Slp's Projects

slp/krunvm

Manage lightweight VMs created from OCI images
  • Fedora 32 : aarch64, x86_64
  • Fedora 33 : aarch64, x86_64
  • Fedora 34 : aarch64, x86_64
  • Fedora rawhide : aarch64, x86_64

slp/libkrun

A dynamic library providing KVM-based process isolation capabilities
  • Fedora 32 : aarch64, x86_64
  • Fedora 33 : aarch64, x86_64
  • Fedora 34 : aarch64, x86_64
  • Fedora rawhide : aarch64, x86_64

slp/libkrunfw

A dynamic library bundling a Linux kernel in a convenient storage format
  • Fedora 32 : aarch64, x86_64
  • Fedora 33 : aarch64, x86_64
  • Fedora 34 : aarch64, x86_64
  • Fedora rawhide : aarch64, x86_64

slp/crun-krun

This repository provides a crun built with libkrun support.
  • Fedora 32 : x86_64
  • Fedora 33 : x86_64
  • Fedora 34 : x86_64
  • Fedora rawhide : x86_64

slp/flatkvm

A tool to easily run flatpak apps isolated inside a VM with QEMU/KVM.

slp/kernel-rsmt

Fedora 29 kernels with restrict_smt patch.

slp/kernel-ibrs

This is a variant for Fedora's kernel, replacing repoline patches with upstream's IBRS. I built this for myself, as I'm not a big fan of retpoline as a mitigation, but perhaps others may find this useful too. Future kernels from 4.15.x series will provide both mitigations, allowing the user to choose between them. Combined with the latest microcode_ctl package (microcode_ctl-2.1-20.fc27.x86_64), this will get you some (upstream's IBRS patch is still WIP) protection against Spectre variant #2, and a /sys/kernel/debug/x86/ibrs_enabled knob with the same semantics as described in this article: Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables.