Aikin Openwall ya buga sakin ƙirar kernel LKRG 0.9.2 (Linux Kernel Runtime Guard), wanda aka tsara don ganowa da toshe hare-hare da keta mutuncin tsarin kwaya. Misali, tsarin zai iya karewa daga canje-canje mara izini ga kernel mai gudana da yunƙurin canza izini na hanyoyin mai amfani (gano amfani da abubuwan amfani). Tsarin ya dace duka don tsara kariya daga fa'idodin da aka sani na lahani na kwaya na Linux (misali, a cikin yanayin da ke da wahala a sabunta kwaya a cikin tsarin), da kuma magance fa'idodin har yanzu raunin da ba a san su ba. Ana rarraba lambar aikin a ƙarƙashin lasisin GPLv2. Kuna iya karanta game da fasalulluka na aiwatar da LKRG a cikin sanarwar farko na aikin.
Daga cikin canje-canje a cikin sabon sigar:
- Ana ba da jituwa tare da kwayayen Linux daga 5.14 zuwa 5.16-rc, haka kuma tare da sabuntawa zuwa kernels LTS 5.4.118+, 4.19.191+ da 4.14.233+.
- Ƙara goyon baya don daidaitawar CONFIG_SECOMP daban-daban.
- Ƙara tallafi don ma'aunin kwaya na "nolkrg" don kashe LKRG a lokacin taya.
- Kafaffen tabbataccen ƙarya saboda yanayin tsere lokacin sarrafa SECCOMP_FILTER_FLAG_TSYNC.
- Inganta ikon yin amfani da saitin CONFIG_HAVE_STATIC_CALL a cikin Linux kernels 5.10+ don toshe yanayin tsere lokacin sauke wasu kayayyaki.
- Sunayen na'urorin da aka toshe lokacin amfani da saitin lkrg.block_modules=1 an adana su a cikin log ɗin.
- Aiwatar da saitunan sysctl a cikin fayil /etc/sysctl.d/01-lkrg.conf
- An ƙara fayil ɗin sanyi na dkms.conf don tsarin DKMS (Taimakon Module Module Mai Kyau) wanda aka yi amfani da shi don gina ƙirar ɓangare na uku bayan sabuntawar kwaya.
- Ingantattun tallafi da sabuntawa don haɓaka haɓakawa da ci gaba da tsarin haɗin kai.
source: budenet.ru