Kampani ya Amazon
Kugawa kumapereka kernel ya Linux komanso malo ocheperako, kuphatikiza zida zokhazo zomwe zimafunikira kuyendetsa zotengera. Mwa ma phukusi omwe akukhudzidwa ndi ntchitoyi ndi systemd manager, laibulale ya Glibc, ndi zida zochitira msonkhano
Buildroot, GRUB bootloader, network configurator
Kugawa kumasinthidwa ma atomu ndipo kumaperekedwa ngati mawonekedwe a dongosolo losawoneka. Magawo awiri a disk amaperekedwa kwa dongosolo, imodzi yomwe ili ndi machitidwe ogwira ntchito, ndipo zosinthazo zimakopera chachiwiri. Zosinthazo zitatumizidwa, gawo lachiwiri limakhala logwira ntchito, ndipo koyambirira, mpaka kusinthidwa kotsatira kudzafika, mawonekedwe am'mbuyomu amasungidwa, omwe mutha kubweza ngati mavuto abuka. Zosintha zimayikidwa zokha popanda wotsogolera.
Kusiyanitsa kwakukulu kuchokera ku magawo ofanana monga Fedora CoreOS, CentOS/Red Hat Atomic Host ndiye cholinga chachikulu pakupereka.
Gawo la mizu limayikidwa powerenga-pokha, ndipo gawo la / etc limayikidwa mu tmpfs ndikubwezeretsedwa ku chikhalidwe chake choyambirira mutayambiranso. Kusintha kwachindunji kwa mafayilo mu /etc directory, monga /etc/resolv.conf ndi /etc/containerd/config.toml, sikuthandizidwa - kuti musunge zoikamo kwamuyaya, muyenera kugwiritsa ntchito API kapena kusuntha ntchitoyo muzotengera zosiyana.
Zigawo zambiri zamakina zimalembedwa mu Rust, zomwe zimapereka zinthu zoteteza kukumbukira kuti zipewe zovuta zomwe zimadza chifukwa cha kukumbukira kwaulere, kuchotsedwa kwa null pointer, ndi kupitilira kwa buffer. Mukamanga mwachisawawa, njira zophatikizira za "-enable-default-pie" ndi "-enable-default-ssp" zimagwiritsidwa ntchito kuti zitheke kusasintha kwa adilesi yamafayilo omwe angathe kukwaniritsidwa (
Pamaphukusi olembedwa mu C/C++, mbendera zowonjezera zimaphatikizidwa
"-Wall", "-Werror=format-security", "-Wp,-D_FORTIFY_SOURCE=2", "-Wp,-D_GLIBCXX_ASSERTIONS" ndi "-fstack-clash-protection".
Zida zoyimba nkhonya zimaperekedwa mosiyana
Source: opennet.ru