What is CBL-Mariner? Microsoft’s Linux distro explained…

The days of Microsoft seeking to freeze out Linux from its ecosystem are now well and truly over. (Tip: if you want to find out why the Microsoft vs Linux battle came to an end, check out our OS Wars article from earlier this year).

There’s just been another big development in the relationship between Microsoft and the world’s most popular open source operating system. Last month, Microsoft rolled out CBL-Mariner (Common Base Linux Mariner), a Linux-based operating system that developers can access for free.

Here’s a quick look at Microsoft’s new Linux distribution, its uses and security credentials…

What is CBL-Mariner?

It’s a Linux distribution (distro) - i.e. an operating system based on the Linux open source project (the Linux kernel).

CBL-Mariner was created by Microsoft’s Linux System Group. The OS was originally designed to be used internally by Microsoft for development and management of the Azure cloud. In July, the company quietly announced that this distro was being made publicly available under the open source MIT license.

Can I use CBL-Mariner to create a Linux desktop?

In a word, no. This is a server-side Linux and not a Linux desktop. It’s primarily aimed at ‘edge’ applications: i.e. the type of mobile and Internet of Things (IoT), where you want data to be processed very quickly by devices and local computers, rather than being transmitted to a data center.

As Microsoft itself puts it, this is basically a highly specialist OS, containing the tools to meet the “universal needs of first-party and edge services”.

If I want to run Linux natively on Windows, what should I use?

For this, your best option is the second version of Windows Subsystem for Linux (WSL2). This was created by the same team (the Microsoft Linux System Group) who developed CBL-Mariner.

WSL2 doesn’t deliver a full Linux desktop experience. Rather, it’s a Microsoft-managed tool that provides a Linux-like environment. You install your Linux distro of choice as an app, while still using Windows as your primary operating system.

So let’s say that the company you work for feels more comfortable (for whatever reason) having Windows in place as the primary OS for users. If developers and various other power users want to work in a Linux environment, you’d probably be looking at WSL2.

Likewise, if your business is looking to develop and secure new IoT initiatives and products, CBL-Mariner is definitely worth looking at.

CBL-Mariner security features 

Precisely because it is focused on fulfilling a fairly specific role linked to edge computing services, CBL-Mariner is a very lightweight Linux. And this limited size means a limited attack surface (so fewer unnecessary security headaches). It also comes with a strong stack of security features, including:

  • Hardened kernel: a strategy of using specific kernel configuration options to limit the risk of unauthorized access and attack.
  • Signed updates: a way of verifying updates and patches before application, to ensure they have not been tampered with.
  • ASLR (Address space layout randomization): a means of preventing exploitation of memory corruption vulnerabilities.
  • Tamper-resistant logs: a means of controlling and monitoring access to your code.

How to get CBL-Mariner

You can build CBL-Mariner on Ubuntu 18.04 or newer. You will also need the latest version of the Go language and Docker.

Microsoft offers two ways to use CBL-Mariner. The fastest is to build one of the predefined images. This method is recommended for trying out and playing around with the distribution. The quick start guide can be found here.

To create a custom distribution using CBL-Mariner, Microsoft’s latest build instructions are available here.

Need to brush up on your Linux knowledge? Check out our great value Complete Linux Skills Bundle here.

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.

  • merlin says:

    So is this the start of the infamous MicroSoft “embrace and extend” death squeeze

  • >