@grono_dev profile picture
Paweł Gronowski @grono_dev
Joined January 2025
  • Tweets 171
  • Following 50
  • Followers 18
32 Photos and videos
Pinned Tweet
Paweł Gronowski@grono_dev
May 1
What I learned from patching Docker Engine default seccomp profile for CVE-2026-31431 (Copy Fail) 1. If a seccomp rule already filters an argument (like AF_VSOCK), it's just a matter of adding a second negation for the AF_ALG, right? Wrong! These are two rules that ...
1
3
5
885
Paweł Gronowski retweeted
Armin Ronacher ⇌
@mitsuhiko
Jun 3
In case you are in the camp of “Andrew Tridgell is vibefucking rsync” please read this.l and adjust your priors. medium.com/@tridge60/rsync-a…

rsync and outrage

I gave up blogging a long time ago (apart from an occasional thing about ArduPilot), I tend to just write code and hope people find it…

medium.com
14
37
266
41,954
Paweł Gronowski retweeted
Pope Leo XIV
@Pontifex
May 30
Deep inner suffering inevitably arises when the human person is reduced to performance, consumption, or a statistical datum. Many young people today live under the yoke of expectations to perform, immersed in an exasperated competitiveness that generates anxiety, fear of not measuring up, and disorientation.
964
13,284
78,303
2,814,384
Why the heck is almost every LSP written in Node
1
26
As much as I'd like to move off Vim... every editor is either a bloated mess or a security nightmare. I really wanted to move to Zed but the silent "npm" installs really threw me off. Looks like neovim is not leaving my toolset any time soon
2
49
OpenDivine is a WIP open-source engine for running Divine Divinity Follow #opendivine here: github.com/vvoland/opendivin…
0:14
1
2
46
Wrote a blog: Improvements to Rootless mode in Docker v29.5 medium.com/nttlabs/improveme… - Faster image pulling and pushing - Support for `docker run --net=host` - Support for localhost registries - Source IP propagation without the legacy slirp4netns dependency

Improvements to Rootless mode in Docker v29.5

Rootless mode, which enables running Docker daemon without root privileges, has been significantly improved in Docker v29.5 (May 15, 2026):

medium.com
1
7
15
2,172
Code Blocks? Dev-C ?!?!? Jezu, wy tak zdajecie matury? ;o #matura
1
100
V4bel
@v4bel
May 7
💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io
61
I was bored this weekend so I've started to reimplement Divine Divinity game engine (basically like OpenMW does with Morrowind, still requires original game content) Can already fly over Ferol! #opendivine
0:30
1
1
3
109
Made some progress, player character sprite composition and animations are working! #opendivine
0:15
1
1
32
Heroes of Might and Magic V had the best main menu ever
3:14
3
69
can you guess what game that is??
1
3
123
What I learned from patching Docker Engine default seccomp profile for CVE-2026-31431 (Copy Fail) 1. If a seccomp rule already filters an argument (like AF_VSOCK), it's just a matter of adding a second negation for the AF_ALG, right? Wrong! These are two rules that ...
1
3
5
885
more replies
If you're looking for the complete seccomp policy JSON, you can get one here: github.com/moby/profiles/blo…

profiles/seccomp/default.json at main · moby/profiles

A collection of security profiles for containers, including AppArmor and seccomp profiles used by Moby. - moby/profiles

github.com
1
2
79
Maybe someone will find this useful... Now. I'm off to enjoy some long weekend!
1
2
66
Docker Engine is safe against CVE-2026-31431 now. (The infamous copy.fail) Patch ASAP: github.com/moby/moby/release… #docker #containers #linux #copyfail

Copy Fail — 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

copy.fail
1
3
3
419
Load more