/tags/security/ Recent content in Security on Flatcar Container Linux Hugo en-us Copyright © The Flatcar Project Contributors. Copyright © Flatcar a Series of LF Projects, LLC. For website terms of use, trademark policy and other project policies please see <a href="https://lfprojects.org/policies/">lfprojects.org/policies</a>. Mon, 07 Nov 2022 14:00:00 +0200 /blog/2022/11/about-the-handling-of-embargoed-security-issues/ Mon, 07 Nov 2022 14:00:00 +0200 /blog/2022/11/about-the-handling-of-embargoed-security-issues/ <p><strong>TL; DR</strong>: Flatcar is safe against recent OpenSSL vulnerabilities</p> <p>With the recent OpenSSL vulnerabilities <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3786" target="_blank" rel="noopener">CVE-2022-3786</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3602" target="_blank" rel="noopener">CVE-2022-3602</a> , the Flatcar team has provided as soon as possible a batch of releases for impacted Flatcar channels (all except LTS which is not impacted). Releases have been published within one hour after the official public <a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/" target="_blank" rel="noopener">announcement</a> and users were able to secure their workloads almost immediately without unexpected turbulences as the releases included only minimal changes to address the security issues.</p> /blog/2021/10/openssl-3.0.0-on-flatcar-what-to-expect/ Wed, 27 Oct 2021 20:00:00 +0200 /blog/2021/10/openssl-3.0.0-on-flatcar-what-to-expect/ <p>In the Open-Source Software ecosystem, actions often start with an opened issue. In this journey, it was the <a href="https://github.com/flatcar/Flatcar/issues/418" target="_blank" rel="noopener">flatcar-linux/Flatcar#418</a> - but before talking about OpenSSL-3.0 on Flatcar, let&rsquo;s take two steps back.</p> <p><strong>TL; DR</strong>: Let&rsquo;s upgrade to OpenSSL v3 for a whole operating system and spoiler alert, the issue was misleading: almost nothing broke.</p> <p> <a href="https://flatcar-linux.org" target="_blank" rel="noopener">Flatcar Container Linux</a> (FCL) is an open-source Linux distro, optimized to run container workloads and based on Gentoo. One particularity of FCL is the lack of package manager: it&rsquo;s not possible to install softwares with tools like <code>emerge</code>, <code>pacman</code> or <code>yum</code> - this design ensures reproducibility and security. It&rsquo;s the responsibility of the community and the FCL core maintainers to manage the lifecycle of packages: from selection to the upgrades and applying FCL patches.</p> /blog/2021/04/using-ebpf-in-flatcar-container-linux/ Thu, 22 Apr 2021 10:00:00 +0200 /blog/2021/04/using-ebpf-in-flatcar-container-linux/ <p>Extended Berkeley Packet Filter (eBPF) is a core Linux technology with multiple applications in different computer domains like security, networking and tracing. For the containers and Kubernetes specific case, it’s used with networking projects like Cilium or Calico, debugging solutions like BCC, kubectl-trace and Inspektor Gadget, and security-related projects like tracee and Falco.</p> <p>eBPF is a very fast evolving technology: each new kernel release includes new features, and different Linux distributions rush to enable them for their users. Flatcar Container Linux is no exception, and in this blog post I cover the new eBPF features that we have enabled in the lastest Flatcar versions and why they are important.</p>