers.redhat.com/topics/containers ↺ container

=> https://developers.redhat.com/topics/kubernetes ↺ Kubernetes

gemini.tuxmachines.org