Go to file
jslobodzian be4ec47439
Merge pull request #33 from christopherco/chrco/add-bpf-configs
kernel: Enable configs for BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP monitoring
2020-08-17 20:34:20 -07:00
.github Add manifest checkbox 2020-08-17 11:27:57 -07:00
LICENSES-AND-NOTICES Initial CBL-Mariner commit to GitHub 2020-08-06 20:17:52 -07:00
SPECS Merge pull request #33 from christopherco/chrco/add-bpf-configs 2020-08-17 20:34:20 -07:00
toolkit Merge pull request #32 from microsoft/joschmit/prefer-local-packages 2020-08-17 19:40:12 -07:00
.gitignore Ignoring the 'build' and 'out' directories. 2020-08-13 15:37:41 -07:00
CODE_OF_CONDUCT.md Initial CODE_OF_CONDUCT.md commit 2020-07-22 12:27:23 -07:00
CONTRIBUTING.md Initial CBL-Mariner commit to GitHub 2020-08-06 20:17:52 -07:00
LICENSE Initial LICENSE commit 2020-07-22 12:27:24 -07:00
README.md Updated official README.md 2020-08-10 13:30:03 -07:00
SECURITY.md Initial SECURITY.md commit 2020-07-22 12:27:25 -07:00
cgmanifest.json Revert "Fixed sort to be like old file for cgmanifest" 2020-08-17 14:01:54 -07:00

README.md

CBL-Mariner

CBL-Mariner is an internal Linux distribution for Microsofts cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsofts ability to stay current on Linux updates. This initiative is part of Microsofts increasing investment in a wide range of Linux technologies, such as SONiC, Azure Sphere OS and Windows Subsystem for Linux (WSL). CBL-Mariner is being shared publicly as part of Microsofts commitment to Open Source and to contribute back to the Linux community. CBL-Mariner is not being offered commercially as a solution for servers, PCs, or IoT devices nor is it included as an IaaS offering. CBL-Mariner does not change our approach or commitment to any existing third-party Linux distribution offerings.

CBL-Mariner has been engineered with the notion that a small common core set of packages can address the universal needs of first party cloud and edge services while allowing individual teams to layer additional packages on top of the common core to produce images for their workloads. This is made possible by a simple build system that enables:

  • Package Generation: This produces the desired set of RPM packages from SPEC files and source files.
  • Image Generation: This produces the desired image artifacts like ISOs or VHDs from a given set of packages.

Whether deployed as a container or a container host, CBL-Mariner consumes limited disk and memory resources. The lightweight characteristics of CBL-Mariner also provides faster boot times and a minimal attack surface. By focusing the features in the core image to just what is needed for our internal cloud customers there are fewer services to load, and fewer attack vectors.

When security vulnerabilities arise, CBL-Mariner supports both a package-based update model and an image based update model. Leveraging the common RPM Package Manager system, CBL-Mariner makes the latest security patches and fixes available for download with the goal of fast turn-around times.

Getting Started with CBL-Mariner:

CBL-Mariner is not released for commercial use, but we understand developers may be interested to examine what we have built. Instructions for building Mariner may be found here: Toolkit Documentation

Acknowledgments

Any Linux distribution, including CBL-Mariner, benefits from countless contributions by the open software community. We gratefully acknowledge all contributions made from the community at large as well as the following:

  1. VMWare and the developers of Photon OS as most of the CBL-Mariner SPEC files originated from the Photon distribution.

  2. The Fedora Project for certain SPEC files, particularly with respect to QT, DNF and several of their dependencies.

  3. GNU and the Free Software Foundation

  4. Linux from Scratch