The Wire · Showcase
KERNEL RC8 LOCKS DOWN NAMESPACE MOUNTS, RISC-V AND POWER FIXES LAND
By RepoJournal · Filed · About Linux
The kernel is tightening namespace security while Arch's installer learns to handle missing keyrings and Wayland compositor startup.
Linux 7.1-rc8 is closing a namespace security hole that let attackers mount regular files over directories through OPEN_TREE_NAMESPACE and FSMOUNT_NAMESPACE, bypassing normal mount restrictions [1]. Simultaneously, power management fixes restore EPP control in amd-pstate [2] and RISC-V closes a CFI prctl implementation gap that was silently accepting invalid control bits [3]. Over in Arch's installer, three critical fixes landed overnight: custom mirrors now skip configuration if keyring sync fails rather than crashing with GPGME errors [4], Wayland desktop profiles now automatically add users to the seat group so sway and hyprland actually start [5], and Plymouth boot splash support arrived as an opt-in feature [6]. The namespace fix is kernel-critical for production systems. The Arch fixes matter heavily if you're shipping Wayland-first installs or running in environments where keyring sync is flaky.
Action items
- → Review namespace mount restrictions in any custom mount tooling before next kernel deploy torvalds/linux [plan]
- → Test Arch installer with keyring sync disabled to confirm mirror fallback works archlinux/archinstall [monitor]
- → Verify seat group provisioning in Wayland profile installs if deploying to user systems archlinux/archinstall [plan]
References
- [1] namespace: restrict OPEN_TREE_NAMESPACE/FSMOUNT_NAMESPACE to directories torvalds/linux
- [2] Merge tag 'pm-7.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm torvalds/linux
- [3] Merge tag 'riscv-for-linux-7.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux torvalds/linux
- [4] Skip custom mirror config when keyring sync fails (#4577) archlinux/archinstall
- [5] Add users to seat group when seatd is selected (#4578) archlinux/archinstall
- [6] Add Plymouth configuration setup ↗ archlinux/archinstall
FAQ
- What changed in Linux on June 11, 2026?
- The kernel is tightening namespace security while Arch's installer learns to handle missing keyrings and Wayland compositor startup.
- What should Linux teams do about it?
- Review namespace mount restrictions in any custom mount tooling before next kernel deploy • Test Arch installer with keyring sync disabled to confirm mirror fallback works • Verify seat group provisioning in Wayland profile installs if deploying to user systems
- Which Linux repositories shipped on June 11, 2026?
- torvalds/linux, archlinux/archinstall