CBL-Mariner, kugoverwa kweLinux kuseri kweWSL, Azure uye zvimwe zvigadzirwa zveMicrosoft

Munguva pfupi yapfuura Microsoft yakaburitsa yekutanga yakagadzikana vhezheni yayo yekuparadzira Linux "CBL-Mariner 1.0" (Common Base Linux) chinova chigadzirwa cheMicrosoft icho chinoshandiswa mukati megore uye zvimwe zvinodiwa zvebhizinesi zvekambani.

Saizvozvo CBL-Mariner kwete kugoverwa kwechinangwa senge chero imwe yataizove nayo mupfungwa (seUbuntu kana Fedora) kunyange iri yakavhurwa sosi y iri kutoshandiswa nemaitiro akaita saWinows Subsystem yeLinux (WSL), Azure Sphere OS, SONiC uye mamwe maLinux-based.

Ichi ndizvo izvo Juan Manuel Rey, nhengo yechikwata cheAzure, anogovera pablog rake, Inojekesa kuti kugovera uku kunonzi CBL-Mariner kunoitirwa kushandiswa kwemukati kugadzira zvigadzirwa nemasevhisi mugore.

Mune yako posvo, iwe unodudza:

CBL-Mariner inotevera chirevo chekuchengeteka nekutadza, mazhinji maficha ehurongwa hwekushanda akagadzirwa aine kusimbisa kwekuchengetedza. Iyo inouya neyakaomeswa kernel, yakasainwa inogadziridzwa, ASLR, compiler-based kuomesa, uye kukanganisa tamper-proof marejista, pakati pezvakawanda maficha.

Iyo purojekiti inovavarira kubatanidza mhinduro dzeLinux dzinoshandiswa muMicrosoft uye kurerutsa kugadziriswa kweLinux masisitimu ezvinangwa zvakasiyana kusvika zvino. Zvese software matekinoroji mune ino tsika anosunungurwa pasi peMIT rezinesi.

Kugovera kwacho kunoshamisa, sezvo pInopa yakajairwa diki seti yemapakeji ekutanga anoita seyakajairika hwaro hwekugadzira mudziyo uzadze, inomiririra nharaunda nemasevhisi anomhanyisa pane zvigadzirwa zvegore uye zvishandiso zvemupendero. Mimwe mhinduro dzakaomarara uye dzakasarudzika dzinogona kugadzirwa nekuwedzera mamwe mapakeji pamusoro peCBL-Mariner, asi hwaro hwese eaya masisitimu anoramba asina kuchinjika, zvichirerutsa kugadzirisa uye kugadzirira kusimudzira.

CBL-Mariner kuvaka system inobvumidza kuburitsa yakaparadzana RPM mapakeji zvichibva pamafaera eESEC uye makodhi sosi, uye monolithic system mifananidzo inogadzirwa ichishandisa rpm-ostree toolkit uye yakagadziridzwa nemaatomiki isina kupatsanurwa akapatsanurwa mapakeji, pamwe zvakare mhinduro dzakaomarara uye dzakasarudzika dzinogona kugadzirwa nekuwedzera mamwe mafuta muSVL-Mariner, asi hwaro hwenguva dzose idzi

Maviri ekuvandudza mamodheru anotsigirwa: kugadzirisa chete mapakeji ega uye kumhanya uye kugadzirisa iyo yese system mufananidzo. 

Kuti ushandise iyo "maximum security by default" nzira. Izvo zvinokwanisika kusefa sisitimu yekufona nerubatsiro rweiyo sensor mashini, encrypt zvikamu zve diski, simbisa mapassword nesiginicha yavo yedhijitari uye nezvimwe zvakawanda. 

Nekutadza, nzira dzekudzivirira pakurwadzisa madziro, buffer kufashukira uye kushomeka kweiyo fomati peji. Iyo kero nzvimbo randomization modes inotsigirwa neLinux kernel inogoneswa, pamwe nenzira dzakasiyana dzekudzivirira pakurwisa kwakabatana nezviratidzo zvekufananidza, mmap, / dеv / mem, uye / dеv / kmеm.

Maitiro ekuisa Microsoft CBL-Mariner?

Kune avo vanofarira kudzidza zvakawanda nezve CBL-Mariner, vanofanirwa kuziva izvozvo vanogona kuvaka yavo pachezvayo kubva kuUbuntu kana chero kugoverwa kweLinux, chete mune ino kesi isu ticha tora iwo ma rairo ekugadzira iyo mufananidzo muUbuntu.

Kuti uite izvi kutanga, isu tinofanirwa kukurudzira zvimwe zvinotarisirwa izvo isu tichafanirwa kuvaka iyo ISO mufananidzo:

sudo apt install make tar wget curl rpm qemu-utils golang-go genisoimage python2-minimal bison gawk

Iye zvino tinoenderera mberi nekuwana kodhi kubva kuCBL-Mariner:

git clone https://github.com/microsoft/CBL-Mariner.git

Uye ikozvino isu tichafanirwa kupinda iyo CBL-Mariner / toolkit dhairekitori uye kugadzira iyo yekuisa ISO mufananidzo.

cd CBL-Mariner/toolkit
sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

Pakupedzisira, tinogona kuwana iyo ISO faira mune dhairekitori ../out/images/full/. Nemufananidzo wesystem wakagadzirwa, tinogona kuyedza system pamushini chaiwo, kungave neVirtualBox, VMWare, Mabhokisi kana chero chaunoda.

Chinhu chega chaunofanirwa kugadzirisa mumuchina chaiwo ndechekuti ine 2GB ye RAM, yepakati uye 16GB yekuchengetedza.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

bool (chokwadi)