I-Microsoft ishicilele ukukhishwa kokusabalalisa kwe-CBL-Mariner 1.0 (Common Base Linux Mariner), okumakwe njengokukhululwa kokuqala okuzinzile kwephrojekthi. Ukusatshalaliswa kwe-CBL-Mariner kuthuthukiswa njengenkundla eyisisekelo yendawo yonke yezindawo ze-Linux ezisetshenziswa kungqalasizinda yamafu, izinhlelo ezisemaphethelweni kanye nezinsizakalo ezahlukahlukene ze-Microsoft. Le phrojekthi ihloselwe ukuhlanganisa izixazululo ze-Microsoft Linux nokwenza lula ukugcinwa kwamasistimu e-Linux ngezinjongo ezihlukahlukene kusesikhathini samanje. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-MIT.
Ukusabalalisa kunikeza isethi encane evamile yamaphakheji ayisisekelo asebenza njengesisekelo somhlaba wonke sokudala okuqukethwe kweziqukathi, izindawo zokusingatha kanye nezinsizakalo ezisebenza kungqalasizinda yamafu kanye namadivayisi asemaphethelweni. Izixazululo eziyinkimbinkimbi nezikhethekile zingadalwa ngokungeza amaphakheji engeziwe phezu kwe-CBL-Mariner, kodwa isisekelo sazo zonke izinhlelo ezinjalo zihlala zifana, okwenza ukugcinwa nokuvuselela kube lula.
Isibonelo, i-CBL-Mariner isetshenziswa njengesisekelo sokusabalalisa okuncane kwe-WSLg, ehlinzeka ngezingxenye zesitaki sezithombe zokuqalisa izinhlelo zokusebenza ze-Linux GUI endaweni esekelwe ohlelweni olungaphansi lwe-WSL2 (Windows Subsystem for Linux). Umnyombo walokhu kusatshalaliswa awushintshile, futhi ukusebenza okunwetshiwe kubonakala ngokufakwa kwamaphakheji engeziwe neseva eyinhlanganisela ye-Weston, XWayland, PulseAudio kanye ne-FreeRDP.
Uhlelo lokwakha lwe-CBL-Mariner likuvumela ukuthi ukhiqize womabili amaphakheji e-RPM angawodwana asekelwe kumafayela e-SPEC nekhodi yomthombo, kanye nemifanekiso yesistimu ye-monolithic ekhiqizwa kusetshenziswa ikhithi yamathuluzi ye-rpm-ostree futhi ibuyekezwa nge-athomu ngaphandle kokuhlukaniswa ngamaphakheji ahlukene. Ngokufanelekile, amamodeli amabili okulethwa kwesibuyekezo ayasekelwa: ngokubuyekeza amaphakheji angawodwana nangokwakha kabusha nokubuyekeza lonke isithombe sohlelo. Ukusabalalisa kuhlanganisa kuphela izingxenye ezidingekayo kakhulu futhi kulungiselelwe inkumbulo encane kanye nokusetshenziswa kwesikhala sediski, kanye nesivinini esikhulu sokulayisha. Ukusatshalaliswa kuphinde kuphawuleke ngokufakwa kwezindlela ezahlukahlukene ezengeziwe zokuthuthukisa ezokuphepha.
Iphrojekthi ithatha indlela "yokuphepha okuphezulu ngokuzenzakalelayo". Kungenzeka ukuhlunga amakholi wesistimu usebenzisa indlela ye-seccomp, ukubethela izingxenye zediski, futhi uqinisekise amaphakheji usebenzisa isiginesha yedijithali. Esigabeni sokwakha, ukuvikela ekuchichimeni kwesitaki, ukuchichima kwebhafa, nezinkinga zokufometha kweyunithi yezinhlamvu kunikwa amandla ngokuzenzakalela (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro). Amakheli we-space randomization mode asekelwa ku-Linux kernel ayasebenza, kanye nezindlela zokuvikela ekuhlaselweni kwe-symlink, mmap, /dev/mem kanye /dev/kmem. Izindawo zememori eziqukethe amasegmenti ane-kernel nedatha yemojuli zisethwe kumodi yokufunda kuphela futhi ukusebenzisa ikhodi kuvinjelwe. Ongakukhetha ukukhubaza ukulayisha amamojula e-kernel ngemva kokuqaliswa kwesistimu. Ikhithi yamathuluzi ye-iptables isetshenziselwa ukuhlunga amaphakethe enethiwekhi.
Izithombe ze-ISO ezenziwe ngaphambilini azinikeziwe. Kucatshangwa ukuthi umsebenzisi angakha isithombe ngokuzigcwalisa okudingekayo ngokwakhe (imiyalo yomhlangano inikezwe Ubuntu 18.04). Inqolobane yamaphakheji e-RPM akhiwe ngaphambilini iyatholakala, ongayisebenzisa ukuze wakhe izithombe zakho ngokusekelwe kufayela lokumisa. Indawo yokugcina inikeza amaphakheji angaba ngu-3300. Isibonelo, ukuze wakhe isithombe esigcwele se-iso, vele ugijime: git clone https://github.com/microsoft/CBL-Mariner.git cd CBL-Mariner/toolkit sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs /okugcwele .json
I-systemd yomphathi wesistimu isetshenziselwa ukuphatha amasevisi nokuqalisa. Ngokuphathwa kwephakheji, abaphathi bephakheji i-RPM ne-DNF (okuhlukile kwe-tdnf kusuka ku-vmWare) bayanikezwa. Iseva ye-SSH ayivuli ngokuthula. Ukuze ufake ukusatshalaliswa, kuhlinzekwa isifaki esingasebenza kuzo zombili izindlela zombhalo nezithombe. Isifaki sinikeza inketho yokufaka ngesethi egcwele noma eyisisekelo yamaphakheji, futhi sinikeza isixhumi esibonakalayo sokukhetha ukwahlukanisa kwediski, ukukhetha igama lomsingathi, nokudala abasebenzisi.
Source: opennet.ru