IMicrosoft ivuliwe esanda kukhipha isibuyekezo sokuqala esizinzile se igatsha elisha lokusabalalisa kwakho kwe-Linux "I-CBL-Mariner 2.0" (I-Common Base Linux Mariner), esakhiwa njengenkundla eyisisekelo yendawo yonke yezindawo ze-Linux ezisetshenziswa kungqalasizinda yamafu, izinhlelo ezisemaphethelweni, kanye nezinsizakalo ezahlukahlukene ze-Microsoft.
Le phrojekthi ihlose ukuhlanganisa izixazululo ze-Linux ezisetshenziswa kwa-Microsoft nokwenza lula ukunakekelwa kwamasistimu e-Linux ngezinjongo ezihlukahlukene kuze kube manje. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-MIT.
Mayelana ne-CBL-Mariner
Kulabo abangazi nge-CBL-Mariner, kufanele wazi ukuthi lokhu kusatshalaliswa ibonakala ngokuhlinzeka isethi encane ejwayelekile yamaphakheji ayisisekelo asebenza njenge isisekelo somhlaba wonke sokwakha iziqukathi, izindawo zokubamba, kanye nezinsizakalo ezisebenza kungqalasizinda yamafu namadivayisi onqenqema.
Izixazululo eziyinkimbinkimbi nezikhethekile zingadalwa ngokungeza amaphakheji engeziwe ku-CBL-Mariner, kodwa isisekelo sazo zonke lezi zinhlelo sihlala sinjalo, okwenza kube lula ukunakekela kanye nokulungiselela ukuthuthukiswa. Ngokwesibonelo, I-CBL-Mariner isetshenziswa njengesisekelo sokusabalalisa okuncane kwe-WSLg, esihlinzeka ngezingxenye zesitaki sezithombe zokuqalisa izinhlelo zokusebenza ze-Linux GUI ezindaweni ezisuselwe kusistimu engaphansi ye-WSL2 (Windows Subsystem for Linux). Ukusebenza okunwetshiwe ku-WSLg kwenziwa ngokufaka amaphakheji engeziwe ane-Weston Composite Server, i-XWayland, i-PulseAudio, ne-FreeRDP.
Isistimu yokwakha ye-CBL-Mariner ikuvumela ukuthi ukhiqize amaphakheji e-RPM azimele ngokusekelwe kumthombo kanye namafayela e-SPEC, kanye nemifanekiso yesistimu ye-monolithic ekhiqizwe ngekhithi yamathuluzi ye-rpm-ostree futhi ibuyekezwa nge-athomu ngaphandle kokuhlukaniswa ngamaphakheji ahlukene. Ngakho-ke, amamodeli amabili okuletha isibuyekezo ayasekelwa: ngokubuyekeza amaphakheji angawodwana nangokwakha kabusha nokubuyekeza lonke isithombe sohlelo. Indawo yokugcina iyatholakala enama-RPM angaba ngu-3000 kakade akhiwe ongawasebenzisa ukuze wakhe izithombe zakho ngokusekelwe kufayela lokumisa.
Ukusatshalaliswa ihlanganisa kuphela izingxenye ezidingekayo kakhulu futhi ilungiselelwe inkumbulo encane kanye nokusetshenziswa kwesikhala sediski, kanye nesivinini sokulanda esiphezulu. Ukusabalalisa kuphinde kugqame ngokufaka izindlela zokuphepha ezimbalwa ezengeziwe.
Iphrojekthi isebenzisa indlela "yokuphepha okuphezulu ngokuzenzakalelayo". Inikeza amandla okuhlunga amakholi wesistimu kusetshenziswa indlela ye-seccomp, ukubethela ukwahlukaniswa kwediski, nokuqinisekisa amaphakethe usebenzisa amasiginesha edijithali.
Izindlela ze-randomization yesikhala sekheli ezisekelwa ku-Linux kernel ziyenziwa zisebenze, kanye nezindlela zokuvikela ekuhlaselweni okuhlobene nezixhumanisi ezingokomfanekiso, mmap, /dev/mem kanye /dev/kmem. Ezindaweni zememori eziqukethe amasegmenti ane-kernel nedatha yemojuli, imodi isethelwe kukufunda kuphela futhi ukusetshenziswa kwekhodi akuvunyelwe.
Okutholakalayo ngokuzithandela yikhono lokukhubaza ukulayishwa kwamamojula e-kernel ngemva kokuqaliswa kwesistimu. Ikhithi yamathuluzi ye-iptables isetshenziselwa ukuhlunga amaphakethe enethiwekhi. Ngokuzenzakalelayo, isinyathelo sokwakha sinika amandla izindlela zokuvikela ngokumelene nokuchichima kwesitaki, ukuchichima kwebhafa, nezinkinga zokufometha kweyunithi yezinhlamvu (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Umphathi wohlelo i-systemd isetshenziselwa ukuphatha izinsiza nokuqalisa. I-RPM kanye nabaphathi bephakheji ye-DNF bahlinzekelwe ukuphathwa kwephakheji.
Yini entsha ku-CBL-Mariner 2.0
Uhlobo olusha ivelele ekuthuthukisweni okukhulu kwezinguqulo zesofthiwe, lokhu kufaka phakathi izinguqulo ezibuyekeziwe ze-linux kernel 5.15, systemd 250, glibc 2.35, gcc 11.2, clang 12, python 3.9, ruby 3.1.2, rpm 4.17, qemu 6.1, perl 5.34, ostree 2022.1.
Ngaphezu kwalokhu, kuyaphawulwa ukuthi inqolobane eyisisekelo ihlanganisa izingxenye zokwakha isixhumi esibonakalayo sesithombe, njenge-Wayland 1.20, Mesa 21.0, GTK 3.24, kanye ne-X.Org Server 1.20.10, ezake zathunyelwa endaweni yokugcina ye-coreui ehlukile.
Kuphinde kuqashelwe ukuthi i-kernel yakha ngama-patches we-PREEMPT_RT yengeziwe ukuze isetshenziswe kumasistimu wesikhathi sangempela.
Okokugcina kulabo abanentshisekelo, kufanele wazi ukuthi ukwakhiwa kwephakheji kwenzelwa i-architectures aarch64 futhi x86_64.
Iseva I-SSH ayivunyelwe ngokuzenzakalelayo. Ukuze ufake ukusatshalaliswa, isifaki sinikezwa esingasebenza kuzo zombili izindlela zombhalo nezithombe.
Isifaki sinikeza ikhono lokufaka ngesethi egcwele noma eyisisekelo yamaphakheji, inikeza isixhumi esibonakalayo sokukhetha ukwahlukanisa kwediski, ukukhetha igama lomethuleli, nokudala abasebenzisi.