ProHoster > Blog > internet nhau > Microsoft yakaburitsa gadziriso itsva Linux- Kugoverwa kweCBL-Mariner

Microsoft yakaburitsa gadziriso itsva Linux- Kugoverwa kweCBL-Mariner

Microsoft yakaburitsa CBL-Mariner distribution update 1.0.20210901 (Common Base) Linux Mariner), iyo iri kugadzirwa senzvimbo yepasi rose yekubatsira Linux-nzvimbo dzinoshandiswa muzvivakwa zvegore, masisitimu emucheto, uye masevhisi akasiyana-siyana eMicrosoft. Chinangwa chepurojekiti iyi ndechekubatanidza nzvimbo dzinoshandiswa muMicrosoft. Linux-mhinduro uye kugadzirisa kuri nyore Linux-masisitimu ezvinangwa zvakasiyana-siyana munyika yazvino. Kuvandudzwa kwepurojekiti iyi kuri kugoverwa pasi perezenisi reMIT.

Mukuburitswa kutsva:

  • Mufananidzo weISO wekutanga (700 MB) watanga kugadzirwa. Mukutanga kuburitswa, mifananidzo yeISO yakagadzirwa kare haina kupihwa; zvaifungidzirwa kuti mushandisi anogona kugadzira mufananidzo une zvikamu zvinodiwa (mirairo yekuungana yakagadzirirwa Ubuntu 18.04).
  • Tsigiro yeotomatiki pasuru inogadziridza yaitwa, iyo iyo Dnf-Otomatiki application inosanganisirwa.
  • Nucleus Linux Yakagadziridzwa kusvika pavhezheni 5.10.60.1. Mapurogiramu akagadziridzwa anosanganisira openvswitch 2.15.1, golang 1.16.7, logrus 1.8.1, tcell 1.4.0, gonum 0.9.3, testimony 1.7.0, crunchy 0.4.0, xz 0.5.10, swig 4.0.2, squashfs-tools 4.4, mysql 8.0.26.
  • OpenSSL inopa iyo sarudzo yekudzosera rutsigiro rweTLS 1 uye TLS 1.1.
  • Kuti utarise iyo kodhi kodhi yeturusi, iyo sha256sum utility inoshandiswa.
  • Mapakeji matsva aisanganisira: etcd-zvishandiso, cockpit, aide, fipscheck, tini.
  • Iwo brp-strip-debug-symbols, brp-strip-unneeded uye ca-legacy mapakeji abviswa. Yakabviswa SPEC mafaira eDotnet uye aspnetcore mapakeji, ayo zvino aunganidzwa neiyo core .NET development timu uye akaiswa mune yakaparadzana repository.
  • Kugadziriswa kwekusagadzikana kwakaendeswa kune shanduro dzepasuru dzakashandiswa.

Sechiyeuchidzo, kugoverwa kweCBL-Mariner kunopa seti diki, yakajairika yemapakeji makuru anoshanda sehwaro hwese hwekuvaka ma container frameworks, nharaunda dzehost, uye masevhisi anoshanda mu cloud infrastructures uye pa edge devices. Mhinduro dzakaoma uye dzakasarudzika dzinogona kugadzirwa nekuwedzera mamwe mapakeji pamusoro peCBL-Mariner, asi musimboti wemasystem ese akadaro unoramba wakafanana, zvichiita kuti kugadzirisa kuve nyore uye kugadzirira zvigadziriso. Semuenzaniso, CBL-Mariner inoshandiswa sehwaro hweWSLg mini-distribution, iyo inopa zvikamu zve graphics stack zvekushandisa ma GUI applications. Linux munzvimbo dzakavakirwa paWSL2 subsystem (Windows Sisitimu yepasi pe Linux). Kushanda kwakawedzerwa muWSLg kunoitwa kuburikidza nekuwedzera mamwe mapakeji ane composite. server Weston, XWayland, PulseAudio uye FreeRDP.

Iyo CBL-Mariner kuvaka sisitimu inobvumidza iwe kugadzira ese ari maviri ega RPM mapakeji anoenderana neSPEC mafaera uye sosi kodhi, pamwe ne monolithic system mifananidzo inogadzirwa uchishandisa rpm-ostree toolkit uye yakagadziridzwa atomu pasina kupatsanura mumapakeji akasiyana. Saizvozvo, maviri ekugadzirisa edhisheni modhi anotsigirwa: kuburikidza nekuvandudza ega mapakeji uye kuburikidza nekuvaka patsva nekugadzirisa iyo yese system mufananidzo. Nzvimbo inosvika zviuru zvitatu zvakavakwa RPM mapakeji iripo yaunogona kushandisa kuvaka yako mifananidzo zvichienderana nefaira yekumisikidza.

Kugovera kunosanganisira chete izvo zvinonyanya kukosha zvikamu uye zvakagadziridzwa kune shoma ndangariro uye dhisiki nzvimbo yekushandisa, pamwe nekumhanyisa kurodha. Kugovera kwacho kwakakoshawo pakuiswa kwedzimwe nzira dzakasiyana dzekuwedzera kuchengetedzwa. Iyo purojekiti inotora "yakanyanya kuchengetedzwa nekusarudzika" nzira. Zvinogoneka kusefa mafoni ehurongwa uchishandisa seccomp mechanism, encrypt disk partitions, uye simbisa mapakeji uchishandisa siginecha yedhijitari.

Zvinotsigirwa mu kernel zvinogoneswa Linux Maitiro ekugadzirisa nzvimbo asingatarisirwi, pamwe chete nenzira dzekudzivirira kubva mukurwiswa kwakabatana nezviratidzo zvema symbolic links, mmap, /dev/mem, uye /dev/kmem, zvinoitwa. Nzvimbo dzekurangarira dzine zvikamu zve data zve kernel ne module dzakaiswa ku read-only mode, uye kodhi inokonzereswa haishande. Pane sarudzo iripo yekudzima kernel module loading mushure mekutanga system. iptables inoshandiswa pakusefa network packet. Maitiro ekudzivirira kubva pakuzara kwe stack, buffer overflows, uye string formatting issues (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro) anogoneswa ne default panguva yekuvaka.

Iyo system maneja systemd inoshandiswa kubata masevhisi uye boot. Zvepakeji maneja, mapakeji maneja RPM uye DNF (tdnf musiyano kubva vmWare) anopihwa. Iyo SSH server haina kugoneswa nekusarudzika. Kuti uise kugovera, mugadziri anopiwa anogona kushanda mune zvese zvinyorwa uye graphical modes. Iyo yekumisikidza inopa sarudzo yekuisa ine yakazara kana yekutanga seti yemapakeji, uye inopa chinongedzo chekusarudza dhisiki partition, kusarudza zita remuenzi, uye kugadzira vashandisi.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster