ProHoster > Блог > labaran intanet > Fedora 40 yana shirin ba da damar ware sabis na tsarin

Fedora 40 yana shirin ba da damar ware sabis na tsarin

Sakin Fedora 40 yana ba da damar saitunan keɓancewa don ayyukan tsarin tsarin da aka kunna ta tsohuwa, da kuma ayyuka tare da aikace-aikace masu mahimmanci kamar PostgreSQL, Apache httpd, Nginx, da MariaDB. Ana sa ran cewa canjin zai ƙara yawan tsaro na rarrabawa a cikin saitunan tsoho kuma zai sa ya yiwu a toshe raunin da ba a sani ba a cikin ayyukan tsarin. Har yanzu ba a yi la'akari da shawarar ba ta FEsco (Kwamitin Gudanar da Injiniya na Fedora), wanda ke da alhakin sashin fasaha na haɓaka rarraba Fedora. Hakanan za'a iya ƙi ba da shawara yayin aikin bitar al'umma.

Saitunan da aka ba da shawarar don kunna:

  • PrivateTmp=ee - samar da kundayen adireshi daban tare da fayilolin wucin gadi.
  • ProtectSystem = Ee/cikakken/tsattsaye - Haɓaka tsarin fayil ɗin a cikin yanayin karantawa kawai (a cikin yanayin “cikakken” - / sauransu/, cikin tsananin yanayin - duk tsarin fayil banda / dev/, /proc/ da /sys/).
  • ProtectHome=ee-hana samun damar shiga kundayen adireshi na gida.
  • PrivateDevices=ee - barin damar kawai zuwa /dev/null, /dev/zero da /dev/random
  • ProtectKernelTunables = Ee - damar karantawa-kawai zuwa /proc/sys/, /sys/, /proc/acpi, /proc/fs, /proc/irq, da sauransu.
  • ProtectKernelModules=ee - hana loda kayan kwaya.
  • ProtectKernelLogs=e - yana hana samun dama ga buffer tare da rajistan ayyukan kwaya.
  • ProtectControlGroups=e - damar karantawa-kawai zuwa /sys/fs/cgroup/
  • NoNewPrivileges=ee - haramta haɓaka gata ta hanyar saiti, saiti da tutocin iya aiki.
  • PrivateNetwork=ee - sanyawa a cikin keɓaɓɓen sarari suna na tarin cibiyar sadarwa.
  • ProtectClock=ee-hana canza lokaci.
  • ProtectHostname=ee - ya hana canza sunan mai masaukin baki.
  • ProtectProc=Invisible - ɓoye tsarin wasu mutane a /proc.
  • User= - canza mai amfani

Bugu da ƙari, kuna iya la'akari da kunna saitunan masu zuwa:

  • CapabilityBoundingSet=
  • DevicePolicy=rufe
  • KeyringMode=na sirri
  • LockPersonality=e
  • MemoryDenyWriteExecute=e
  • Masu amfani da zaman kansu=ee
  • Cire IPC = Ee
  • RestrictAddressFamilies=
  • RestrictNamespaces=ee
  • RestrictRealtime = Ee
  • RestrictSUIDSGID=ee
  • SystemCallFilter=
  • SystemCallArchitectures=an asali

source: budenet.ru

Add a comment