Microsoft yakachinja zita rekuti CBL-Mariner dividend kuita Azure. LinuxKare yaizivikanwa seAzure Linux yakashandiswa pakuvaka kwakasarudzika kwakaiswa paAzure Kubernetes Service (AKS), uye puratifomu yakajairika yekugadzira kugoverwa yakagadzirwa pasi pezita rekuti CBL-Mariner (Common Base). Linux Mariner). Mazuva mashoma apfuura, Microsoft yakatumidza zita rekuti CBL-Mariner repository kuita azurelinux, yakachinja mazita ezvishandiso, uye yakabvisa mareferensi kuCBL-Mariner muAzure documentation. LinuxMushure meizvi, kuburitswa kwekutanga kwepuratifomu kwakagadzirwa pasi pezita idzva - Azure Linux 2.0.20240301, iyo inogadzirisa zvikanganiso zvakaunganidzwa uye kushaya simba mumapurogiramu.
Chinangwa chepurojekiti iyi ndechekubatanidza matekinoroji anoshandiswa muMicrosoft Linux-mhinduro uye kugadzirisa kuri nyore Linux-kugoverwa kwazvino kwemasisitimu akasiyana-siyana. Pakati pezvimwe zvinhu, kugoverwa uku kunoshandiswa muzvivakwa zvegore, masisitimu emucheto, uye masevhisi akasiyana-siyana eMicrosoft. Kuvandudzwa kwepurojekiti iyi kunogoverwa pasi perezinesi reMIT. Mapakeji anogadzirwa ezvivakwa zveaarch64 ne x86_64. Mufananidzo weISO unobhuroka (860 MB) unowanikwa kune x86_64 architecture.
Kugoverwa kweAzure Linux Inopa seti diki, yakajairika yemapakeji makuru anoshanda sehwaro hwepasi rose hwekuvaka ma framework emakontena, nzvimbo dzekugamuchira, uye masevhisi anoshanda pazvivakwa zvegore nemidziyo yemupendero. Mhinduro dzakaoma uye dzakagadzirwa dzinogona kugadzirwa nekuwedzera mamwe mapakeji pamusoro peAzure. Linux, asi hwaro hwemasisitimu ese akadaro hahuna kuchinja, izvo zvinoita kuti kugadzirisa nekugadzirisa zvigadziriso zvive nyore.
Semuenzaniso, Azure Linux Inoshandiswa sehwaro hweWSLg mini-distribution, iyo inopa zvikamu zve graphics stack zvekushandisa ma GUI applications. Linux munzvimbo dzakavakirwa paWSL2 subsystem (Windows Sisitimu yepasi pe Linux). Kushanda kwakawedzerwa muWSLg kunoitwa kuburikidza nekuwedzera mamwe mapakeji ane composite. server Weston, XWayland, PulseAudio uye FreeRDP.
Sisitimu yekuvaka yeAzure Linux Inokubvumira kugadzira mapakeji eRPM ega ega zvichibva pamafaira eSPEC uye source code, pamwe nemifananidzo yemonolithic system yakavakwa uchishandisa rpm-ostree toolkit uye yakagadziridzwa atomiki pasina kuipatsanura kuita mapakeji ega ega. Saka, kune mamodheru maviri ekutumira ma update anotsigirwa: kugadzirisa mapakeji ega ega uye kuvakazve nekugadzirisa mufananidzo wese wesystem. Nzvimbo yekuchengetedza ine maRPM anosvika 3000 akavakwa kare anowanikwa, anogona kushandiswa kuvaka mifananidzo yakasarudzika zvichibva pafaira rekugadzirisa.
Iyo base chikuva inosanganisira chete zvakakosha zvikamu uye yakagadziridzwa kune shoma ndangariro uye dhisiki nzvimbo yekushandisa, pamwe nekumhanyisa kurodha. Iyo purojekiti inoshandisa "yakanyanya chengetedzo nekusarudzika" maitiro, ayo anosanganisira kubatanidzwa kweakasiyana mamwe maitiro ekuwedzera chengetedzo:
- Kusefa system kufona uchishandisa iyo seccomp mechanism.
- Encryption ye disk partitions.
- Kuongororwa kwepakeji nedhijitari siginicha.
- Kero nzvimbo randomization.
- Dziviriro kubva ku symlink kurwiswa, mmap, /dev/mem uye /dev/kmem.
- Kuverenga-chete modhi uye kurambidza kodhi kuuraya munzvimbo dzekurangarira dzine zvikamu zvine kernel uye module data.
- Sarudzo yekudzima kurodha kernel modules mushure mekutanga system.
- Kushandisa iptables kusefa network mapaketi.
- Gonesa nzira dzedziviriro kubva pakufashukira, buffer mafashama, uye tambo fomati nyaya panguva yekuvaka (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Iyo system maneja systemd inoshandiswa kubata masevhisi uye boot. RPM uye DNF mapakeji maneja anopihwa maneja manejimendi. Iyo SSH server haina kugoneswa nekusarudzika. Kuti uise kugovera, mugadziri anopiwa anogona kushanda mune zvese zvinyorwa uye graphical modes. Iyo yekumisikidza inopa sarudzo yekuisa ine yakazara kana yakakosha seti yemapakeji, uye inopa chinongedzo chekusarudza dhisiki partition, kusarudza zita remuenzi, uye kugadzira vashandisi.
Pamusoro pekuchinja kwakabatana neCBL-Mariner neAzure Linux, Microsoft yakaunzawo kuburitswa kutsva kwepuratifomu yeAzure Sphere 24.03, yakavakirwa pachikamu chikuru. Linux uye yakagadzirirwa kugadzira zvishandiso zveInternet of Things zvichibva pama microcontroller units (MCUs) anoshanda nesimba ane ma peripheral subsystems akabatanidzwa. Chimwe chezvinhu zviri papuratifomu iyi iPluton subsystem, iyo inopa hardware ye encryption, private key storage, uye cryptographic operations dzakaoma. Pluton inosanganisira processor yakatsaurirwa, cryptographic engine, hardware random number generator, uye isolated key storage.
Source: opennet.ru
