Intel on expanding the scope of the distribution , previously positioned as a dedicated solution for container insulation. New edition allows you to use the distribution on development systems as a user environment. The GNOME desktop is offered by default, but KDE Plasma, Xfce, LXQt, Awesome, and i3 are optional.
The Clear Linux distribution provides strong application isolation using containers partitioned using full virtualization. The base part of the distribution contains only a minimal set of tools for running containers and is updated atomically. All applications are designed as Flatpak packages or Bundles that run in separate containers.
The edition for developers, in addition to preparing sets with graphical and user applications, is noteworthy for expanding hardware support, integrating a debugging system based on FUSE, adding a new installer and commissioning , which offers kits for deploying development environments using various languages and technologies.
A separate base set is provided , which includes assembly tools based on the latest versions of LLVM and GCC with optimizations for Intel chips (components specific to container infrastructures are included in the set ). Also added are pre-configured sets for deploying machine learning systems (Deep Learning Reference Stack based on Intel DL Boost with optimizations for Intel Xeon Scalable) and analyzing large amounts of data (Data Analytics Reference Stack based on Apache Hadoop and Apache Spark).
ClearLinux Features:
- Binary distribution delivery model. Updating the system can be done in two modes: applying fixes to a running system and completely updating the system by installing a new image in a separate Btrfs snapshot and replacing the active snapshot with a new one;
- Aggregating packages into sets () that form a finished functionality, regardless of how many software components form them. Bundle and system environment image are formed on the basis of the RPM package repository, but are delivered without separation into packages. Inside the containers, a specially optimized copy of Clear Linux is executed, containing the bundles necessary to run the target application;
- Efficient update installation system, built into the base part of the distribution and providing accelerated delivery of updates with fixes for critical issues and vulnerabilities. An update in Clear Linux includes only directly changed data, so typical vulnerability and bug fixes take only a few kilobytes and are installed almost instantly;
- Unified versioning system - The version of a distribution represents the state and versions of all its components, which is useful for creating reproducible configurations and tracking changes to the distribution's components at the file level. Changing / updating any part of the system always leads to a change in the overall version of the entire distribution (if in ordinary distributions only the version number of a certain package increases, then in Clear Linux the version of the distribution itself increases);
- Stateless approach to configuration definition, which implies that different classes of settings are separated (OS, user and system settings are stored separately), the system does not save its state (stateless) and after installation does not contain any settings in the /etc directory, but generates settings on the fly based on the templates specified at startup. To reset system settings to default, you can simply remove /etc and /var;
- full-fledged virtualization (KVM) to run containers, which allows for a high level of security. Container startup time is slightly behind traditional container isolation systems (namespaces, cgroups) and is acceptable for launching application containers on demand (virtual environment startup time is about 200ms, and additional memory consumption is 18-20 MB per container). To reduce memory consumption, a mechanism is used (direct access to the FS bypassing the page cache without using the block device level), and technology is used to dedupe identical memory areas (Kernel Shared Memory), which allows you to organize the sharing of host system resources and connect a common system environment template to different guest systems.
Source: opennet.ru
