Improve architecture with page bundles

2023-05-23 11:23:47 +02:00 · 2023-05-23 11:23:47 +02:00 · 7a638e7fbb
commit 7a638e7fbb
parent 0b1902cd1a
26 changed files with 0 additions and 0 deletions
--- a/static/post/kernel_configs/geb.config
+++ b/static/post/kernel_configs/geb.config
--- a/static/post/kernel_configs/hathor.config
+++ b/static/post/kernel_configs/hathor.config
--- a/static/post/kernel_configs/nout.config
+++ b/static/post/kernel_configs/nout.config
--- a/static/post/kernel_configs/ouaset.config
+++ b/static/post/kernel_configs/ouaset.config
--- a/static/post/kernel_configs/oupaout.config
+++ b/static/post/kernel_configs/oupaout.config
--- a/static/post/kernel_configs/rhakotis.config
+++ b/static/post/kernel_configs/rhakotis.config
--- a/static/post/kernel_configs/satis.config
+++ b/static/post/kernel_configs/satis.config
--- a/static/post/post-mortem-cryptominer-on-ci-infrastructure/abuse.png
+++ b/static/post/post-mortem-cryptominer-on-ci-infrastructure/abuse.png
--- a/static/post/post-mortem-cryptominer-on-ci-infrastructure/base64.png
+++ b/static/post/post-mortem-cryptominer-on-ci-infrastructure/base64.png
--- a/static/post/post-mortem-cryptominer-on-ci-infrastructure/blocked-users.png
+++ b/static/post/post-mortem-cryptominer-on-ci-infrastructure/blocked-users.png
--- a/static/post/post-mortem-cryptominer-on-ci-infrastructure/repository.png
+++ b/static/post/post-mortem-cryptominer-on-ci-infrastructure/repository.png
--- a/static/post/rtl8153b-for-4.9/r8152-for-4.9.patch
+++ b/static/post/rtl8153b-for-4.9/r8152-for-4.9.patch
--- a/static/post/ssh_keys/aton_ed25519.pub
+++ b/static/post/ssh_keys/aton_ed25519.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSbCCfFO1+yxogpg1DfCPSQU48oWqYM6/05TYzNhPmc nemunaire@aton
--- a/static/post/ssh_keys/aton_rsa.pub
+++ b/static/post/ssh_keys/aton_rsa.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwwJxAJ99OK0W6CPV/0aDTFlts9xzEKKc+V8r2f0zaXpxuKSGgeWVOrSFU0nTEOZGlGh5kBIBHlizaeh9Bb5Io0V8Hafljwx/yJ+51czlnyoRZ49VDnufEd+qVW8Up8Kelsro+y+hu9BAcUoPhjlj+QyeUkEO1ytJFFi7LLelXGGHNiM3cYR9ewncy4oDIQNOrSgTrjdHjP2+0Zh0QV92SfX4KAUFfgW2BMhUi5/gk8aLMJQnRNaO2dVtWQoxLf03LEW87oRcnvepZR/IfUkAdjqp2dSQiSKjNUXdKkNSoZ+ErVSm3vTSbx9ju7Rk7i53so4uYIK0gGiGj1XJX8uIH/CllteLu84+ztCX+s4ouUWz0PuZYkm9B9JJ0JpqEdYS5tf7jWagMAvaluCWbHxpCNylzOCfne3Xa9X7vv4Jo0DdDMwQpyKXqa2AxBMPLVJ+hBKSTjkQUZUezfVgNjauIBOwsqwPLifxpMLOXFp2dTD98ZlfruTCOW11Wn2XeQmrVdI12ZPIDFv8ayAxQyAxo0zMQEKU4z0xuTtC+DG9KNKsxjROSWnxT0poWrL9ZZrWduLfAgTerX2HkUZ+ihQMQbAMMVSdg2JdPafW2ZX+ikjD8J/DffOYE0t4UlqucV7Vl/jwKZpcP65nKfFMK1q5oH8QvI7azt+yUHOBIcJCBSQ== nemunaire@alarm
--- a/static/post/ssh_keys/khonsou_ed25519.pub
+++ b/static/post/ssh_keys/khonsou_ed25519.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO/3qKhSUbGYZBVraFo68oScJahRDNQfG+uwDQlLv7g nemunaire@khonsou
