I-Microsoft ipapashe uhlaziyo lokuqala oluzinzileyo lwesebe elitsha lokusasaza i-CBL-Mariner 2.0 (i-Common Base Linux Mariner), ephuhliswayo njengeqonga lesiseko sehlabathi jikelele se-Linux ezisetyenziswa kwiziseko zelifu, iisistim ze-edge kunye neenkonzo ezahlukeneyo zikaMicrosoft. Le projekthi ijolise ekudibaniseni izisombululo ze-Microsoft Linux kunye nokwenza lula ugcino lweenkqubo zeLinux ngeenjongo ezahlukeneyo ngoku. Uphuhliso lweprojekthi lusasazwa phantsi kwelayisenisi ye-MIT. Ulwakhiwo lwepakethi lwenzelwe i-aarch64 kunye ne-x86_64 yezakhiwo.
Ukukhutshwa okutsha kuphawuleka kuhlaziyo olubalulekileyo lweenguqulelo zeprogram. Kubandakanywa iinguqulelo ezihlaziyiweyo ze-Linux kernel 5.15 (kwisebe le-1.0 i-5.4 kernel isetyenzisiwe), i-systemd 250, i-glibc 2.35, i-GCC 11.2, i-clang 12, i-Python 3.9, i-ruby ββ3.1.2, i-rpm 4.17, i-qemu nganye , ostree 6.1. Uvimba ongundoqo uquka amacandelo e-GUI afana ne-Wayland 5.34, i-Mesa 2022.1, i-GTK 1.20 kunye ne-X.Org Server 21.0, eziye zathunyelwa ngaphambili kwindawo yogcino lwe-coreui eyahlukileyo. I-kernel eyongeziweyo yakha ngeepatches ze-PREEMPT_RT ukuze zisetyenziswe kwiinkqubo zexesha lokwenyani.
Ikiti yokusabalalisa i-CBL-Mariner inikeza isethi encinci yemigangatho yeepakethe ezisisiseko ezisebenza njengesiseko sendalo yonke ekudaleni ukuxutywa kwee-container, indawo zokusingatha kunye neenkonzo eziqaliswe kwiziseko zamafu kunye nezixhobo ezinqamlekileyo. Izisombululo eziyinkimbinkimbi kunye nezikhethekileyo zinokudalwa ngokongeza iipakethi ezongezelelweyo phezulu kwe-CBL-Mariner, kodwa isiseko sazo zonke iinkqubo ezinjalo zihlala zifana, okwenza kube lula ukugcina nokulungisa ukuphuculwa. Umzekelo, i-CBL-Mariner isetyenziswa njengesiseko sosasazo oluncinci lwe-WSLg, olubonelela ngamacandelo estaki segrafiki yokuqhuba usetyenziso lwe-Linux GUI kwi-WSL2 (i-Windows Subsystem ye-Linux). Ukusebenza okwandisiweyo kwi-WSLg kufezekiswa ngokubandakanywa kweepakethe ezongezelelweyo kunye ne-Weston Composite Server, i-XWayland, i-PulseAudio kunye ne-FreeRDP.
Inkqubo yokwakha ye-CBL-Mariner ikuvumela ukuba uvelise zombini iipakethe ze-RPM ezihlukeneyo ezisekelwe kwiifayile ze-SPEC kunye nemithombo, kunye nemifanekiso ye-monolithic ye-monolithic eyenziwe ngokusebenzisa i-toolkit ye-rpm-ostree kwaye ihlaziywe nge-atom ngaphandle kokuqhekeka kwiipakethe ezihlukeneyo. Ngokufanelekileyo, iimodeli ezimbini zokuhanjiswa kohlaziyo ziyaxhaswa: ngokuhlaziya iipakethe zomntu ngamnye kunye nokwakha kwakhona kunye nokuhlaziya yonke inkqubo yomfanekiso. Indawo yokugcina iyafumaneka malunga ne-3000 RPMs esele yakhiwe ongayisebenzisa ukwakha imifanekiso yakho ngokusekelwe kwifayile yoqwalaselo.
Ukuhanjiswa kubandakanya kuphela amacandelo ayimfuneko kwaye ilungiselelwe imemori encinci kunye nokusetyenziswa kwendawo yediski, kunye nesantya esiphezulu sokukhuphela. Ukuhanjiswa kukwaphawuleka ngokubandakanya iindlela ezahlukeneyo zokhuseleko ezongezelelweyo. Iprojekthi isebenzisa "ukhuseleko oluphezulu ngokungagqibekanga". Ibonelela ngesakhono sokucoca iifowuni zesixokelelwano usebenzisa i-seccomp mechanism, i-encrypt partitions zedisk, kwaye uqinisekise iipakethe ngotyikityo lwedijithali.
Iimowudi zedilesi ye-randomization exhaswa kwi-Linux kernel, kunye neendlela zokukhusela ngokuchasene nohlaselo olunxulumene noqhagamshelo lomfuziselo, mmap, /dev/mem kunye /dev/kmem, ziyasebenza. Kwiindawo zememori eziqulethe amacandelo ane-kernel kunye nedatha yemodyuli, imowudi isetelwe ukuba ifundeke kuphela kwaye ukuphunyezwa kwekhowudi akuvumelekanga. Okukhethiweyo kukukwazi ukukhubaza ukulayishwa kweemodyuli ze-kernel emva kokuqaliswa kwenkqubo. I-iptables toolkit isetyenziselwa ukuhluza iipakethi zenethiwekhi. Ngokungagqibekanga, ukupasa kokwakha kwenza iindlela zokukhusela ngokuchasene nokuphuphuma kwestaki, ukugcwala kwe-buffer, kunye neengxaki zokufomatha umtya (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Umphathi wenkqubo ye-systemd usetyenziselwa ukulawula iinkonzo kunye nesiqalo. Abaphathi bephakheji i-RPM kunye ne-DNF babonelelwa ngolawulo lwephakheji. Iseva ye-SSH ayenziwanga isebenze ngokungagqibekanga. Ukufakela ukuhanjiswa, isifakeli sinikezelwe esinokusebenza kuzo zombini iindlela zokubhaliweyo kunye negraphical. I-installer inika amandla okufaka ngesethi epheleleyo okanye esisiseko yeepakethe, inikezela nge-interface yokukhetha isahlulelo sediski, ukukhetha igama lomninimzi kunye nokudala abasebenzisi.
umthombo: opennet.ru