gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
book` has quit [Quit: Leaving]
ivan has quit [Read error: Connection reset by peer]
book` has joined #nixos-security
ivan has joined #nixos-security
book` has quit [Quit: Leaving]
ivan has quit [Read error: Connection reset by peer]
book` has joined #nixos-security
ivan has joined #nixos-security
pie_ has joined #nixos-security
<pie_> just googled capability wrapper and it looks viable to use capabilities even without recompilation? https://linux.die.net/man/1/capsh ofc idk what happens if something expects a cap and doesnt have it (crash?) *shrug*
<pie_> older article on the container executable overwrite thing https://brauner.github.io/2019/02/12/privileged-containers.html
<pie_> my summary is the definition that a privileged container is one that has an inner user mapping to root, and that lxc made various security decisions ages ago trying to promote unprivileged containers
<qyliss> I've updated the Intel microcode in master and 19.03. Haven't done AMD, etc.
<andi-> qyliss: thank you!
<pie_> \o/
Synthetica has joined #nixos-security
erictapen has joined #nixos-security
qyliss^work has quit [Quit: bye]
qyliss has quit [Quit: bye]
qyliss has joined #nixos-security
qyliss^work has joined #nixos-security
pie_ has quit [Ping timeout: 246 seconds]
pie_ has joined #nixos-security
erictapen has quit [Ping timeout: 255 seconds]
pie_ has quit [Read error: Connection reset by peer]
pie_ has joined #nixos-security
pie_ has quit [Quit: Leaving]
pie_ has joined #nixos-security
pie___ has joined #nixos-security
pie_ has quit [Ping timeout: 252 seconds]