I’m trying to move to podman from docker but selinux prohibits me from doing so. I can’t find a source where it’s explained how I should set it up. Thx!
SELinux in Podman works pretty much the same way it works on Docker, so if you are having problems with Podman, you should also be having problems with Docker, so I don’t see how that’s impeding your migration. You need to be more specific about the issues you’re having to get a good answer.
The post by Chris Smart you linked on your comment below is a good start, but everything there also applies to Docker, so if you still didn’t know those basics, you shouldn’t be able to use Docker on Fedora either.
About your question of how to set it up, use-case is an important consideration, there is no generic answer that covers all use-cases. I’ve even found out that for some use-cases (like ad-hoc containers), disabling SELinux within the container (with –security-opt=label=disable) seems to be the most secure option. That’s what I’ve done in contr (see this commit message). I’ve been meaning to blog about that, but never did because I’m in the process of migrating my blog but too lazy to finish it.
I’ve put a lot of links about SELinux in containers in this issue.
So I’ve got cyberpunk phantom liberty 2.0 but to update to 2.1 heroic game launcher wants me to download the hole game again, gog galaxy through wine is not an option so I’m looking at xdelta3 and innoextract to manually patch game files. But I’m hitting a break wall and seems to fail with every attempt using xdelta3
That’s the primary way I install and play GOG games. It’s easy to set up using Bottles. Galaxy used to run horribly on Wine, but it has improved recently. I help maintain the Galaxy installer in Bottles, and earlier this year we increased its grade from silver to gold, meaning all functions work with minimal glitches now.
It isn’t perfect yet, it lags for about a minute right after launch, and I’d recommend going into settings and disabling the “Cloud saves” and “Overlay” features as these can cause crashes sometimes. Other than that, everything works well and performance is good.
This article lacks focus and mixes unrelated security concepts in questionable ways. It ends like just an ad for Wolfi. Don’t get me wrong, Wolfi is neat, it’s probably deserving of being talked up. But it doesn’t solve the supply-chain issues pointed out by the article (it doesn’t even try). Supply-chain attacks are currently not a major issue in Linux distributions, and enterprises are already tackling the issue of provenance elsewhere, and the article itself notes that. Dependency management for enterprise software is NOT the responsibility of Linux distros. So what is the point of the article? To me, this article is security mumble jumbo.
If you have read it, you might have noticed that the theme of the article is a company called Chainguard. Enterprises can pay them and get a secure software supply chain all the way down to the container image. More than that, their container distro is actually free and open-source, anyone can use it for free, it’s a one line change in your build script to go from Alpine to Wolfi. Enterprises can also buy a secure OS for bare-metal from Red Hat, SUSE, etc…
When i launch steam(flatpak version) from the desktop, the app keeps trying to launch shows a black window for a few seconds and then crashes and the process keeps repeating. The steam icon is present on the system tray so it is running in the background....
Thanks for the report. This issue was supposed to have been fixed in the Flatpak package, but you just brought to my attention that part of the fix was accidentally reverted. I’m sending a new PR right now to try to fix the issue again.
The worst part of using a gaming laptop on Linux is that, despite the great work of open source developers and hobbyists, it’s still way too clunky to use a hybrid graphics setup imo. Once you want to use an interface that’s only connected to one GPU (such as HDMI) you’re left messing with switching utilities like...
You shouldn’t generalize your bad experience with NVIDIA’s proprietary driver to Mesa. Graphics device switching just works on Mesa, hence laptops with an AMD dGPU are great on Linux.
I hear you, I have a Legion laptop with a GTX 1060 mobile and I keep the dGPU as primary all the time because I just can’t be bothered by NVIDIA optimus anymore. That’s the reason I decided to upgrade to AMD, even though the performance of the 1060 was still appropriate for me and I wouldn’t have upgraded yet otherwise.
I don’t have any issues with the Strix G15 on Fedora Silverblue. Talking to other owners of the same model and also other Asus AMD laptops on Reddit, I didn’t hear any complaints about that.
The G15 has the HDMI port connected to the iGPU, and the USB-C (DisplayPort Alt Mode) connected directly to the dGPU. I’ve only used HDMI to connect to a TV, I haven’t tested the USB-C output because I don’t have a monitor with DisplayPort. So I can’t really answer your question.
Tell you what, I’ve just ordered a USB-C to HDMI adapter, as soon as it arrives I’ll test the output that’s connected directly to the dGPU and update you on that. I’d bet on it being plug-and-play, but we’ll see. 😉
Here’s the update, I’ve got the USB-C/HDMI adapter today. Connected it to the port that connects directly to the dGPU and even during boot Plymouth was already outputting video to the TV. I also tested hot-plugging and it just works as expected.
Now for the problems, I ran benchmarks and the performance was as expected, but frame delivery didn’t look as good as when using the HDMI port on this device. It doesn’t show on the performance metrics, but looking at the screen, the frametimes looked off, stuttering. I’m still figuring out where the issue might be to report it to upstream. EDIT: For people reading this in the future, I’ve found the issue to be in GNOME’s compositor, Mutter: https://gitlab.gnome.org/GNOME/mutter/-/issues/3070#note_1865351
Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then...
I’ve created a tool for similar of use-cases: https://codeberg.org/contr/contr
You could run your workload inside, say, an alpine container:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">cd path/to/evil/dir
</span><span style="color:#323232;">contr alpine
</span><span style="color:#323232;">❯ # inside container, run dangerous program
</span><span style="color:#323232;">❯ ./dangerous_program
</span>
If the program needs extra dependencies, you’ll have to write a Containerfile and build an image with the dependencies installed – there’s an example in the repository. Just installing the dependencies at runtime inside the container is also an option, but all changes inside the container are lost on exit.
PipeWire 1.0 - An interview with PipeWire creator Wim Taymans - Fedora Magazine (fedoramagazine.org)
With PIpeWire hitting its 1.0 release we speak with project lead Wim Taymans about what has been achieved and where we go from here.
How to work with selinux and podman?
I’m trying to move to podman from docker but selinux prohibits me from doing so. I can’t find a source where it’s explained how I should set it up. Thx!
Ash Vs Bash
[For reference, I’m talking about Ash in Alpine Linux here, which is part of BusyBox.]...
Has anyone had success using xdelta3 for patching gog games
So I’ve got cyberpunk phantom liberty 2.0 but to update to 2.1 heroic game launcher wants me to download the hole game again, gog galaxy through wine is not an option so I’m looking at xdelta3 and innoextract to manually patch game files. But I’m hitting a break wall and seems to fail with every attempt using xdelta3
Linux distros need to take more responsibility for security - InfoWorld (www.infoworld.com)
[SOLVED] Flatpak version of Steam crashing when launched from desktop
When i launch steam(flatpak version) from the desktop, the app keeps trying to launch shows a black window for a few seconds and then crashes and the process keeps repeating. The steam icon is present on the system tray so it is running in the background....
*Finally* found a decently priced laptop using AMD's 780m iGPU | Lenovo UK Laptop configurator (www.lenovo.com)
The worst part of using a gaming laptop on Linux is that, despite the great work of open source developers and hobbyists, it’s still way too clunky to use a hybrid graphics setup imo. Once you want to use an interface that’s only connected to one GPU (such as HDMI) you’re left messing with switching utilities like...
How to create a sandbox folder, restricting write access to all files contained in it to that folder itself?
Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then...