mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
4ceb2cbe1d
d7d2e693 fix: typo in bare metal detection (fixes #269) b0083d91 Remove unneeded volumes in Dockerfile (#266) 904a83c6 Fix Arch kernel image detection (#268) 906f54cf Improved hypervisor detection (#259) c45a06f4 Warn on missing kernel info (#265) 4a6fa070 Fix misdetection of files under Clear Linux (#264) c705afe7 bump to v0.40 401ccd4b Correct aarch64 KPTI dmesg message 55120839 Fix a typo in check_variant3_linux() f5106b3c update MCEDB from v83 to v84 (no actual change) 68289dae feat: add --update-builtin-mcedb to update the DB inside the script 3b2d5296 feat(l1tf): read & report ARCH_CAPABILITIES bit 3 (SKIP_VMENTRY_L1DFLUSH) cbb18cb6 fix(l1tf): properly detect status under Red Hat/CentOS kernels 299103a3 some fixes when script is not started as root dc5402b3 chore: speed optimization of hw check and indentation fixes 90c2ae5d feat: use the MCExtractor DB as the reference for the microcode versions 53d6a447 Fix detection of CVE-2018-3615 (L1TF_SGX) (#253) 297d890c fix ucode version check regression introduced by fbbb19f under BSD 0252e74f feat(bsd): implement CVE-2018-3620 and CVE-2018-3646 mitigation detection fbbb19f2 Fix cases where a CPU ucode version is not found in $procfs/cpuinfo. (#246) 1571a56c feat: add L1D flush cpuid feature bit detection 3cf91416 fix: don't display summary if no CVE was tested (e.g. --hw-only) bff38f1b BSD: add not-implemented-yet notice for Foreshadow-NG b419fe7c feat(variant4): properly detect SSBD under BSD f193484a chore: fix deprecated SPDX license identifier (#249) (#251) 349d77b3 Fix kernel detection when /lib/kernel exists on a distro (#252) e589ed7f fix: don't test SGX again in check_CVE_2018_3615, already done by is_cpu_vulnerable ae120628 fix: remove some harcoded /proc paths, use $procfs instead b44d2b54 chore: remove 'experimental' notice of Foreshadow from README 7b72c20f feat(l1tf): explode L1TF in its 3 distinct CVEs b48b2177 feat: Add Clear Linux Distro (#244) 8f31634d feat(batch): Add a batch short option for one line result (#243) 96798b19 chore: add SPDX GPL-3.0 license identifier (#245) 687ce1a7 fix: load cpuid module if absent even when /dev/cpu/0/cpuid is there 80e0db7c fix: don't show erroneous ucode version when latest version is unknown (fixes #238) e8890ffa feat(config): support for genkernel kernel config file (#239) b2f64e11 fix README after merge 42a3a61f Slightly improved Docker configuration (#230) afb36c51 Fix typo: 'RBS filling' => 'RSB filling' (#237) 0009c0d4 fix: --batch now implies --no-color to avoid colored warnings dd67fd94 feat: add FLUSH_CMD MSR availability detection (part of L1TF mitigation) 339ad317 fix: add missing l1tf CPU vulnerability display in hw section 794c5be1 feat: add optional git describe support to display inter-release version numbers a7afc585 fix several incorrect ucode version numbers fc1dffd0 feat: implement detection of latest known versions of intel microcodes e9426161 feat: initial support for L1TF 360be7b3 fix: hide arch_capabilities_msr_not_read warning under !intel 5f592578 bump to v0.39 92d59cbd chore: adjust some comments, add 2 missing inits 4747b932 feat: add detection of RSBA feature bit and adjust logic accordingly 860023a8 fix: ARCH MSR was not read correctly, preventing proper SSB_NO and RDCL_NO detection ab67a922 feat: read/write msr now supports msr-tools or perl as dd fallback f4592bf3 Add Arch armv5/armv7 kernel image location (#227) be15e476 chore: setting master to v0.38+ d3481d95 Add support for the kernel being within a btrfs subvolume (#226) 21af5611 bump to v0.38 cb740397 feat(arm32): add spectrev1 mitigation detection 84195689 change: default to --no-explain, use --explain to get detailed mitigation help b637681f fix: debug output: msg inaccuracy for ARM checks 9316c305 fix: armv8: models < 0xd07 are not vulnerable f9dd9d8c add guess for archlinuxarm aarch64 kernel image on raspberry pi 3 (#222) 0f0d103a fix: correctly init capabilities_ssb_no var in all cases b262c405 fix: remove spurious character after an else statement cc2910fb fix: read_cpuid: don't use iflag=skip_bytes for compat with old dd versions 30c4a1f6 arm64: cavium: Add CPU Implementer Cavium (#216) cf06636a fix: prometheus output: use printf for proper \n interpretation (#204) 60077c8d fix(arm): rewrite vuln logic from latest arm statement for Cortex A8 to A76 c181978d fix(arm): Updated arm cortex status (#209) 9a6406a9 chore: add docker support (#203) 5962d20b fix(variant4): whitelist from common.c::cpu_no_spec_store_bypass (#202) 17a34885 fix(help): add missing references to variants 3a & 4 (#201) e54e8b3e chore: remove warning in README, fix display indentation 39c778e3 fix(amd): AMD families 0x15-0x17 non-arch MSRs are a valid way to control SSB 2cde6e46 feat(ssbd): add detection of proper CPUID bits on AMD f4d51e7e fix(variant4): add another detection way for Red Hat kernel 85d46b27 feat(variant4): add more detailed explanations 61e02abd feat(variant3a): detect up to date microcode 114756fa fix(amd): not vulnerable to variant3a ea75969e fix(help): Update variant options in usage message (#200) ca391cbf fix(variant2): correctly detect IBRS/IBPB in SLES kernels 68af5c5f feat(variant4): detect SSBD-aware kernel 19be8f79 doc: update README with some info about variant3 and variant4 f75cc0bb feat(variant4): add sysfs mitigation hint and some explanation about the vuln f33d65ff feat(variant3a): add information about microcode-sufficient mitigation 725eaa8b feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4 c6ee0358 feat(variant4): report SSB_NO CPUs as not vulnerable 22d0b203 fix(ssb_no): rename ssbd_no to ssb_no and fix shift 3062a841 fix(msg): add missing words 6a4318ad feat(variant3a/4): initial support for 2 new CVEs c1998618 fix(variant2): adjust detection for SLES kernels 7e4899bc ibrs can't be enabled on no ibrs cpu (#195) 5cc77741 Update spectre-meltdown-checker.sh 1c0f6d95 cpuid and msr module check 4acd0f64 Suggestion to change VM to a CPU with IBRS capability fb52dbe7 set master branch to v0.37+ git-subtree-dir: src/yunohost/vendor/spectre-meltdown-checker git-subtree-split: d7d2e6934ba08a2de2e2c80bb42936a60b884b78
15 lines
346 B
YAML
15 lines
346 B
YAML
version: '2'
|
|
|
|
services:
|
|
spectre-meltdown-checker:
|
|
build:
|
|
context: ./
|
|
dockerfile: ./Dockerfile
|
|
image: spectre-meltdown-checker:latest
|
|
container_name: spectre-meltdown-checker
|
|
privileged: true
|
|
network_mode: none
|
|
volumes:
|
|
- /boot:/boot:ro
|
|
- /dev/cpu:/dev/cpu:ro
|
|
- /lib/modules:/lib/modules:ro
|