Skip to content

beta-4054.1.0

Compare
Choose a tag to compare
@tormath1 tormath1 released this 05 Sep 11:38
· 1630 commits to main since this release
beta-4054.1.0
97bb0cc

Changes since Beta 4012.1.0

Security fixes:

Bug fixes:

  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys (Flatcar#1471)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)

Changes:

  • As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. (flatcar/scripts#2115)
  • The kernel security module Landlock is now enabled for programs to sandbox themselves (flatcar/scripts#2158)

Updates:

Changes since Alpha 4054.0.0

Security fixes:

Bug fixes:

  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)

Updates: