CVE-2026-46329 I/O Request Handling Beyond Filesystem End in Linux Kernel EROFS File-Backed Mounts vulmon.com/vulnerabilitydeta…

Careful with git.kernel.org/pub/scm/linux… even to recent kernels without "erofs: tidy up erofs_init_inode_xattrs()", naive context adjustment will result in a few paths performing a put on an uninitialized buf->page.

auto: [Android 5.15] BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress: A NULL pointer dereference was detected in the z_erofs_decompress function. This caused a kernel panic during filesystem operations, indicating a potential vulnerability in the EROFS decompressor. link: syzkaller.appspot.com/bug?ex…

📦 We are happy to announce support for the EROFS (Enhanced Read-Only File System) format. The new EROFS Format package lets you browse and extract files from EROFS images directly within the application. EROFS is a high-performance, read-only compressed file system for Linux, merged into the mainline kernel in version 4.19. It was originally developed by Huawei and is now the standard file system for Android system partitions starting from Android 10. EROFS is also used in container images (Docker, Nydus) and embedded systems. Unlike older read-only file systems such as SquashFS and CRAMFS, EROFS uses a pcluster-based compressed data layout that offers efficient random read access without decompressing entire blocks. It supports multiple compression algorithms including LZ4 and DEFLATE. Having native support in Cerbero Suite means analysts can inspect Android system images, container images, and embedded firmware encountered during security research, vulnerability assessment, or forensic investigations without needing external tools.

DeepSeek v4: erofs overlaybd 这组合 👍

传统 RAG -> 虚拟文件系统 VFS: @mintlify 构建 AI 文档助手的工程实践 RAG 的局限性 传统 RAG 只能检索与查询语义匹配的文本片段，当答案分散在多个页面，或用户需要精确的语法示例时，系统会失效。Dens 团队希望 AI 能像探索代码库一样探索文档。 关键洞察：Agent 的通用接口正在收敛 Mintlify 指出一个重要趋势：Agent 正在将文件系统作为其主要交互界面。因为 grep、cat、ls、find 这几个基础命令足以支撑 Agent 完成绝大多数信息检索任务。这种设计哲学与 Claude Code/Codex 等 Coding Agents 的底层逻辑一致。 技术方案：ChromaFs 虚拟文件系统 1. 为什么不用真实沙盒？ · 延迟问题：传统容器沙盒启动需要 ~46 秒（含 GitHub clone），前端用户无法容忍 · 成本问题：按 Dayton 的按秒计费，850K 对话/月的规模下，基础配置年成本超 $70,000，长会话会翻倍 2. ChromaFs 架构设计 基于 Vercel Labs 的 just-bash（TypeScript 版 bash 实现），通过 IFileSystem 接口将 UNIX 命令翻译为 Chroma 向量数据库查询： · ls / cd / find：从内存中的文件树结构直接解析，零网络调用 · cat：按 page slug 查询 Chroma，按 chunk_index 排序重组完整页面 · grep -r：双层过滤：Chroma 粗筛（$contains/$regex）→ Redis 缓存 → 内存正则精筛 3. 关键优化点 · 文件树预加载：将整个目录结构以 gzip JSON 形式存储（__path_tree__），包含权限元数据（isPublic、groups），启动时解压到内存。后续同站点会话直接复用缓存。 · 权限控制：在构建文件树前根据用户角色剪枝，替代传统 Linux 用户组/容器隔离方案，实现行级 RBAC。 · 惰性加载：大型 OpenAPI 规范等文件注册为懒指针，仅在 cat 时从 S3 拉取。 · 只读设计：所有写操作返回 EROFS 错误，确保无状态、无会话清理、无交叉污染风险。 方案收益量化 指标 传统沙盒 ChromaFs 会话创建时间 ~46 秒 ~100 毫秒 边际计算成本 $70,000 /年 零（复用） 权限实现复杂度 容器隔离/用户组 几行过滤代码 文章地址： mintlify.com/blog/how-we-bui…

实习生同学用 rust 写了个 erofs 的 snapshotter，静态编译的 bin 比非静态编译的慢 100x 🤣

대체 무슨생각으로 파일시스템 이름을 Enhanced Read-Only File System으로 정한거냐고... EROFS 볼때마다 에로FS로밖에 안읽힌다고...

Here are all the first-time organizations participating in GSoC: - Boa: An ECMAScript engine written in Rust. - EROFS filesystem: A modern image-based kernel filesystem. - Gemini CLI: Brings the power of Gemini directly into the terminal. - German Center for Open Source AI: Democratically governed AI for society. - Konflux: Secure software pipelines using a Kubernetes-native approach. - Learning Unlimited: Educational tools focused on teaching and learning. - MLLAM: Research software for AI-driven weather forecasting. - MalariaGEN: The Malaria Genomic Epidemiology Network (genomic science). - Measurement Lab: Providing open Internet performance data since 2009. - Metaflow: A human-centric machine learning framework. - MoFA Org: Focused on "Composition AI" development tools. - MoganLab: Tools designed to make academic writing more natural. - OpenMS Inc: Advancing algorithms and AI for biomedical insights. - The OpenROAD Initiative: Building an open-source semiconductor design ecosystem. - United Nations Office of Information and Communication Technology: Innovative technology for a sustainable future. - preCICE: A coupling library for multi-physics simulations.

asciinema.org/a/di7ZuJkiHgs2… 很好，玩了另外一种形式，把 OCI 每一层做成 erofs，然后 overlay 叠叠乐做 rootfs

GSoC 2026 is around the corner. If you haven't started contributing yet, worry not. Here are the 16 new organizations participating this time. The best part is, they have less competition yet accept a large number of applicants. Boa EROFS filesystem Gemini CLI German Center for Open Source AI Konflux Learning Unlimited MLLAM MalariaGEN Measurement Lab Metaflow MoFA Org MoganLab OpenMS Inc The OpenROAD Initiative United Nations Office of Information Communication Technology preCICE I started around the same time last year and became a contributor myself. So get started now! Pick one and contribute aggressively.

New Orgs in GSOC 2026: The Libreswan Project: summerofcode.withgoogle.com/… Konflux: summerofcode.withgoogle.com/… preCICE: summerofcode.withgoogle.com/… MoFA Org: summerofcode.withgoogle.com/… United Nations Office of Information Communication Technology: summerofcode.withgoogle.com/… MoganLab: summerofcode.withgoogle.com/… Metaflow: summerofcode.withgoogle.com/… Boa: summerofcode.withgoogle.com/… OpenMS Inc: summerofcode.withgoogle.com/… Learning Unlimited: summerofcode.withgoogle.com/… The OpenROAD Initiative: summerofcode.withgoogle.com/… GNU Project: summerofcode.withgoogle.com/… MLLAM: summerofcode.withgoogle.com/… GNU Mailman: summerofcode.withgoogle.com/… Gambit: The package for computation in game theory: summerofcode.withgoogle.com/… Measurement Lab: summerofcode.withgoogle.com/… German Center for Open Source AI: summerofcode.withgoogle.com/… Gemini CLI: summerofcode.withgoogle.com/… Qubes OS: summerofcode.withgoogle.com/… EROFS filesystem: summerofcode.withgoogle.com/… Tiled: summerofcode.withgoogle.com/… MalariaGEN: summerofcode.withgoogle.com/…

We got rid of the device repositories entirely by generating the rest of the configuration from adevtool where it's shared between devices and can be automatically derived from the stock OS setup rather than manually updating each device tree when they change to EROFS, etc.

GRUB 2.14 Released with EROFS, Argon2 KDF, TPM 2.0 Key Protector, and Shim Loader Protocol Support 9to5linux.com/grub-2-14-rele… #Linux #OpenSource

GRUB 2.14 Bootloader Released With EROFS Support, Shim Loader Protocol Lots of great improvements to this widely-used bootloader! phoronix.com/news/GRUB-2.14-…

You can package model weights as dm-verity-protected EROFS images. The root hash goes in the kernel cmdline, so it becomes part of the hardware attestation. We built this for Huggingface models: github.com/tinfoilsh/modelpa…