Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.100 release. Even though 0.100 may seem to be a magical number … it’s really just the number after 0.99 :D

SELinux Troubleshooting

Cockpit can now help you troubleshoot SELinux problems, and show you fixes for repairing the various issues. This is pretty amazing for system admins who really would rather be secure, but keep bumping into stuff that SELinux is blocking. There’s more to come on both SELinux and troubleshooting in the future. Take a look at what landed in this release:

Image Registry Interface

There’s a new Image Registry user interface. It works with Atomic Platform or Openshift clusters. By default this shows up in the Cockpit “Cluster” admin dashboard.

But more importantly you can deploy this as a standalone image registry, complete with storage, authentication and an interface. See www.projectatomic.io/registry for more info.

Here’s a quick demo:

Storage sliders and more

Marius has been working on cleaning up the storage UI. One of the changes you’ll notice is that you can now use a slider to choose a size for new volumes or file systems, and specify the size units you want to use:

Debian builds now also include the Storage page.

From the future

Peter worked on adding Cluster storage configuration to the Kubernetes admin dashboard. Basic support will be in the next release. Here’s a screenshot:

Try it out

Cockpit 0.100 is available now:

• For your Linux system
• Source Tarball
• Fedora 24
• COPR for Fedora 23, CentOS and RHEL

Atomic App verison 0.4.5 has been released! In this minor release of Atomic App we make some changes to the UI output as well as fix a few provider-specific bugs.

Sometime back I wrote a feature for docker to allow expanding Base device size on daemon restart. This feature has been included in Docker 1.10, so you can try it out now.

Before we jump further into this article, I would like to point out that this feature is only available for devicemapper storage and does not apply to other storage drivers like overlay, btrfs, aufs, etc.

If you are a docker-compose user, as I am, you may be missing one feature: exec—spawning arbitrary commands in already running containers.

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from 0.96 through 0.99.

I have contributed support for a no-new-privileges option to docker. This flag has already been included in runc and the Open Container Initiative spec.

The new flag supports, in Docker, a security feature that was added to the Linux kernel back in 2012 under the name no_new_privs.

Atomic App version 0.4.4 has been released. This release includes a major update to our documentation as well as the user experience when deploying an Atomic App.

One security feature in the upcoming Docker 1.11 is the capability to use an external credential store for registry authentication. The new version will automatically detect a configured external store, if it is available, and use it instead of the JSON file. We’ll be talking more about this in a few paragraphs, but first, let’s see how Docker is currently storing credentials.

A developer contacted me about building a container that will run as a log aggregator for fluentd. This container needed to be a SPC container that would manage parts of the host system, namely the log files under /var/logs.

Being a good conscientious developer, he wanted to run his application as securely as possible. The option he wanted to avoid was running the container in --privileged mode, removing all security from the container. When he ran his container SELinux complained about the container processes trying to read log files.

In this week’s latest release of Fedora Atomic Host, you might notice something different when you boot the new image. There is now a “Developer Mode” entry in the GRUB boot menu. This blog post will describe why this new feature was added and what it does.

One of the confusing things that newcomers encounter when they want to try out Atomic Host is setting up cloud-init. Currently, it is impossible to use an Atomic Host image without providing cloud-init with a data source. In the absence of a source, cloud-init will try connecting to various known metadata URLs for about four minutes and then give up.