Azure Linux is an internal Linux distribution for Microsoft's cloud infrastructure and edge products and services.
After more than 3 years, CBL-Mariner, the Linux distribution that Microsoft has been working on, has presented an important change, and that is that Microsoft has made the decision to rename its CBL-Mariner distribution to Azure Linux.
And it is worth remembering that previously, the name Azure Linux partnered with a specialized build for Azure Kubernetes Service (AKS), while the general platform for creating distributions was known as CBL-Mariner (Common Base Linux Mariner).
Recently, Microsoft renamed the repository from CBL-Mariner to Azure Linux, changed the names of the utilities and updated the Azure Linux documentation to reflect these changes. As a result, the first version of the platform was released with the new name: Azure Linux 2.0.20240301, which includes bug fixes and vulnerabilities accumulated in previous versions.
The goal main reason for this change is unify Microsoft Linux solutions and simplify maintenance of Linux systems for various updated purposes. Azure Linux is used in cloud infrastructures, edge systems, and various Microsoft services, and the project developments are distributed under the MIT license.
Azure Linux is used as the basis for the WSLg minidistribution, which provides graphics stack components for running Linux GUI applications in environments based on the WSL2 (Windows Subsystem for Linux) subsystem. WSLg expands its functionality by including additional packages such as Weston Composite Server, XWayland, PulseAudio and FreeRDP.
The Azure Linux build system allows the generation of individual RPM packages based on SPEC files and source code, as well as monolithic system images created with the rpm-ostree toolkit, which are updated atomically without being split into separate packages. This allows two update delivery models: updating individual packages or rebuilding and updating the entire system image. A repository of approximately 3000 preconfigured RPM packages is available for creating custom images based on configuration files.
Platform Azure Linux base is designed to offer minimal resource consumption and high loading speeds. It takes a “maximum security by default” approach by implementing several additional mechanisms to improve security:
- System call filtering: It uses the seccomp mechanism to filter system calls.
- Encryption of disk partitions: Disk partitions are encrypted to protect data.
- Package verification: Packages are verified by digital signature to ensure authenticity and integrity.
- Address space randomization: Address space randomization is applied to make attacks more difficult.
- Protection against specific attacks: Protects against symlink, mmap, /dev/mem, and /dev/kmem attacks.
- Read-only mode and execution prohibition: Read-only mode is established and code execution in critical memory areas is prohibited.
- Disabling kernel module loading: You can disable loading kernel modules after system initialization.
- Network packet filtering: Iptables is used to filter network packets and improve network security.
- Protection against overflows and string formatting problems: Protection modes against stack overflows, buffer overflows, and string formatting issues are enabled during compilation.
The system uses systemd to manage services and startups, and offers RPM and DNF package managers for package management. The SSH server is not enabled by default. The installer provides options in both text and graphical mode, including selecting a full or basic package set, configuring disk partitions, host name, and creating users.
Additionally, Microsoft introduced Azure Sphere 24.03, a platform designed for IoT devices based on energy-efficient microcontrollers. It incorporates the Pluton subsystem, which provides hardware for encryption, private key storage, and complex cryptographic operations, including a dedicated processor, cryptography engine, hardware random number generator, and isolated key storage.
Finally if you are interested in knowing more about it, you can check the details In the following link. It is worth mentioning that bootable ISO images are available for x86_64 and aarch64 architectures, with a standard set of base packages that serve as a universal basis for creating containers, host environments, and cloud services.