Inkampani ye-Amazon
Ukusabalalisa kunikeza i-Linux kernel kanye nemvelo yesistimu encane, okuhlanganisa kuphela izingxenye ezidingekayo ukuze kusetshenziswe iziqukathi. Phakathi kwamaphakheji abandakanyekayo kuphrojekthi i-systemd manager, umtapo wezincwadi we-Glibc, namathuluzi omhlangano
I-Buildroot, i-GRUB bootloader, isilungisi senethiwekhi
Ukusatshalaliswa kubuyekezwa nge-athomu futhi kulethwa ngendlela yesithombe sesistimu esingenakuhlukaniswa. Ama-disk partitions amabili abelwe isistimu, eyodwa equkethe isistimu esebenzayo, futhi isibuyekezo sikopishelwe kwesibili. Ngemuva kokuthi isibuyekezo sisetshenzisiwe, ukwahlukanisa kwesibili kuyaqala ukusebenza, futhi okokuqala, kuze kufike isibuyekezo esilandelayo, inguqulo yangaphambilini yesistimu igcinwa, ongabuyela kuyo uma kuphakama izinkinga. Izibuyekezo zifakwa ngokuzenzakalelayo ngaphandle kokungenelela komlawuli.
Umehluko oyinhloko ekusatshalalisweni okufanayo okufana ne-Fedora CoreOS, i-CentOS/I-Red Hat Atomic Host yiyona ndlela okugxilwe ngayo ekuhlinzekeni.
I-root partition ifakwe ukufunda kuphela, futhi ukwahlukanisa kwezilungiselelo /etc kufakwe ku-tmpfs futhi kubuyiselwe esimweni saso sangempela ngemuva kokuqala kabusha. Ukuguqulwa okuqondile kwamafayela ku-directory /etc, njenge /etc/resolv.conf kanye /etc/containerd/config.toml, akusekelwa - ukuze ulondoloze unomphela izilungiselelo, kufanele usebenzise i-API noma uhambise ukusebenza ezitsheni ezihlukene.
Izingxenye eziningi zesistimu zibhalwe nge-Rust, ehlinzeka ngezici ezivikela inkumbulo ukuze kugwenywe ubungozi obubangelwa ukufinyelela kwememori yangemuva kwamahhala, izinkomba ezingenalutho, kanye nokudlulela kwebhafa. Lapho wakha ngokuzenzakalelayo, izindlela zokuhlanganisa ze-β--enable-default-pieβ kanye ne-β-enable-default-sspβ zisetshenziswa ukuze kunikwe amandla ukwenza ngokungahleliwe kwesikhala sekheli samafayela asebenzisekayo (
Kumaphakheji abhalwe nge-C/C++, amafulegi engeziwe afakiwe
"-Wall", "-Werror=format-security", "-Wp,-D_FORTIFY_SOURCE=2", "-Wp,-D_GLIBCXX_ASSERTIONS" kanye "-fstack-clash-protection".
Amathuluzi omculo weziqukathi ahlinzekwa ngokuhlukene
Source: opennet.ru