Login

u/Great-Cow7256

▲ 47 r/firewalla

FCC reverses course, allows software updates for foreign-made drones and routers until 2029 — agency says blocking security patches could create cybersecurity risks

Don't worry. The FCC and DoW/DoD, like the rest of the Trump administration, totally knows what they are doing. /s

tomshardware.com
u/Great-Cow7256 — 5 days ago
▲ 18 r/podman

Over the past year and lots of swearing I was able to convert over all of my docker containers first to system and user podman containers and now to fully user containers.

The hardest ones were the ones needing to access my GPU, until you guys helped me solve the issue - I didn't give the user podman container permissions to see the directory. (sudo chmod of /dev/dri for the win)

Another issue was with programs like ente-auth, Immich, calibre, and my ultrafeeder that has several container files and need to talk to each other. Depending on what they need to do I was able to either have a network setup for them or use host.containers.internal to get them to talk.

I love the elegance of the podmans and multiple ways of being able to monitor them-

Systemctl status

Podman logs

Even cockpit to see the user services.

I also like being able to harden them with some combo of NoNewPrivileges, DropCapability, and ReadOnly. Its a lot of trial and error with those...

Using Ubuntu 26.04 and Podman 5.7.0

reddit.com
u/Great-Cow7256 — 10 days ago
▲ 63 r/Ubuntu

Linux kernel 7.0 and beyond was patched for copy.fail last month. If you've upgraded to 26.04 you are safe from that vulnerability.

This has a list of vulnerable vs. fixed

https://www.sysdig.com/blog/cve-2026-31431-copy-fail-linux-kernel-flaw-lets-local-users-gain-root-in-seconds

Affected Versions

  • Vulnerable: Linux kernel 4.14 through 7.0-rc, all 6.18.x prior to 6.18.22, and 6.19.x prior to 6.19.12 (regression introduced in 4.14, July 2017)
  • Fixed: 7.0, 6.19.12, 6.18.22 
  • Vulnerable downstream distribution backports: Older LTS lines, such as 6.12.x, 6.6.x, 5.15.x, 5.10.x

If you have a vulnerable kernel and can't upgrade it to a patched one run :

echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf

And reboot and you will be safe. There is a small chance this will break some old cryptography-linked services but most people should be ok. If it breaks something you'll need to figure out if the trade-off is worth it before your kernel is patched.

edit: see below for the great comment by u/throwaway234f32423df explaining the patch situation. looks like canonical pushed out the patch far and wide so please update your kernel when you can.

thanks, u/throwaway234f32423df!

edit 2- see below for u/PlateAdditional7992 correction about kmod update coming first rather than a whole kernel replacement fixing this. that being said - update if you can is always a good security stance.

u/Great-Cow7256 — 11 days ago
▲ 30 r/Ubuntu

Just a heads-up for anyone running 26.04. I have two identical Intel 13i7 NUCs. Both ran an unattended upgrade today installing the new kernel. 7.0.0-15.

one updated normally, the other got "stuck" during the process. After a hard reboot, I noticed my splash screen was gone and I was getting scrolls of kernel text.

Upon investigation, /etc/default/grub on the second machine was completely empty. Because the file was empty, the system defaulted to a verbose boot with no quiet splash and the GRUB menu started appearing with a timeout.

I was able to restore it by copying the config from my healthy machine and running sudo update-grub.

Recommendation: Take 5 seconds and back up your GRUB config now just in case:

sudo cp /etc/default/grub /etc/default/grub.bak

If you've noticed your splash screen suddenly disappeared or your boot parameters (like zswap or USB power settings) aren't loading, check if your file was wiped!

I think this bug has been reported but I can't tell for sure so I'm in the process of reporting it now.

reddit.com
u/Great-Cow7256 — 15 days ago
▲ 6 r/podman

Edit!! Solved it!!! I needed to change udev rules to give more broad read/write access to the GPU. Oof. Once I did that it worked. I don't even need anything special in the container.

cat /etc/udev/rules.d/99-qsv-permissions.rules

SUBSYSTEM=="drm", KERNEL=="renderD*", MODE:="0666"

original post-

ubuntu 26.04. podman 5.7.0

I deleted my first one b/c this one has much more info in it. excuse the formatting b/c I tried using the code button and it froze up the reddit window. Everything here is formatted correctly IRL.

My /etc/subgid: helpme:100000:65536 helpme:44:1 helpme:110:1

my /etc/subuid: helpme:100000:65536

groups: helpme root adm cdrom sudo audio dip video plugdev render lpadmin lxd sambashare libvirt docker rslsync

id: uid=1000(helpme) gid=1000(helpme) groups=1000(helpme),0(root),4(adm),24(cdrom),27(sudo),29(audio),30(dip),44(video),46(plugdev),110(render),122(lpadmin),135(lxd),136(sambashare),153(libvirt),995(docker),999(rslsync)

ls -l -a /dev/dri: crw-rw----+ 1 root render 226, 1 Apr 29 11:19 card1

crw-rw----+ 1 root render 226, 128 Apr 29 11:19 renderD128

plex.container:

[Unit]

Description=Plex Media Server (Rootless/GPU/NUC Optimized)

After=network-online.target

[Container]

ContainerName=plex

Image=docker.io/plexinc/pms-docker:latest

Network=host

Annotation=run.oci.keep_original_groups=1

GroupAdd=keep-groups

AddDevice=/dev/dri:/dev/dri:rw

Environment=TZ=America/New_York

Environment=PLEX_UID=1000

Environment=PLEX_GID=1000

Environment=PLEX_TRANSCODE_DIR=/transcode

[my volumes]

Tmpfs=/transcode:size=8G,rw,mode=1777

Tmpfs=/tmp:size=512M,rw,mode=1777

Tmpfs=/var/tmp:size=512M,rw,mode=1777

[Service]

Restart=on-failure

[Install]

WantedBy=default.target

I'm missing something simple... I know it. Any help appreciated.

reddit.com
u/Great-Cow7256 — 15 days ago
▲ 2 r/podman

Has anyone had luck with Podman running apps like Plex with QSV/GPU access as rootless/user containers? No matter what settings I try, when running these rootless/user I can't gain access to the QSV. It'll just say it is owned by "nobody."

As soon as I switch to root/system I can use the QSV/GPU.

Anyone have any ideas?

reddit.com
u/Great-Cow7256 — 16 days ago
▲ 12 r/Ubuntu

background: https://ubuntu.com/security/CVE-2026-41651

this popped up today in my upgrade - They called it 1.3.4-3 -> 1.3.4-3ubuntu1 instead of 1.3.5 like on other Ubuntu packages.

Get:1 https://changelogs.ubuntu.com packagekit 1.3.4-3ubuntu1 Changelog [61.5 kB]

packagekit (1.3.4-3ubuntu1) resolute-security; urgency=medium

* SECURITY UPDATE: TOCTOU Race on Transaction Flags (LP: #2148512)

- debian/patches/Do-not-allow-re-invoking-methods-on-non-new-txn.patch:

do not allow re-invoking methods on non-new transactions in

src/pk-transaction.c.

- CVE number pending

-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Apr 2026 07:22:37 -0400

packagekit (1.3.4-3) unstable; urgency=medium

* Team upload

[ Matthias Klumpp ]

* Stop recommending removed packagekit-tools package (Closes: #1126735)

(LP: #2139443)

[ Jeremy Bícha ]

packagekit:

Installed: 1.3.4-3ubuntu1

Candidate: 1.3.4-3ubuntu1

Version table:

*** 1.3.4-3ubuntu1 500

500 http://security.ubuntu.com/ubuntu resolute-security/main amd64v3 Packages

100 /var/lib/dpkg/status

1.3.4-3 500

500 http://us.archive.ubuntu.com/ubuntu resolute/main amd64v3 Packages

u/Great-Cow7256 — 17 days ago
▲ 1 r/radon

I have a 4" system with a RP265. The fan is exterior. It goes up the side of the house with egress under an eve.

The previous fan was a RP145 and was there for about 30 years. Fan was still working but replaced with the 265 to increase airflow and suction.

Live in western pa

I'm assuming in my case it isn't needed. But I wanted to check.

Also what prevents radon gas from recirculating through the drip tube? I haven't seen a U bend with fluid in any of the models that would presumably seal the drip tube from radon escape.

reddit.com
u/Great-Cow7256 — 19 days ago