<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"
    		xmlns:dc="http://purl.org/dc/elements/1.1/">
    <channel>
        <title>LWN.net</title>
        <link>https://lwn.net</link>
        <description> LWN.net is a comprehensive source of news and opinions from
        and about the Linux community.  This is the main LWN.net feed,
        listing all articles which are posted to the site front page.
</description>
        <language>en-us</language>
        <pubDate>Thu, 16 Jul 2026 21:02:56 +0000</pubDate>
        <lastBuildDate>Thu, 16 Jul 2026 21:02:56 +0000</lastBuildDate>
        <docs>https://www.rssboard.org/rss-specification</docs>
        <webMaster>lwn@lwn.net</webMaster>
        <atom:link href="https://lwn.net/headlines/rss2"
    		rel="self" type="application/rss+xml"/>
    <item>
        <title>[$] Sched-ext: enqueue() for sub-schedulers and proxy-execution support</title>
        <link>https://lwn.net/Articles/1082717/</link>
        <guid>https://lwn.net/Articles/1082717/</guid>
        <dc:creator>corbet</dc:creator>
        <description>The &lt;a href=&quot;https://docs.kernel.org/scheduler/sched-ext.html&quot;&gt;extensible
scheduler class&lt;/a&gt; (sched_ext) allows the installation of custom CPU
schedulers as a set of BPF programs.  While sched_ext, in its current form,
has already led to a lot of interesting scheduler-development work, the
subsystem itself is still undergoing rapid evolution.  Among other work,
the ability to set up a hierarchy of &lt;a
href=&quot;https://lwn.net/Articles/1056014/&quot;&gt;sub-schedulers&lt;/a&gt; is approaching completion, and
a longstanding incompatibility with &lt;a href=&quot;https://lwn.net/Articles/934114/&quot;&gt;proxy
execution&lt;/a&gt; is coming to an end.
</description>
        <pubDate>Thu, 16 Jul 2026 14:00:05 +0000</pubDate>
        </item>
        <item>
        <title>Security updates for Thursday</title>
        <link>https://lwn.net/Articles/1083201/</link>
        <guid>https://lwn.net/Articles/1083201/</guid>
        <dc:creator>jzb</dc:creator>
        <description>Security updates have been issued by &lt;b&gt;AlmaLinux&lt;/b&gt; (cups, git-lfs, kernel, libsolv, libxml2, python3.12, and python3.9), &lt;b&gt;Debian&lt;/b&gt; (chromium, dhcpcd5, and ntfs-3g), &lt;b&gt;Fedora&lt;/b&gt; (firefox, perl-Imager, python-bcrypt, python-tiktoken, roundcubemail, and xrdp), &lt;b&gt;Mageia&lt;/b&gt; (openssl, poppler, python-mistune, and tmux), &lt;b&gt;Oracle&lt;/b&gt; (389-ds-base, cups, git-lfs, glibc, host-metering, kernel, libsolv, libxml2, nginx:1.24, PackageKit, python-pillow, and qemu-kvm), &lt;b&gt;Red Hat&lt;/b&gt; (buildah, containernetworking-plugins, and skopeo), &lt;b&gt;SUSE&lt;/b&gt; (buildah, cosign, curl, distribution, dnsmasq, glib-networking, glibc, gnutls, gstreamer-plugins-bad, ImageMagick, kernel, podman, python-cryptography, python313-django-debug-toolbar, rekor, sccache, sssd, and yelp), and &lt;b&gt;Ubuntu&lt;/b&gt; (dotnet8, dotnet10, libslirp, luajit, python-idna, sympa, and tomcat8).
</description>
        <pubDate>Thu, 16 Jul 2026 13:02:10 +0000</pubDate>
        </item>
        <item>
        <title>[$] LWN.net Weekly Edition for July 16, 2026</title>
        <link>https://lwn.net/Articles/1081915/</link>
        <guid>https://lwn.net/Articles/1081915/</guid>
        <dc:creator>corbet</dc:creator>
        <description>Inside this week's LWN.net Weekly Edition:
        &lt;p&gt;
        &lt;ul&gt;
&lt;li&gt; &lt;a href=&quot;https://lwn.net/Articles/1081915/&quot;&gt;Front&lt;/a&gt;: Fighting scraper bots; io_uring queues; Filesystem testing; BPF shielding; Sending packets from BPF; Kitty; QBE.
            &lt;li&gt; &lt;a href=&quot;https://lwn.net/Articles/1081917/&quot;&gt;Briefs&lt;/a&gt;: Shim security; seunshare vulnerability; Debian bookworm; Rust 1.97.0; Linux.org; Quotes; ...
            &lt;li&gt; &lt;a href=&quot;https://lwn.net/Articles/1081918/&quot;&gt;Announcements&lt;/a&gt;: Newsletters, conferences, security updates, patches, and more.
            &lt;/ul&gt;

        </description>
        <pubDate>Thu, 16 Jul 2026 01:24:55 +0000</pubDate>
        </item>
        <item>
        <title>[$] Topics in filesystem testing</title>
        <link>https://lwn.net/Articles/1082342/</link>
        <guid>https://lwn.net/Articles/1082342/</guid>
        <dc:creator>jake</dc:creator>
        <description>It should come as no surprise that a gathering of filesystem developers
would discuss filesystem testing; it has been a mainstay of the &lt;a
href=&quot;https://events.linuxfoundation.org/lsfmmbpf/&quot;&gt;Linux Storage,
Filesystem, Memory Management, and BPF Summit&lt;/a&gt; over the years and the
2026 summit was no exception.  Ted Ts'o led the discussion this time; he
had a few different topics to raise, including his perception of increasing
regressions for ext4 in the stable kernels and what can be done to help
reduce them.  As &lt;a href=&quot;https://lwn.net/Articles/789225/&quot;&gt;with&lt;/a&gt; &lt;a
href=&quot;https://lwn.net/Articles/896523/&quot;&gt;other&lt;/a&gt; &lt;a href=&quot;https://lwn.net/Articles/937830/&quot;&gt;similar&lt;/a&gt;
&lt;a href=&quot;https://lwn.net/Articles/982099/&quot;&gt;sessions&lt;/a&gt; at the summit over the years,
there is a lot of interest in collaborating on test inputs and outputs, but
finding a way to centralize that information has so far eluded the
filesystem community.
</description>
        <pubDate>Wed, 15 Jul 2026 16:19:26 +0000</pubDate>
        </item>
        <item>
        <title>Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog)</title>
        <link>https://lwn.net/Articles/1083076/</link>
        <guid>https://lwn.net/Articles/1083076/</guid>
        <dc:creator>jzb</dc:creator>
        <description>&lt;p&gt;The SUSE Security Team Blog has a &lt;a
href=&quot;https://security.opensuse.org/2026/07/15/selinux-seunshare.html&quot;&gt;post&lt;/a&gt;
with an analysis of &lt;a
href=&quot;https://man7.org/linux/man-pages/man8/seunshare.8.html&quot;&gt;&lt;tt&gt;seunshare&lt;/tt&gt;&lt;/a&gt;,
which is used by SELinux to confine untrusted programs. During a
review of &lt;a
href=&quot;https://github.com/SELinuxProject/selinux/releases/tag/3.10&quot;&gt;version
3.10&lt;/a&gt; of the program, the team identified two local
Denial-of-Service (DoS) vectors.&lt;/p&gt;

&lt;blockquote class=&quot;bq&quot;&gt;
&lt;p&gt;Since &lt;tt&gt;seunshare&lt;/tt&gt; is supposed to run on SELinux-enabled systems, it
is important to understand what kind of privilege escalation can be
achieved when vulnerabilities are exploited in a setuid-root binary
like this. Many SELinux-enabled systems, such as Fedora and openSUSE,
ship with the &quot;targeted&quot; SELinux policy by default. This policy is
