CBL-Mariner, Microsoft's Linux distribution reaches version 1.0

Microsoft recently announced the launch of the new version of your Linux distribution "CBL-Mariner 1.0" (Common Base Linux Mariner), which is marked as the first stable version of the project and used in your internal Linux projects, such as the Windows Subsystem for Linux (WSL) and the Azure Sphere operating system.

For those unfamiliar with CBL-Mariner, please know that this is an internal Linux distribution for cloud infrastructure and Microsoft products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsoft's ability to keep up with Linux updates. 

The distribution is remarkable, since pProvides a typical small set of basic packages that act as a universal base for creating container fill, host environments and services running on cloud infrastructures and edge devices. More complex and specialized solutions can be created by adding additional packages on top of CBL-Mariner, but the foundation for all of these systems remains unchanged, simplifying maintenance and preparing for upgrades.

For example, CBL-Mariner is used as the foundation for WSL, which provides the graphics stack components to organize the launch of Linux GUI applications in WSL2 subsystem (Windows Subsystem for Linux) based environments. The basis for this distribution has not changed and the extended functionality is implemented by including additional packages with a Weston composite server, XWayland, PulseAudio, and FreeRDP.

The CBL-Mariner build system pAllows generating separate RPM packages based on SPEC files and source codes, and monolithic system images generated using the rpm-ostree toolkit and atomically updated without breaking into separate packages. Consequently, two models of update delivery are supported: by updating individual packages and by rebuilding and updating the entire system image. The distribution includes only the most essential components and is optimized for minimal memory and disk space consumptionas well as for high download speeds. The distribution is also highlighted by the inclusion of several additional mechanisms to improve protection.

The project takes the approach of "maximum security by default", in addition to providing the ability to filter system calls through the seccomp mechanism, disk partition encryption, packet verification through digital signature. The stack overflow, buffer overflow, and line format protection modes are enabled by default during the build phase.

Address space randomization modes supported in the kernel have been enabled of Linux, as well as the protection mechanisms against attacks related to symbolic links, while for the memory areas in which the segments with kernel and module data are located, the read-only mode is set and execution is prohibited Of code. Optionally, the ability to prohibit loading of kernel modules after system initialization is available.

Standard ISO images are not provided. The user is supposed to be able to create an image with the necessary padding himself (mounting instructions are provided for Ubuntu 18.04). A repository of prebuilt RPMs is available that you can use to create your own images based on the configuration file.

The administrator of systemd is used to manage services and bootstrapping and RPM and DNF handlers package (vmWare variant TDNF) are provided for package management, while SSH server is not enabled by default.

To install the distribution, an installer is provided that can work in both text and graphical mode. The installer provides the ability to install with a complete or basic set of packages, offers an interface to choose a disk partition, choose a hostname, and create users.

If you want to know more about it, you can consult the details In the following link.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.