Gavin Inglis

^ added a commit for updating nightly rust toolchain to `2025-02-24`. Still working through some issues with cargo-deny. Currently it is flagging all workspace dependencies as unused. e: working through...

^ force push adds a check to ensure that each versioned directory under `advisories/` has a corresponding git tag

^ force push handles return code from `grep` more gracefully with error message. Testing added to PR description

^ force push pins `cargo-deny` to v0.17.0 and reverts toolchain upgrade

^ force push based on some offline feedback from @cbgbt . We should only be linting on structured data, which in this case is a CVE or GHSA ID. Adjusted...

^ force push links against musl in CI for `make build`. integ test failures like ``` 0.166 /host/build/tools/unplug: /lib64/libc.so.6: version `GLIBC_2.39' not found (required by /host/build/tools/unplug) ``` Indicated that builds...

Chatted offline with @cbgbt . I'm going to take this approach - add a new `lints` crate under [twoliter/tools](https://github.com/bottlerocket-os/twoliter/tree/develop/tools) that provides multiple binaries. I'll write a binary for the lint...

> > Or alternatively - just accept that the inventory will list `bottlerocket-glibc` (etc) instead of `glibc`. > > I somewhat favor this, rather than trying to elevate what is...

@bcressey @cbgbt as promised, here's https://github.com/bottlerocket-os/twoliter/issues/397 for tracking the kit specific decisions lingering in app inventory generation

Could you please check journal logs on the node for an AVC denial to debug what process is causing this? `journalctl -k | grep denial` As for the container-selinux types,...