Hui Amazon
Hāʻawi ka hāʻawi ʻana i ka kernel Linux a me kahi kaiapuni ʻōnaehana liʻiliʻi, me nā ʻāpana wale nō e pono ai e holo i nā ipu. Ma waena o nā pūʻolo i komo i ka papahana ʻo ka system manager systemd, ka hale waihona puke Glibc, a me nā mea hana hui
Buildroot, GRUB bootloader, mea hoʻonohonoho pūnaewele
Hoʻonui ʻia ka hāʻawi ʻana i ka atomically a hāʻawi ʻia ma ke ʻano o kahi kiʻi ʻōnaehana indivisible. Hoʻokaʻawale ʻia nā ʻāpana disk ʻelua no ka ʻōnaehana, aia kekahi o ka ʻōnaehana hana, a ua kope ʻia ka mea hou i ka lua. Ma hope o ka hoʻopuka ʻia ʻana o ka hoʻonui, lilo ka ʻāpana ʻelua i mea ikaika, a ma ka mea mua, a hiki i ka hōʻea hou ʻana, mālama ʻia ka mana mua o ka ʻōnaehana, kahi e hiki ai iā ʻoe ke ʻōwili i hope inā pilikia nā pilikia. Ho'okomo 'akomi 'ia nā mea hou me ka 'ole o ka luna ho'omalu.
ʻO ka ʻokoʻa koʻikoʻi mai nā hāʻawi like e like me Fedora CoreOS, CentOS / Red Hat Atomic Host ka mea nui i ka hāʻawi ʻana.
Hoʻokomo ʻia ka ʻāpana kumu i ka heluhelu-wale, a ua kau ʻia ka ʻāpana hoʻonohonoho / etc i tmpfs a hoʻihoʻi ʻia i kona kūlana mua ma hope o ka hoʻomaka hou ʻana. ʻAʻole kākoʻo ʻia ka hoʻololi pololei ʻana o nā faila ma ka papa kuhikuhi /etc, e like me /etc/resolv.conf a me /etc/containerd/config.toml - no ka mālama mau ʻana i nā hoʻonohonoho, pono ʻoe e hoʻohana i ka API a i ʻole e hoʻoneʻe i ka hana i loko o nā pahu ʻokoʻa.
Ua kākau ʻia ka hapa nui o nā ʻōnaehana ma Rust, e hāʻawi ana i nā hiʻohiʻona palekana hoʻomanaʻo e pale aku i nā nāwaliwali i hoʻokumu ʻia e ka hoʻomanaʻo hoʻomanaʻo ma hope o ka manuahi, nā kuhikuhi kuhikuhi null, a me nā overruns buffer. Ke kūkulu ʻia ma ke ʻano maʻamau, hoʻohana ʻia nā ʻano hui "--enable-default-pie" a me "--enable-default-ssp" e hiki ai i ka randomization o ka wahi helu o nā faila hiki ke hoʻokō (
No nā pūʻolo i kākau ʻia ma C/C++, hoʻokomo ʻia nā hae hou
"-Wall", "-Werror=format-security", "-Wp,-D_FORTIFY_SOURCE=2", "-Wp,-D_GLIBCXX_ASSERTIONS" a me "-fstack-clash-protection".
Hāʻawi kaʻawale ʻia nā mea hana orchestration pahu
Source: opennet.ru