Bottlerocket 1.15.0 yakatoburitswa uye aya ndiwo maitiro ayo matsva

Darkcrizt

4 maminitsi

bottlerocket

Bottlerocket ndeye yemahara uye yakavhurika sosi Linux-yakavakirwa sisitimu yekushandisa yakagadzirirwa kubata midziyo.

The kuburitswa kweshanduro nyowani yeBottlerocket 1.15.0, shanduro umo shanduko dzakasiyana-siyana, kuvandudzwa uye, pamusoro pezvose, zvigadziridzo kune zvakasiyana-siyana zvepakeji zvakashandiswa, kunze kwekuti kubva pane iyi shanduro zvichienda mberi, kutsigirwa kwebhoti yakachengeteka ikozvino kunopiwa pamapuratifomu anoshandisa UEFI boot, pakati zvimwe zvinhu.

Kune avo vasingazive nezveBottlerocket, iwe unofanirwa kuziva izvi ndiko kugovera kunopa indivisible system image atomic uye otomatiki yakagadziridzwa iyo inosanganisira iyo Linux kernel uye idiki system nharaunda inosanganisira chete zvinhu zvinodikanwa kumhanyisa midziyo.

Nzvimbo inoshandisa systemd system maneja, Glibc raibhurari, iyo Buildroot yekuvaka chishandiso, iyo GRUB boot loader, mudziyo-yakasarudzika mudziyo runtime, Kubernetes mudziyo orchestration chikuva, aws-iam authenticator, uye Amazon ECS mumiriri.

Musiyano wakakosha kubva pakugovera kwakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kutariswa pakupa kuchengetedzwa kwakanyanya muchirevo chekusimbisa kuchengetedzwa kwehurongwa kubva kune zvinogona kutyisidzira, izvo zvinokanganisa kushandiswa kwehutera muzvikamu zvehutano hwekushanda uye kuwedzera kuparadzaniswa kwemudziyo.

Main nyowani maficha eBottlerocket 1.15.0

Muiyi vhezheni itsva yeBottlerocket 1.15.0 inoratidzwa, nhamba huru yezvigadziriso yakaitwa, iyo iyo Linux kernel, iyo yakagadziridzwa kune shanduro 6.1, systemd iyo yakagadziridzwa ku shanduro 252, nvidia-container-toolkit kusvika 1.13.5, yakaiswa kune shanduro 1.6.23, glibc kune shanduro 2.38, pakati pezvimwe.

Nezve shanduko yemukati iyo iyi vhezheni yeBottlerocket 1.15.0 inopa, iyo rutsigiro rwekuchengetedza boot mukati mapuratifomu anoshandisa U bootEFI, systemd-networkd uye systemd-yakagadziriswa kune host network uye XFS senge faira system yekuchengetedza yemuno yezvigadziriso zvitsva. Zvakakodzera kuti titaure kuti aya maficha anogoneswa nekusarudzika pane kuisirwa kutsva uye kuti iripo yekumisikidza icharamba ichishandisa kernels dzekare, dzakaipa kune network network, uye EXT4 seyo faira system yekuchengetedza yemuno.

Pamusoro peizvi, sarudzo nyowani dzekugovera dzakakurudzirwa ne rutsigiro rweKubernetes 1.28, iyo inoshandisa UEFI Yakachengeteka Boot, systemd-networkd uye XFS, iyo ikozvino isingachashandi kutsigirwa kweshanduro yakavakirwa pane yapfuura Kubernetes 1.27.

Dzimwe shanduko dzakamira mushanduro itsva iyi idzo yakawedzera "apclient report" kuraira kugadzira chirevo cheCIS (Internet Security Center) inoongorora kuchengetedzeka kwekugadziriswa. Mumiririri anosanganisirwawo kuona kuti system inotevedzera zvinodiwa neCIS.

Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni:

  • Iyo SeccompDefault yekumisikidza yakawedzerwa kune akasiyana zvichienderana neKubernetes 1.25 uye nyowani.
  • Yakawedzera aws-iam-authenticator kune k8s akasiyana
  • Izvo zviri mukati meiyo control uye manejimendi midziyo yakagadziridzwa.
  • Resource muganho marongero akawedzerwa kune yakasarudzika kumisikidzwa yeOCI midziyo.
  • Intel VMD mutyairi akagoneswa
  • Mutsara mutsva wekugovera "aws-ecs-2" unotarisirwa kuAmazon Elastic Container Service (Amazon ECS), inoshandisa UEFI Secure Boot, systemd-networkd, uye XFS.
  • Yese Amazon ECS kugovera ikozvino inosanganisira rutsigiro rweAppMesh.
  • Iyo "simbi-*" yekugovera akasiyana (Bare Metal, kumhanya pane yakajairika hardware) inosanganisira Intel VMD mutyairi uye wedzera linux-firmware uye aws-iam-authenticator mapakeji.
  • Bottlerocket SDK v0.34.1 Update
  • Twoliter inoshandiswa kubvumira kushanda pakuvaka kunze kwemuti. Maturusi mazhinji akatamira kuTwoliter
  • Chengetedza concurrency chete paunenge uchigadzira RPM

Chekupedzisira asi chisiri chidiki, zvakataurwa zvakare kuti mashandiro ekushandisa chigamba chelog4j (CVE-2021-44228) akabviswa umo inowirirana configuration, settings.oci-hooks.log4j-hotpatch-enabled ichiri kuwanikwa yekudzokera kumashure. kugarisana. Nekudaro, haina mhedzisiro kunze kwekudhinda yambiro yekudzikisira mumarogi ehurongwa.

pakupedzisira kana uri kuda kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako