I-Microsoft ikhiphe isibuyekezo sokusatshalaliswa kwayo kwe-Azure. Linux 3.0.20241203. Ukusatshalaliswa kuthuthukiswa njengeplatifomu eyisisekelo yomhlaba wonke Linux- izindawo ezisetshenziswa kwingqalasizinda yamafu, izinhlelo zomphetho, kanye nezinsizakalo ezahlukahlukene ze-Microsoft. Intuthuko eyimfihlo yale phrojekthi isatshalaliswa ngaphansi kwelayisensi ye-MIT. Ukwakhiwa kwamaphakheji kukhiqizwa kwezakhiwo ze-aarch64 kanye ne-x86_64. Usayizi wesithombe sokufakwa ungu-750 MB.
Phakathi kwezinguquko zenguqulo entsha:
- Isihlungi sephakethe le-iptables sishintshelwe kumiyalo yokucubungula ngokuhumusha imithetho ibe yi-nftables bytecode (ngokuzenzakalelayo, kusetshenziswa iphakheji ye-iptables-nft esikhundleni sefa le-iptables).
- Kuzinhlelo ze-Aarch64, kuhlongozwa iphakheji eyengeziwe ene-kernel-64k kernel, esebenzisa amakhasi amakhulu enkumbulo angama-64 KB ngosayizi (i-kernel ihlanganiswe nenketho ye-CONFIG_ARM64_64K_PAGES).
- Umphathi wephakheji we-tdnf (i-analogue ye-dnf esekelwe ku-C libs) wengeze usekelo lwesilungiselelo se-“installonlypkgs”, esisetshenziselwa ukuhlela ukufakwa kwe-kernel-64k kernel.
- Uma usebenzisa i-systemd-networkd, ukucutshungulwa kwe-livenet rootfs kusuka ku-Dracut kunikwe amandla.
- Kwengezwe umshayeli wama-adaptha enethiwekhi e-Intel Ethernet Connection E800.
- Ukusekelwa kolimi lwesi-Lua kwengezwe kusicubunguli selogi sebhithi eqephuzayo.
- Ukuqinisekiswa okunikwe amandla kwesiginesha yedijithali yezinhlamvu ezilayishwe ngendlela ye-kexec.
- Ukuze uthole ukwakhiwa kweziqukathi, esikhundleni sokuhlola ifayela elithi “/.dockerenv”, kusetshenziswa insiza ye-systemd-detect-virt.
- Izinguqulo ezibuyekeziwe zamaphakheji, kufaka phakathi i-kernel Linux 6.6.57, shim 15.8, SymCrypt 103.6.0, Valkey (Redis fork) 8.0.1, Go 1.23.3, MariaDB 10.11.10, PostgreSQL 16.5.
Ukusatshalaliswa kwe-Azure Linux Ihlinzeka ngesethi encane, ejwayelekile yamaphakheji ayisisekelo asebenza njengesisekelo esibanzi sokwakha izinhlaka zeziqukathi, izindawo zokusingatha, kanye nezinsizakalo ezisebenza ezingqalasizinda zamafu kanye namadivayisi asemaphethelweni. Izixazululo eziyinkimbinkimbi nezikhethekile zingadalwa ngokungeza amaphakheji engeziwe phezu kwe-Azure. Linux, kodwa isisekelo sazo zonke izinhlelo ezinjalo asikashintshi, okwenza kube lula ukugcinwa nokulungiswa kwezibuyekezo.
I-Azure Linux Isetshenziswa njengesisekelo sokusabalalisa okuncane kwe-WSLg, okunikeza izingxenye ze-graphics stack zokusebenzisa izinhlelo zokusebenza ze-GUI. Linux ezindaweni ezisekelwe ohlelweni olungaphansi lwe-WSL2 (Windows Uhlelo olungaphansi lwe Linux). Ukusebenza okwandisiwe ku-WSLg kwenziwa ngokufaka amaphakheji engeziwe anenhlanganisela iseva I-Weston, i-XWayland, i-PulseAudio kanye ne-FreeRDP.
I-systemd yomphathi wesistimu isetshenziselwa ukuphatha amasevisi nokuqalisa. I-RPM kanye nabaphathi bephakheji ye-DNF bahlinzekelwe ukuphathwa kwephakheji. Iseva ye-SSH ayivunyelwe ngokuzenzakalelayo. Ukuze ufake ukusatshalaliswa, kuhlinzekwa isifaki esingasebenza kuzo zombili izindlela zombhalo nezithombe. Isifaki sinikeza inketho yokufaka ngesethi egcwele noma eyisisekelo yamaphakheji, futhi sinikeza isixhumi esibonakalayo sokukhetha ukwahlukanisa kwediski, ukukhetha igama lomsingathi, nokudala abasebenzisi.
Uhlelo Lokwakha i-Azure Linux Ikuvumela ukuthi ukhiqize amaphakheji e-RPM ngamanye ngokusekelwe kumafayela e-SPEC kanye nekhodi yomthombo, kanye nezithombe zesistimu eyodwa ezakhiwe kusetshenziswa ithuluzi le-rpm-ostree futhi zibuyekezwe nge-athomu ngaphandle kokuzihlukanisa zibe amaphakheji ngamanye. Ngakho-ke, kusekelwa amamodeli amabili okulethwa kokuvuselelwa: ukubuyekeza amaphakheji ngamanye kanye nokwakha kabusha nokubuyekeza isithombe sonke sesistimu. Indawo yokugcina equkethe amaphakheji e-RPM akhiwe ngaphambilini angaba ngu-3000 iyatholakala, engasetshenziswa ukwakha izithombe ezenziwe ngokwezifiso ngokusekelwe kufayela lokucushwa.
Inkundla yesisekelo ihlanganisa kuphela izingxenye ezibalulekile futhi ilungiselelwe inkumbulo encane kanye nokusetshenziswa kwesikhala sediski, kanye nesivinini sokulayisha esiphezulu. Iphrojekthi isebenzisa indlela “yokuphepha okukhulu ngokuzenzakalelayo”, ebandakanya ukufakwa kwezindlela ezahlukahlukene ezengeziwe zokwandisa ukuphepha:
- Ukuhlunga amakholi wesistimu kusetshenziswa indlela ye-seccomp.
- Ukubethela kwama-disk partitions.
- Ukuqinisekiswa kwamaphakheji ngesiginesha yedijithali.
- Bhekana nokungahleliwe kwesikhala.
- Ukuvikelwa ekuhlaselweni kwe-symlink, mmap, /dev/mem kanye /dev/kmem.
- Imodi yokufunda kuphela kanye nokwenqabela ukusetshenziswa kwekhodi ezindaweni zememori eziqukethe amasegimenti ane-kernel nedatha yemojula.
- Inketho yokukhubaza ukulayisha amamojula e-kernel ngemva kokuqaliswa kwesistimu.
- Ukusebenzisa ama-iptable ukuhlunga amaphakethe enethiwekhi.
- Nika amandla izindlela zokuvikela ngokumelene nokuchichima kwesitaki, ukuchichima kwebhafa, nezinkinga zokufometha kweyunithi yezinhlamvu phakathi nokwakhiwa (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Source: opennet.ru
