Linux OS for Azure 1P services and edge appliances
Перейти к файлу
Rachel Menge c5b6704f80
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826)
The rose_bind() function which is used in the AX.25 PLP Rose protocol introduced a race condition which has CVE-2022-2961. Therefore remove rose support.
2024-10-24 14:40:32 -07:00
.config Image Customizer: remove adduser-config.yaml file as it contains password field (#7298) 2024-01-22 10:02:11 -08:00
.github Updated the `upload-artifact` GitHub Action to version 4. (#10355) 2024-09-04 13:56:33 -07:00
.pipelines [2.0] Use Toolchain RPMS when building Golden Container (#10473) 2024-09-18 09:33:06 -07:00
LICENSES-AND-NOTICES Update licenses for the new specs 2020-08-19 01:48:59 +00:00
SPECS Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826) 2024-10-24 14:40:32 -07:00
SPECS-EXTENDED Fix CVE-2024-47554 for apache-commons-io (#10708) 2024-10-15 11:30:40 +05:30
SPECS-SIGNED Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826) 2024-10-24 14:40:32 -07:00
toolkit Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826) 2024-10-24 14:40:32 -07:00
.gitattributes Add .gitattributes file for GitHub linguist attributes (#4510) 2023-01-24 09:33:13 -08:00
.gitignore Ignored `ccache` directory. (#4912) 2023-02-23 16:18:26 -08:00
CODE_OF_CONDUCT.md Initial CODE_OF_CONDUCT.md commit 2020-07-22 12:27:23 -07:00
CONTRIBUTING.md move src tarballs to AME - mariner 2.0 (#8925) 2024-05-17 14:12:32 -07:00
LICENSE Initial LICENSE commit 2020-07-22 12:27:24 -07:00
README.md Update README.md (#10562) 2024-09-26 09:58:53 -07:00
SECURITY.md Initial SECURITY.md commit 2020-07-22 12:27:25 -07:00
SUPPORT.md packages.microsoft.com repo structure info (#4597) 2023-01-24 15:30:45 -08:00
cgmanifest.json gnutls: upgrade 3.7.7 -> 3.7.11 to address CVE-2023-5981, CVE-2024-28835, CVE-2024-28834 & CVE-2024-0553 (#10578) 2024-10-23 09:16:25 +05:30
codeql3000.yml change code QL default settings file name (#8118) 2024-02-27 14:08:44 -08:00

README.md

CBL-Mariner

CBL-Mariner is an internal Linux distribution for Microsofts cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsofts ability to stay current on Linux updates. This initiative is part of Microsofts increasing investment in a wide range of Linux technologies, such as SONiC and Windows Subsystem for Linux (WSL). CBL-Mariner is being shared publicly as part of Microsofts commitment to Open Source and to contribute back to the Linux community. CBL-Mariner does not change our approach or commitment to any existing third-party Linux distribution offerings.

CBL-Mariner has been engineered with the notion that a small common core set of packages can address the universal needs of first party cloud and edge services while allowing individual teams to layer additional packages on top of the common core to produce images for their workloads. This is made possible by a simple build system that enables:

  • Package Generation: This produces the desired set of RPM packages from SPEC files and source files.
  • Image Generation: This produces the desired image artifacts like ISOs or VHDs from a given set of packages.

Whether deployed as a container or a container host, CBL-Mariner consumes limited disk and memory resources. The lightweight characteristics of CBL-Mariner also provides faster boot times and a minimal attack surface. By focusing the features in the core image to just what is needed for our internal cloud customers there are fewer services to load, and fewer attack vectors.

When security vulnerabilities arise, CBL-Mariner supports both a package-based update model and an image based update model. Leveraging the common RPM Package Manager system, CBL-Mariner makes the latest security patches and fixes available for download with the goal of fast turn-around times.

Getting Started with CBL-Mariner

Build

Instructions for building CBL-Mariner may be found here: Toolkit Documentation.

ISO

You can try CBL-Mariner with the following ISO images:

Before using a downloaded ISO, verify the checksum and signature of the image.

After downloading the ISO, use the quickstart instructions to install and use the image in a Hyper-V VM.

Note: Support for the ISO is community based. Before filing a new bug or feature request, please search the list of Github Issues. If you are unable to find a matching issue, please report new bugs by clicking here or create a new feature request by clicking here. For additional information refer to the support.md file.

Getting Help

  • Bugs, feature requests and questions can be filed as GitHub issues.
  • We are starting a public community call for Mariner users to get together and discuss new features, provide feedback, and learn more about how others are using Mariner. In each session, we will feature a new demo. The schedule for the upcoming community calls are:
  • 11/21/24 from 8-9am (PST) Click to join
  • 1/23/25 from 8-9am (PST) Click to join
  • 3/27/25 from 8-9am (PST) Click to join
  • 5/22/25 from 8-9am (PST) Click to join

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Acknowledgments

Any Linux distribution, including CBL-Mariner, benefits from contributions by the open software community. We gratefully acknowledge all contributions made from the broader open source community, in particular:

  1. The Photon OS Project for SPEC files originating from the Photon distribution.

  2. The Fedora Project for SPEC files, particularly with respect to Qt, DNF and content in the SPECS-EXTENDED folder.

  3. GNU and the Free Software Foundation

  4. Linux from Scratch

  5. Openmamba for SPEC files