focused on confining well-known system services, but assigns an
unconfined SELinux context to interactive users by default to achieve
a balance between security and usability.&lt;/p&gt;

&lt;p&gt;There is currently no domain transition from the unconfined domain
to the more restricted &lt;tt&gt;seunshare_t&lt;/tt&gt; defined in the SELinux policy for
&lt;tt&gt;seunshare&lt;/tt&gt;. This means the execution of &lt;tt&gt;seunshare&lt;/tt&gt; continues in the
unconfined domain. Thus in the context of attacks carried out by
interactive users, the impact of the vulnerabilities below will be a
root-like privilege escalation despite the system running in SELinux
enforced mode.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;See the post for the full write-up of the team's discoveries and timeline. The
vulnerabilities have been fixed in &lt;a
href=&quot;https://github.com/SELinuxProject/selinux/releases/tag/3.11&quot;&gt;version&amp;#160;3.11&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;/p&gt;</description>
        <pubDate>Wed, 15 Jul 2026 15:52:13 +0000</pubDate>
        </item>
        <item>
        <title>[$] Lockless MPSC FIFO queues for io_uring</title>
        <link>https://lwn.net/Articles/1081871/</link>
        <guid>https://lwn.net/Articles/1081871/</guid>
        <dc:creator>corbet</dc:creator>
        <description>Processes that use &lt;a
href=&quot;https://man7.org/linux/man-pages/man7/io_uring.7.html&quot;&gt;io_uring&lt;/a&gt;
tend to keep a lot of balls in the air; being able to have many operations
underway at any given time is part of the point of that API in the first
place.  The io_uring subsystem must, as a result, keep track of a lot of
tasks that have to be performed at the right time.  In current kernels,
io_uring uses a standard kernel linked-list primitive to track those work
items.  As of the 7.2 kernel release, though, io_uring will, instead, use a
new lockless, multi-producer, single-consumer (MPSC) queue, resulting in
some notable performance gains.  Lockless algorithms tend to be tricky, but
the one used here is relatively approachable and shows how these algorithms
can work.
</description>
        <pubDate>Wed, 15 Jul 2026 13:35:43 +0000</pubDate>
        </item>
        <item>
        <title>Security updates for Wednesday</title>
        <link>https://lwn.net/Articles/1083044/</link>
        <guid>https://lwn.net/Articles/1083044/</guid>
        <dc:creator>jzb</dc:creator>
        <description>Security updates have been issued by &lt;b&gt;AlmaLinux&lt;/b&gt; (cifs-utils, corosync, cups, freerdp, git-lfs, go-fdo-client and go-fdo-server, go-toolset:rhel8, kernel, kernel-rt, libinput, libxml2, nginx:1.24, openssl, pacemaker, perl-DBI:1.641, php8.4, python-pillow, python3, and python3.12), &lt;b&gt;Debian&lt;/b&gt; (grub2, libxfont, opam, and wolfssl), &lt;b&gt;Fedora&lt;/b&gt; (freerdp, kernel, and prometheus), &lt;b&gt;Mageia&lt;/b&gt; (imagemagick), &lt;b&gt;Oracle&lt;/b&gt; (buildah, freerdp, gimp, kernel, nginx, openexr, openssl, perl-DBI, podman, vim, xorg-x11-server, and xorg-x11-server-Xwayland), &lt;b&gt;Red Hat&lt;/b&gt; (python3.12), &lt;b&gt;SUSE&lt;/b&gt; (afterburn, buildah, busybox, enc, freetype2-devel, go1.25, go1.25-openssl, go1.26-openssl, gosec, grafana, helm, krb5, kubernetes-old, libopenbabel8, libxml2, libxml2-16, nasm, openssl-3, patch, python-Authlib, python-mistune, python-soupsieve, python-sqlparse, python3-dulwich, python313-Pillow, rootlesskit, sbootutil-1, tomcat, and tomcat11), and &lt;b&gt;Ubuntu&lt;/b&gt; (alsa-lib, dnsmasq, gnutls28, libheif, linux-aws, linux-fips, linux-lts-xenial, linux-gcp-5.15, linux-intel-iotg-5.15, linux-hwe-6.17, linux-raspi, mariadb, openvpn, python-httplib2, vim, and wget).
