I-Microsoft ishicilele isibuyekezo sekhithi yokusabalalisa i-CBL-Mariner 2.0.20221029 (Common Base Linux Mariner), esakhiwa njengenkundla eyisisekelo yendawo yonke yezindawo ze-Linux ezisetshenziswa kungqalasizinda yamafu, izinhlelo ezisemaphethelweni kanye nezinsiza ezihlukahlukene ze-Microsoft. Le phrojekthi ihloselwe ukuhlanganisa izixazululo ze-Microsoft Linux nokwenza lula ukugcinwa kwamasistimu e-Linux ngezinjongo ezihlukahlukene kusesikhathini samanje. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-MIT. Amaphakheji akhiqizelwa izakhiwo ze-aarch64 kanye ne-x86_64. Isithombe se-ISO esivulelekayo silungiselelwe (1.1 GB) sezakhiwo ze-x86_64.
Enguqulweni entsha:
- Izinguqulo zephakheji ezibuyekeziwe, okuhlanganisa ukukhishwa okuhlongozwayo kwe-Linux kernel 5.15.74, PHP 8.1.11, nodejs 16.17.1, cassandra 4.0.7, dbus 1.15.2, expat 2.5.0, mysql 8.0.31, terraform.1.32.2, tidy5.8.0, tidy 3.4.16. 1.22.1, wireshark XNUMX, nginx XNUMX.
- Kwengezwe amaphakheji amasha cairomm 1.12.0, cpptest 1.1.2, k-exec-tools, kernel-drivers-gpu, libcroco 0.6.13, python-google-auth-oauthlib, sgx-backwards-compatability.
- Amamojula afakiwe okushintsha i-algorithm yokulawula ukuminyana kwe-TCP (TCP Congestion).
- Ukulungiswa kokuba sengozini kuyiswe ku-libtar, unbound, aspell, libtiff, redis, livepatch, libtasn1, PHP, nodejs, dbus, expat, mod_wsgi, wireshark, nginx, mysql, terraform amaphakheji.
Ukusabalalisa kwe-CBL-Mariner kunikeza isethi encane evamile yamaphakheji ayisisekelo asebenza njengesisekelo somhlaba wonke sokudala okuqukethwe kweziqukathi, izindawo zokusingatha kanye nezinsizakalo ezisebenza kungqalasizinda yamafu nakumadivayisi asemaphethelweni. Izixazululo eziyinkimbinkimbi nezikhethekile zingadalwa ngokungeza amaphakheji engeziwe phezu kwe-CBL-Mariner, kodwa isisekelo sazo zonke izinhlelo ezinjalo zihlala zifana, okwenza ukugcinwa nokuvuselela kube lula. Isibonelo, i-CBL-Mariner isetshenziswa njengesisekelo sokusabalalisa okuncane kwe-WSLg, ehlinzeka ngezingxenye zesitaki sezithombe zokuqalisa izinhlelo zokusebenza ze-Linux GUI endaweni esekelwe ohlelweni olungaphansi lwe-WSL2 (Windows Subsystem for Linux). Ukusebenza okunwetshiwe ku-WSLg kubonakala ngokufaka amaphakheji engeziwe ne-Weston Composite Server, i-XWayland, i-PulseAudio ne-FreeRDP.
Uhlelo lokwakha lwe-CBL-Mariner likuvumela ukuthi ukhiqize womabili amaphakheji e-RPM angawodwana asekelwe kumafayela e-SPEC nekhodi yomthombo, kanye nezithombe zesistimu ye-monolithic ezikhiqizwe kusetshenziswa ikhithi yamathuluzi ye-rpm-ostree futhi ibuyekezwa nge-athomu ngaphandle kokuhlukaniswa ngamaphakheji ahlukene. Ngokufanelekile, amamodeli amabili okulethwa kwesibuyekezo ayasekelwa: ngokubuyekeza amaphakheji angawodwana nangokwakha kabusha nokubuyekeza lonke isithombe sohlelo. Inqolobane yamaphakeji e-RPM akhiwe ngaphambilini angaba ngu-3000 ayatholakala ongawasebenzisa ukuze wakhe izithombe zakho ngokusekelwe kufayela lokumisa.
Ukusabalalisa kuhlanganisa kuphela izingxenye ezidingekayo kakhulu futhi kulungiselelwe inkumbulo encane kanye nokusetshenziswa kwesikhala sediski, kanye nesivinini esikhulu sokulayisha. Ukusatshalaliswa kuphinde kuphawuleke ngokufakwa kwezindlela ezahlukahlukene ezengeziwe zokuthuthukisa ezokuphepha. Iphrojekthi ithatha indlela "yokuphepha okuphezulu ngokuzenzakalelayo". Kungenzeka ukuhlunga amakholi wesistimu usebenzisa indlela ye-seccomp, ukubethela izingxenye zediski, futhi uqinisekise amaphakheji usebenzisa isiginesha yedijithali.
Amakheli we-space randomization mode asekelwa ku-Linux kernel ayasebenza, kanye nezindlela zokuvikela ekuhlaselweni kwe-symlink, mmap, /dev/mem kanye /dev/kmem. Izindawo zememori eziqukethe amasegmenti ane-kernel nedatha yemojuli zisethwe kumodi yokufunda kuphela futhi ukusebenzisa ikhodi kuvinjelwe. Ongakukhetha ukukhubaza ukulayisha amamojula e-kernel ngemva kokuqaliswa kwesistimu. Ikhithi yamathuluzi ye-iptables isetshenziselwa ukuhlunga amaphakethe enethiwekhi. Esigabeni sokwakha, ukuvikela ekuchichimeni kwesitaki, ukuchichima kwebhafa, nezinkinga zokufometha kweyunithi yezinhlamvu kunikwa amandla ngokuzenzakalela (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
I-systemd yomphathi wesistimu isetshenziselwa ukuphatha amasevisi nokuqalisa. I-RPM kanye nabaphathi bephakheji ye-DNF bahlinzekelwe ukuphathwa kwephakheji. Iseva ye-SSH ayivunyelwe ngokuzenzakalelayo. Ukuze ufake ukusatshalaliswa, kuhlinzekwa isifaki esingasebenza kuzo zombili izindlela zombhalo nezithombe. Isifaki sinikeza inketho yokufaka ngesethi egcwele noma eyisisekelo yamaphakheji, futhi sinikeza isixhumi esibonakalayo sokukhetha ukwahlukanisa kwediski, ukukhetha igama lomsingathi, nokudala abasebenzisi.
Source: opennet.ru