--- a/static/post/ssh_keys/ouaset.pub
+++ b/static/post/ssh_keys/ouaset.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBpFOv1s7mVb6XWPOLd1U+jzt5WA04CnuJVmY5TvaMhw nemunaire@ouaset
--- a/static/post/ssh_keys/oupaout.pub
+++ b/static/post/ssh_keys/oupaout.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/Aa53VeE2XWjo/ItqtuLZ9Jd9oHfhzSjPl6KLEqkBS nemunaire@oupaout
--- a/static/post/ssh_keys/rescue.pub
+++ b/static/post/ssh_keys/rescue.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA5oAoOMAr8RrsBmOE1kyiD6C5+qbdK0NgSS3ZlNOn4dpkD1w5hmrGwGT4O2P8vCC9o95sLRzvrxkHbs+YZhsz04uxmG4zEgS+x1BZuaQBt1V1hBWk8ldqPfZfAEauPQeQZMdKJfbJKYzecRLWIh2jK1sMx0Vmd3CfU/FwEHdlJh3oTKWFsAlukSYnql2dXG3VMzRpaRyh4uu5wFA+Ya6CE5OjcM4o9/JSfGxErK4fvnSPpbplraKqpKvEqX4XC70u5JCLlWSfJ2Es0nIeQ+0QhYxQt4MsaUCBkFoU10wyaDstWfzE4TiMBmrI+JnrbJiODUxsdoKQGS1ZS2EIP7tUjl9N/Z/x6IAPS4TxMTu9dY+k2hRVvpM1h7vwsTPxINlaoPHeni7TF3M6ksR0chQXtbsKBuCAxOnKKoB13WhQcR60G0hqK/5JSTqYiAG2hwlEJTqqcWuYIlgOpWhyQ8cfbL5Xb5SaZmADp6GOoxJxGbjOrnGMLEPcUPkok6hqt1SgegCTJa1nYmpdzutPCJYy3HCd93L8Uwr/+FBJtAY5Imu6gIgmUW+scOzjZbXRYocjClemYPz/mb7ZSuMT3OfrsqaqZ3IJnXi70l7jH6I3DXY8BOgwQM2zkfPJKWHKPrQfTdhfpBq2Nf/kvQERTfqOWGm7YMa5+dP9NUBGbuCCo8E= nemunaire@ssh
--- a/static/post/ssh_keys/seth_ed25519.pub
+++ b/static/post/ssh_keys/seth_ed25519.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9udkt8V/GFYwa4TMz7XHdedBSTScXxTAdJDdriu/AC nemunaire@seth
--- a/static/post/ssh_keys/seth_rsa.pub
+++ b/static/post/ssh_keys/seth_rsa.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlU/aEbNdDHR2bAmzDY2hIowGfa9oNGyL69tzEK2cpOa+u7PwNzCzWPLytwsO9frOylNtRDiTckbVNdPxMZDkZieeZ5PqWEvWe7hbsh+xds1An2t3tEX6x3QWrxZZo2SNTgck5IqPcufBG+cFxJZlK8pZGkDwGw+x6mHJdLZL2bgMwwvutw1BSF/atF6GLZpztX/y1FM6JQpMCAsrzESoUpDD/Q7BEGb7wCYt+eq/51jUS60g0fC7ob2Xl/nhmnWUkg3U+x/DyY0foqiOMGhSaXdkerfyZMpLCURvH6sOT8EzNzzLRj66Ht8043Vqysoq+pFtj8zyTNVi76QWMkNK7avKXl+rK6dW9zAQidmZcnwPl0qAlkWQjhOgA7xe2TdTM5Yl6HXpmT6T6PHCsIggyCxgCg2ao+ptqPJ4UwvGP2bAz8uLdQp4t+q1hp825o7EtvtnJpJMTksNwOe96iCFjm90O+pmOhLTRVDtgdAknmtIovHnOrZX2zbo1XZHATRx6QOrGwIHU8drSMy878Fd9lb3HVx+595rQ7gh+2Qu87vqk1kZPTFSbn7nMB/l2ROVp4zagXzN8T7Ek3CRP/mIrzyU/3WhOGhbB+bkvWrWRRBnejxQLZkMPl9vAZ5VSNZ2K1OTHasQBy9PaMW5ucd83Jv+jl+xPoJbXsvpzbu6EHw== nemunaire@seth
--- a/static/post/user-ns-for-grsecurity/grsec-enable-user-ns.patch
+++ b/static/post/user-ns-for-grsecurity/grsec-enable-user-ns.patch
@ -1,100 +0,0 @@
--- /usr/src/linux-4.9.54-minipli/kernel/user_namespace.c	2017-10-14 12:27:08.718490316 +0200
-+++ /usr/src/linux/kernel/user_namespace.c	2017-11-01 18:27:35.317843207 +0100
-@@ -23,6 +23,9 @@
- #include <linux/projid.h>
- #include <linux/fs_struct.h>
- 
-+/* sysctl */
-+int unprivileged_userns_clone;
-+
- static struct kmem_cache *user_ns_cachep __read_mostly;
- static DEFINE_MUTEX(userns_state_mutex);
- 
-@@ -76,21 +79,6 @@
- 	struct ucounts *ucounts;
- 	int ret, i;
- 
-#ifdef CONFIG_GRKERNSEC
-	/*
-	 * This doesn't really inspire confidence:
-	 * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
-	 * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
-	 * Increases kernel attack surface in areas developers
-	 * previously cared little about ("low importance due
-	 * to requiring "root" capability")
-	 * To be removed when this code receives *proper* review
-	 */
-	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
-			!capable(CAP_SETGID))
-		return -EPERM;
-#endif
-
- 	ret = -ENOSPC;
- 	if (parent_ns->level > 32)
- 		goto fail;
--- /usr/src/linux-4.9.54-minipli/kernel/fork.c	2017-10-14 12:27:08.678490299 +0200
-+++ /usr/src/linux/kernel/fork.c	2017-11-01 18:27:35.292843341 +0100
-@@ -88,6 +88,11 @@
- 
- #define CREATE_TRACE_POINTS
- #include <trace/events/task.h>
-+#ifdef CONFIG_USER_NS
-+extern int unprivileged_userns_clone;
-+#else
-+#define unprivileged_userns_clone 0
-+#endif
- 
- /*
-  * Minimum number of threads to boot the kernel
-@@ -1602,6 +1607,10 @@
- 	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
- 		return ERR_PTR(-EINVAL);
- 
-+	if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
-+		if (!capable(CAP_SYS_ADMIN))
-+			return ERR_PTR(-EPERM);
-+
- 	/*
- 	 * Thread groups must share signals as well, and detached threads
- 	 * can only be started up within the thread group.
-@@ -2360,6 +2369,12 @@
- 	if (unshare_flags & CLONE_NEWNS)
- 		unshare_flags |= CLONE_FS;
- 
-+	if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
-+		err = -EPERM;
-+		if (!capable(CAP_SYS_ADMIN))
-+			goto bad_unshare_out;
-+	}
-+
- 	err = check_unshare_flags(unshare_flags);
- 	if (err)
- 		goto bad_unshare_out;
--- /usr/src/linux-4.9.54-minipli/kernel/sysctl.c	2017-10-14 12:27:08.704490310 +0200
-+++ /usr/src/linux/kernel/sysctl.c	2017-11-01 18:27:35.306843266 +0100
-@@ -103,6 +103,9 @@
- extern char core_pattern[];
- extern unsigned int core_pipe_limit;
- #endif
-+#ifdef CONFIG_USER_NS
-+extern int unprivileged_userns_clone;
-+#endif
- extern int pid_max;
- extern int pid_max_min, pid_max_max;
- extern int percpu_pagelist_fraction;
-@@ -527,6 +530,15 @@
- 		.mode		= 0644,
- 		.proc_handler	= proc_dointvec,
- 	},
-+#endif
-+#ifdef CONFIG_USER_NS
-+	{
-+		.procname	= "unprivileged_userns_clone",
-+		.data		= &unprivileged_userns_clone,
-+		.maxlen		= sizeof(int),
-+		.mode		= 0644,
-+		.proc_handler	= proc_dointvec,
-+	},
- #endif
- #ifdef CONFIG_PROC_SYSCTL
- 	{
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSbCCfFO1+yxogpg1DfCPSQU48oWqYM6/05TYzNhPmc nemunaire@aton`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwwJxAJ99OK0W6CPV/0aDTFlts9xzEKKc+V8r2f0zaXpxuKSGgeWVOrSFU0nTEOZGlGh5kBIBHlizaeh9Bb5Io0V8Hafljwx/yJ+51czlnyoRZ49VDnufEd+qVW8Up8Kelsro+y+hu9BAcUoPhjlj+QyeUkEO1ytJFFi7LLelXGGHNiM3cYR9ewncy4oDIQNOrSgTrjdHjP2+0Zh0QV92SfX4KAUFfgW2BMhUi5/gk8aLMJQnRNaO2dVtWQoxLf03LEW87oRcnvepZR/IfUkAdjqp2dSQiSKjNUXdKkNSoZ+ErVSm3vTSbx9ju7Rk7i53so4uYIK0gGiGj1XJX8uIH/CllteLu84+ztCX+s4ouUWz0PuZYkm9B9JJ0JpqEdYS5tf7jWagMAvaluCWbHxpCNylzOCfne3Xa9X7vv4Jo0DdDMwQpyKXqa2AxBMPLVJ+hBKSTjkQUZUezfVgNjauIBOwsqwPLifxpMLOXFp2dTD98ZlfruTCOW11Wn2XeQmrVdI12ZPIDFv8ayAxQyAxo0zMQEKU4z0xuTtC+DG9KNKsxjROSWnxT0poWrL9ZZrWduLfAgTerX2HkUZ+ihQMQbAMMVSdg2JdPafW2ZX+ikjD8J/DffOYE0t4UlqucV7Vl/jwKZpcP65nKfFMK1q5oH8QvI7azt+yUHOBIcJCBSQ== nemunaire@alarm
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO/3qKhSUbGYZBVraFo68oScJahRDNQfG+uwDQlLv7g nemunaire@khonsou`
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBpFOv1s7mVb6XWPOLd1U+jzt5WA04CnuJVmY5TvaMhw nemunaire@ouaset`
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/Aa53VeE2XWjo/ItqtuLZ9Jd9oHfhzSjPl6KLEqkBS nemunaire@oupaout`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA5oAoOMAr8RrsBmOE1kyiD6C5+qbdK0NgSS3ZlNOn4dpkD1w5hmrGwGT4O2P8vCC9o95sLRzvrxkHbs+YZhsz04uxmG4zEgS+x1BZuaQBt1V1hBWk8ldqPfZfAEauPQeQZMdKJfbJKYzecRLWIh2jK1sMx0Vmd3CfU/FwEHdlJh3oTKWFsAlukSYnql2dXG3VMzRpaRyh4uu5wFA+Ya6CE5OjcM4o9/JSfGxErK4fvnSPpbplraKqpKvEqX4XC70u5JCLlWSfJ2Es0nIeQ+0QhYxQt4MsaUCBkFoU10wyaDstWfzE4TiMBmrI+JnrbJiODUxsdoKQGS1ZS2EIP7tUjl9N/Z/x6IAPS4TxMTu9dY+k2hRVvpM1h7vwsTPxINlaoPHeni7TF3M6ksR0chQXtbsKBuCAxOnKKoB13WhQcR60G0hqK/5JSTqYiAG2hwlEJTqqcWuYIlgOpWhyQ8cfbL5Xb5SaZmADp6GOoxJxGbjOrnGMLEPcUPkok6hqt1SgegCTJa1nYmpdzutPCJYy3HCd93L8Uwr/+FBJtAY5Imu6gIgmUW+scOzjZbXRYocjClemYPz/mb7ZSuMT3OfrsqaqZ3IJnXi70l7jH6I3DXY8BOgwQM2zkfPJKWHKPrQfTdhfpBq2Nf/kvQERTfqOWGm7YMa5+dP9NUBGbuCCo8E= nemunaire@ssh
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9udkt8V/GFYwa4TMz7XHdedBSTScXxTAdJDdriu/AC nemunaire@seth`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlU/aEbNdDHR2bAmzDY2hIowGfa9oNGyL69tzEK2cpOa+u7PwNzCzWPLytwsO9frOylNtRDiTckbVNdPxMZDkZieeZ5PqWEvWe7hbsh+xds1An2t3tEX6x3QWrxZZo2SNTgck5IqPcufBG+cFxJZlK8pZGkDwGw+x6mHJdLZL2bgMwwvutw1BSF/atF6GLZpztX/y1FM6JQpMCAsrzESoUpDD/Q7BEGb7wCYt+eq/51jUS60g0fC7ob2Xl/nhmnWUkg3U+x/DyY0foqiOMGhSaXdkerfyZMpLCURvH6sOT8EzNzzLRj66Ht8043Vqysoq+pFtj8zyTNVi76QWMkNK7avKXl+rK6dW9zAQidmZcnwPl0qAlkWQjhOgA7xe2TdTM5Yl6HXpmT6T6PHCsIggyCxgCg2ao+ptqPJ4UwvGP2bAz8uLdQp4t+q1hp825o7EtvtnJpJMTksNwOe96iCFjm90O+pmOhLTRVDtgdAknmtIovHnOrZX2zbo1XZHATRx6QOrGwIHU8drSMy878Fd9lb3HVx+595rQ7gh+2Qu87vqk1kZPTFSbn7nMB/l2ROVp4zagXzN8T7Ek3CRP/mIrzyU/3WhOGhbB+bkvWrWRRBnejxQLZkMPl9vAZ5VSNZ2K1OTHasQBy9PaMW5ucd83Jv+jl+xPoJbXsvpzbu6EHw== nemunaire@seth