</description>
        <pubDate>Wed, 15 Jul 2026 13:19:02 +0000</pubDate>
        </item>
        <item>
        <title>Many old shim versions are still accepted by secure boot</title>
        <link>https://lwn.net/Articles/1082940/</link>
        <guid>https://lwn.net/Articles/1082940/</guid>
        <dc:creator>corbet</dc:creator>
        <description>The CMU CERT Coordination Center has put out &lt;a
href=&quot;https://kb.cert.org/vuls/id/616257&quot;&gt;an advisory&lt;/a&gt; that many
exploitable versions of the shim binary, used to boot Linux on systems with
UEFI secure boot enabled, were never added to the revocation list.
&lt;p&gt;
&lt;blockquote class=&quot;bq&quot;&gt;
	An attacker with administrative privileges or the ability to modify
	the boot process could use one of the vulnerable shim bootloaders
	to bypass Secure Boot protections and execute arbitrary code before
	the operating system loads. Code executed during this early boot
	phase may achieve persistent compromise of the platform, including
	the ability to load unsigned or malicious kernel components that
	can survive system reboots and, in some cases, operating system
	reinstallation.
&lt;/blockquote&gt;
&lt;p&gt;
The advisory contains a list of vulnerable shims.</description>
        <pubDate>Wed, 15 Jul 2026 12:49:36 +0000</pubDate>
        </item>
        <item>
        <title>The Linux.org story</title>
        <link>https://lwn.net/Articles/1082901/</link>
        <guid>https://lwn.net/Articles/1082901/</guid>
        <dc:creator>corbet</dc:creator>
        <description>Rob Kennedy has &lt;a
href=&quot;https://www.linux.org/threads/the-linux-org-story.68810/&quot;&gt;posted the
story&lt;/a&gt; of the birth of &lt;a href=&quot;https://linux.org/&quot;&gt;Linux.org&lt;/a&gt; — one
of the earliest Linux-related web sites — and its more recent rebirth.
&lt;p&gt;
&lt;blockquote class=&quot;bq&quot;&gt;
	The site was founded in May 1994 by Michael McLagan, at a time when
	Linux itself was barely three years old. Linus Torvalds had only
	just released it to the world, there was no real way for a newcomer
	to find their footing, no search engines, no Wikipedia, none of the
	infrastructure people take for granted now for figuring out a new
	piece of technology. Michael built linux.org to fill that gap, a
	place for people to learn about Linux and follow the movement as it
	grew.
&lt;/blockquote&gt;</description>
        <pubDate>Tue, 14 Jul 2026 16:50:47 +0000</pubDate>
        </item>
        <item>
        <title>Call for topics for the 2026 Maintainers Summit</title>
        <link>https://lwn.net/Articles/1082838/</link>
        <guid>https://lwn.net/Articles/1082838/</guid>
        <dc:creator>corbet</dc:creator>
        <description>The Maintainers Summit is an annual, invitation-only gathering of kernel
developers and maintainers to discuss development-process issues; see &lt;a
href=&quot;https://lwn.net/Articles/1049982/&quot;&gt;LWN's 2025 Maintainers Summit coverage&lt;/a&gt; for an
example.  The &lt;a href=&quot;https://lwn.net/ml/all/alW3eJ9x6iJ8Juhi@mit.edu&quot;&gt;call for
topics&lt;/a&gt; for the 2026 gathering (Prague, October&amp;#160;8) has gone out.
One of the best ways to obtain an invitation to the Summit is with a good
topic proposal.  For best consideration, topics should be submitted before
July&amp;#160;24.</description>
        <pubDate>Tue, 14 Jul 2026 13:41:12 +0000</pubDate>
        </item>
        <item>
        <title>[$] Sending packets directly from BPF</title>
        <link>https://lwn.net/Articles/1081696/</link>
        <guid>https://lwn.net/Articles/1081696/</guid>
        <dc:creator>daroc</dc:creator>
        <description>&lt;p&gt;
&lt;a href=&quot;https://tetragon.io/&quot;&gt;
Tetragon&lt;/a&gt;, the BPF-based security monitoring tool,
uses BPF to monitor different aspects of a running kernel and
enforce user-specified policies. It sends its data to a user-space process,
which forwards the data to a central monitoring service elsewhere in the
network, however. This
presents a point of vulnerability: if an attacker can kill Tetragon's user-space
agent, it won't be able to properly report on the situation. Song Liu, Mahé
Tardy, and Liam Wiseheart spoke about their work removing the need for the
user-space agent at the 2026
&lt;a href=&quot;https://events.linuxfoundation.org/lsfmmbpf/&quot;&gt;
Linux Storage, Filesystem, Memory-Management, and
BPF Summit&lt;/a&gt;.
&lt;/p&gt;
</description>
        <pubDate>Tue, 14 Jul 2026 13:16:52 +0000</pubDate>
        </item>
        <item>
        <title>Security updates for Tuesday</title>
        <link>https://lwn.net/Articles/1082832/</link>
        <guid>https://lwn.net/Articles/1082832/</guid>
        <dc:creator>daroc</dc:creator>
        <description>Security updates have been issued by &lt;b&gt;AlmaLinux&lt;/b&gt; (389-ds:1.4, buildah, freeipmi, freerdp, gegl, gimp, golang, kernel, libreoffice, maven:3.9, openexr, perl-DBI, plexus-utils, podman, tomcat, tomcat9, xorg-x11-server, and xorg-x11-server-Xwayland), &lt;b&gt;Debian&lt;/b&gt; (imagemagick, p7zip, and redis), &lt;b&gt;Fedora&lt;/b&gt; (breezy, calibre, and golang-github-openprinting-ipp-usb), &lt;b&gt;Mageia&lt;/b&gt; (ffmpeg, gzip, haproxy, libheif, libtiff, libxml2, packages, perl-List-SomeUtils-XS, and perl-Socket), &lt;b&gt;SUSE&lt;/b&gt; (alsa, chromedriver, curl, dhcpcd, docker-compose, glibc, haproxy, ImageMagick, jq, kernel, kubernetes, libpng15, libredwg-devel, libslirp, nghttp2, php8, python-Pillow, python313-Django, python313-weasyprint, qemu, rust-keylime, sccache, and systemd), and &lt;b&gt;Ubuntu&lt;/b&gt; (cifs-utils, libexif, libreoffice, libssh2, openssh, and pipewire).
</description>
        <pubDate>Tue, 14 Jul 2026 13:16:38 +0000</pubDate>
        </item>
        <item>
        <title>[$] Shielding running kernels against exploits with BPF</title>
        <link>https://lwn.net/Articles/1081546/</link>
        <guid>https://lwn.net/Articles/1081546/</guid>
        <dc:creator>daroc</dc:creator>
        <description>&lt;p&gt;
Cisco has some unusual challenges when it comes to deploying security patches
across the company's many devices running custom kernels. John Fastabend spoke
about his work preventing exploits with BPF at the 2026
&lt;a href=&quot;https://events.linuxfoundation.org/lsfmmbpf/&quot;&gt;
Linux Storage,
Filesystem, Memory-Management, and BPF Summit&lt;/a&gt;.
The technique could substantially reduce the time necessary to respond to kernel
vulnerabilities, but it will not be fully effective unless more hooks are added
to the kernel.
