I-Bottlerocket 1.15.0 isivele ikhishiwe futhi lezi izici zayo ezintsha

OkuhleKubuyekezwe ngomhla ka-

Akunazwana

I-Bottlerocket

I-Bottlerocket iwumthombo wamahhala futhi ovulekile wesistimu yokusebenza esekelwe ku-Linux ehloselwe ukusingatha iziqukathi.

I ukukhishwa kwenguqulo entsha ye-Bottlerocket 1.15.0, inguqulo lapho izinguquko ezihlukahlukene, ukuthuthukiswa kanye, ngaphezu kwakho konke, ukubuyekezwa kwamaphakheji esistimu ahlukene kuye kwaqaliswa, ngaphezu kweqiniso lokuthi kusukela kule nguqulo kuya phambili, ukusekelwa kwe-boot evikelekile manje kunikezwa kumapulatifomu asebenzisa i-UEFI boot, phakathi ezinye izinto.

Kulabo abangazi nge-Bottlerocket, kufanele ukwazi ukuthi lokhu ukusatshalaliswa okunikeza isithombe sesistimu esingahlukaniseki ibuyekezwa nge-athomu nangokuzenzakalelayo ehlanganisa i-Linux kernel kanye nemvelo encane yesistimu ehlanganisa kuphela izingxenye ezidingekayo ukuze kusetshenziswe iziqukathi.

Imvelo isebenzisa isiphathi sesistimu ye-systemd, umtapo wezincwadi we-Glibc, ithuluzi lokwakha le-Buildroot, isilayishi sebhuthi se-GRUB, isikhathi sokusebenza sesiqukathi esingasodwana, inkundla ye-orchestration ye-Kubernetes, isiqinisekisi se-aws-iam, kanye ne-ejenti ye-Amazon ECS.

Umehluko oyinhloko kusukela ekusabalaliseni okufanayo njengeFedora CoreOS, CentOS / Red Hat Atomic Host ukugxila okuyinhloko ekuhlinzekeni ukuvikeleka okuphezulu kumongo wokuqinisa ukuvikelwa kwesistimu ngokumelene nezinsongo ezingase zibe khona, okwenza kube nzima ukuxhashazwa kobungozi ezingxenyeni zesistimu yokusebenza futhi kwandise ukuhlukaniswa kwesiqukathi.

Izici ezintsha eziyinhloko zeBottlerocket 1.15.0

Kule nguqulo entsha ye-Bottlerocket 1.15.0 eyethulwa, kusetshenziswe inani elikhulu lezibuyekezo, okuthi kuzo I-Linux kernel, ebuyekezwe kunguqulo 6.1, i-systemd ebuyekezelwe ku- inguqulo 252, i-nvidia-container-toolkit ukuya ku-1.13.5, ifakwe enguqulweni engu-1.6.23, i-glibc ibe yinguqulo 2.38, phakathi kokunye.

Mayelana nezinguquko zangaphakathi ezinikezwa yile nguqulo ye-Bottlerocket 1.15.0, i ukusekelwa kwe-boot evikelekile amapulatifomu asebenzisa i-U bootI-EFI, i-systemd-networkd ne-systemd-resolved kumanethiwekhi okusingatha kanye I-XFS njengesistimu yefayela yokugcina indawo ukufakwa okusha. Kuhle ukusho ukuthi lezi zici zinikwa amandla ngokuzenzakalela ekufakweni okusha nokuthi ukufakwa okukhona kuzoqhubeka nokusebenzisa izikhwebu ezindala, ezimbi kumanethiwekhi osokhaya, kanye ne-EXT4 njengohlelo lwefayela lokulondoloza kwendawo.

Ngaphezu kwalokhu, kuphakanyiswe izinketho ezintsha zokusabalalisa nge ukusekelwa kwe-Kubernetes 1.28, abasebenzisa i-UEFI Secure Boot, systemd-networkd kanye ne-XFS, manje eyisisetshenziswa esiphelelwe yisikhathi sezinguqulo esisekelwe ku-Kubernetes 1.27 yangaphambilini.

Ezinye izinguquko ezigqamayo kule nguqulo entsha yilezo wengeze umyalo othi "umbiko wekhasimende" ukuze ukhiqize umbiko we-CIS (Isikhungo Sokuphepha Se-inthanethi) esihlola ukuphepha kokucushwa. I-ejenti iphinde ifakwe ukuze kuqinisekiswe ukuthobela kwesistimu nezimfuneko ze-CIS.

Kwezinye izinguquko okuvelele kule nguqulo entsha:

  • Ukulungiselelwa kwe-SeccompDefault kwengezwe kokuhlukile okusekelwe ku-Kubernetes 1.25 nakamuva.
  • Kwengezwe i-aws-iam-authenticator kokuhlukile kwe-k8s
  • Okuqukethwe kweziqukathi zokulawula nezokuphatha kubuyekeziwe.
  • Izilungiselelo zomkhawulo wensiza zengezwe ekucushweni okuzenzakalelayo kweziqukathi ze-OCI.
  • Umshayeli we-Intel VMD unikwe amandla
  • Kuhlongozwa ukwahluka okusha kokusabalalisa okuthi "aws-ecs-2" ku-Amazon Elastic Container Service (Amazon ECS), esebenzisa i-UEFI Secure Boot, systemd-networkd, kanye ne-XFS.
  • Konke ukusatshalaliswa kwe-Amazon ECS manje kufaka ukusekelwa kwe-AppMesh.
  • Izinhlobonhlobo zokusabalalisa ze-“metal-*” (I-Bare Metal, ezosebenza ku-hardware evamile) zifaka umshayeli we-Intel VMD futhi wengeze amaphakheji e-linux-firmware kanye ne-aws-iam-authenticator.
  • I-Bottlerocket SDK v0.34.1 Buyekeza
  • I-Twoliter isetshenziselwa ukuvumela ukusebenza ekwakhiweni ngaphandle kwesihlahla. Amathuluzi amaningi athuthelwe ku-Twoliter
  • Khawulela ukuvumelana kuphela uma udala i-RPM

Okokugcina, kuphinde kushiwo ukuthi ukusebenza kokufaka isichibi se-log4j (CVE-2021-44228) kususiwe lapho ukucushwa okuhambisanayo, izilungiselelo.oci-hooks.log4j-hotpatch-enabled kusatholakala khona ukuya emuva. ukuhambisana. Nokho, ayinawo umthelela ngaphandle kokuphrinta isexwayiso sokuhoxiswa kulogi lwesistimu.

ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.