Microsoft, which saw Linux as the cancer of the IT world in the early 2000s, completely reversed course over the past decade. The Redmond company has invested heavily in open source development, as evidenced by the Windows Subsystem for Linux (WSL) and Azure Sphere OS tools. Microsoft also acquired GitHub, the platform that hosts the world’s most open source software, for nearly $ 8 billion in 2018.
At the beginning of July 2021, Microsoft released the first stable version of its own Linux distribution: CBL-Mariner 1.0, in which CBL stands for Common Base Linux. CBL-Mariner is a product of Microsoft’s Linux engineers and is used as the internal distribution by their engineering teams for cloud, edge, and other enterprise needs. It is not a general purpose distribution like Ubuntu or Fedora, although it is open source. CBL-Mariner is already being used by systems such as the Windows Subsystem for Linux (WSL), Azure Sphere OS, SONiC, and other Linux-based efforts at giant Redmond.
Yes, you read the title carefully. Hell is freezing because at Microsoft we have our own Linux distribution called Mariner or more accurately CBL-Mariner where CBL stands for Common Base Linux, wrote Juan Manuel Rey, an engineer with Microsoft’s Azure division, in a blog post introducing the company’s new Linux distribution.
He clarified in the preamble that this internal distribution is not a general purpose distribution like Ubuntu or Fedora, although it does look like Fedora or Photon OS. It was created by Microsoft’s System Linux Group which implemented the Linux kernel used by the Windows Subsystem for Linux version 2 (WSL2). Mariner has its own repository with the Microsoft GitHub repo. However, he warns that no image and ISO is provided, but it is possible to compile your own version on the base of Ubuntu 18.04 (the prerequisites are respected).
In detail, Juan Manuel Rey pointed out that for the installation of the packages, the CBL-Mariner relies on RPM. Regarding their update, the distribution combines dnf and Tiny DNF (tdnf) a Photon OS li package manager from VMware. Another way to do this is to go through the Ostree RPM tool from Red Hat’s Atomic project that simplifies the creation of LXC containers.
Finally, he mentioned the security component, stressing the fact that CBL-Mariner respects the security principle by default. Many features are included in the distribution: hardened kernel, signed updates, ASLR (address space layout randomization) and also a hardened compiler and robust logging.
Earlier this month, Microsoft released version 2.0 of CBL-Mariner: Microsoft Reserve, it is still not released for general use. CBL-Mariner 2.0 uses the latest Microsoft Linux System Group 5.15 kernel, along with major package version upgrades, and enhanced support for SELinux and proprietary packages required to support Nvidia and CUDA hardware.
The second internal Linux distribution for Microsoft
After Mariner, the Redmond firm will also have a version called Delridge (or CBL-D). This diversity was discovered by chance in a blog post by Hayden Barnes, Head of Engineering at SuSE. Barnes noted that Microsoft released CBL-Delridge in 2020, the same year it also released CBL-Mariner. The main difference between the two: Delridge is a custom derivative of Debian, while Mariner is a custom-style distribution. Linux From scratch.
Microsoft uses this to enable its Azure Cloud Shell, which provides a set of cloud management tools within a single container. Azure Cloud Shell provides a set of cloud management tools bundled in one container. In a note to the GitHub repository for the Cloud Shell, maintainers said the main difference between Debian and CBL-D is that Microsoft integrates all of the packages included with CBL-D storage within . This helps guard against supply chain attacks.
CBL-Mariner and CBL-Delridge are just two of the Linux-related deliverables developed by Microsoft and offered by the Linux Systems Group. Others include the Windows Subsystem for Linux version 2 (WSL2), which is part of Windows 10 and Windows 11; an Azure-optimized Linux kernel designed for optimal performance as guests of Hyper-V*; and Integrity Policy Enforcement (IPE), a Linux security module (LSM) offered by the Enterprise and Security team.
Microsoft has other Linux-related projects built within it, including Azure Sphere, its Linux-based microcontroller and secure IoT services, and SONic, an open-source operating system for network switches, released as part of its Open Compute Working Project (OCP).
During the 2018 edition of the RSA conference Microsoft announced the availability of a preview version of Microsoft Azure Sphere, its solution for creating highly secure Internet-connected microcontrollers (MCUs). Azure Sphere includes three components that work together to protect and power edge devices:
- Azure Sphere Certified Microcontrollers (MCUs): a new class of crossover microcontrollers that combines both real-time system and application processor with embedded Microsoft security technology;
- Azure Sphere OS: With this operating system, Microsoft hopes to offer unparalleled security and agility. Unlike RTOS that are common in MCUs today, the IoT in-depth defense operating system provides multiple levels (layers) of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly secure software environment and a reliable platform for new IoT experiences;
- Azure Sphere Security Service: A turnkey cloud service that protects every Azure Sphere device, it establishes trusted device-to-device and device-to-cloud communications through certificate authentication, detects emerging security threats in entire Azure Sphere ecosystem through online failure reports and renewing its database through software updates.
In detail, Azure Sphere OS has five layers of security:
- layer 0: it is material -related;
- layer 1: a security monitor that protects the integrity and access to critical resources;
- layer 2: a custom Linux kernel;
- Layer 3: on-chip connectivity services that secure your cloud connection and provide access to the Azure Sphere security service;
- Layer 4: Secure application containers that share code for agility, stability, and security.
Microsoft has announced SONic (Software for Open Networking in the Cloud) as the final piece of the puzzle in delivering a fully open-source switching platform that can share the same stack of hardware software from multiple network switch vendors. It is a completely open source software stack for operating network devices such as switches with a lot of functionality. Built in conjunction with leading vendors in the networking industry such as Broadcom, Arista, Dell and Mellanox, SONic can run on a variety of switching platforms via the SAI specification.
When it was unveiled in 2016, SONic was no longer a prototype, as it was already deployed in Microsoft’s cloud. The version made by Microsoft that was open source brought improvements to the one used in production within the company. While the open source software stack was tested at this time on Debian, Microsoft explained that it could theoretically support all other Linux distributions. SONic is based on a modular architecture with a lightweight stack built for data center networking needs. Microsoft also explained that its collection of networking software components could easily be expanded to other open-source or proprietary software components from third-party vendors.
Source: Barnes post
Microsoft has released the open-source Linux version of the system monitor utility Sysmon to detect signs of suspicious activity that may be logged.
Microsoft introduces Azure Sphere, its solution for securing IoT, which includes an operating system based on a personalized Linux kernel
Microsoft has released its own Linux distribution under the codename CBL-Mariner, where CBL stands for Common Base Linux
Microsoft releases SONiC, an open-source software stack that targets Linux to run network devices
Windows 11: Microsoft offers the Windows Subsystem for Linux as an app in the Microsoft Store, to provide updates separate from the operating system