&lt;/p&gt;
</description>
        <pubDate>Mon, 13 Jul 2026 14:14:08 +0000</pubDate>
        </item>
        <item>
        <title>Final normal Debian bookworm release</title>
        <link>https://lwn.net/Articles/1082647/</link>
        <guid>https://lwn.net/Articles/1082647/</guid>
        <dc:creator>daroc</dc:creator>
        <description>&lt;p&gt;
Debian has &lt;a
href=&quot;https://lwn.net/ml/all/e0718a5433efa5ba4a71fd3b671aab06f1441a07.camel@debian.org&quot;&gt;announced&lt;/a&gt;
the final normal update for Debian 12 (&quot;bookworm&quot;). Long-term-support
updates will &lt;a
href=&quot;https://lwn.net/ml/all/a27c47d0f34f36e497d2596a9adfbcb662cd4439.camel%40debian.org/&quot;&gt;continue
until 2028&lt;/a&gt;. As may be expected from a stable version, the update is
mostly limited to security fixes. Still, it may be time for Debian users to
look into upgrading to a more recent version. Conveniently, Debian 13
(&quot;trixie&quot;) also &lt;a
href=&quot;https://lwn.net/ml/all/baf38e8be7c03f43ace7fb06433aed0aac8196de.camel@debian.org&quot;&gt;received
an update&lt;/a&gt; this weekend, with many of the same security fixes.
&lt;/p&gt;</description>
        <pubDate>Mon, 13 Jul 2026 13:26:16 +0000</pubDate>
        </item>
        <item>
        <title>Security updates for Monday</title>
        <link>https://lwn.net/Articles/1082642/</link>
        <guid>https://lwn.net/Articles/1082642/</guid>
        <dc:creator>daroc</dc:creator>
        <description>Security updates have been issued by &lt;b&gt;Debian&lt;/b&gt; (chromium, libxfont, mesa, opam, and wireless-regdb), &lt;b&gt;Fedora&lt;/b&gt; (acl, attr, chromium, cjson, composer, docker-compose, jfrog-cli, librabbitmq, libssh2, libXfont2, log4cxx, OpenImageIO, openssh, p11-kit, perl-Crypt-DSA, perl-HTML-Gumbo, prometheus, python-dulwich, python-idna, python-pillow, python-tornado, sssd, tmux, upower, webkitgtk, xorg-x11-server, and xorg-x11-server-Xwayland), &lt;b&gt;Mageia&lt;/b&gt; (libarchive and vim), &lt;b&gt;Oracle&lt;/b&gt; (389-ds:1.4, buildah, cups, edk2, freerdp, golang, grafana, gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, kernel, libexif, libsolv, libtasn1, libxml2, nginx:1.24, nginx:1.26, nodejs:22, nodejs:24, oci-seccomp-bpf-hook, podman, postgresql:18, python-urllib3, tigervnc, tomcat, unbound, and xorg-x11-server), &lt;b&gt;Slackware&lt;/b&gt; (p11-kit), and &lt;b&gt;SUSE&lt;/b&gt; (agama, dash, dracut, flannel, go1.26, gsasl, gstreamer-plugins-good, ImageMagick, imagemagick, kernel, krb5, krb5, krb5-mini, libIex-3_4-33, libmbedtls23, libxfont2, nasm, nghttp2, perl-CGI-Session, perl-dbi, perl-List-SomeUtils-XS, python-pillow, python-social-auth-app-django, python-urllib3, python313-Django4, python313-Django6, python313-pytest-html, python313-sqlparse, python313-websockets, rclone, rust-keylime, rustup, sccache, spectre-meltdown-checker, sssd, terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid, thunderbird, tiff, traefik2, xorg-x11-server, and xwayland).
</description>
        <pubDate>Mon, 13 Jul 2026 12:40:26 +0000</pubDate>
        </item>
        </channel>
</rss>
