sakin aikin , wanda a cikinsa ake ƙirƙira wani tsari don keɓantaccen aiwatar da aikace-aikacen hoto, na'ura mai kwakwalwa da kuma sabar. Amfani da Firejail yana ba ku damar rage haɗarin lalata babban tsarin yayin gudanar da shirye-shirye marasa aminci ko yuwuwar rauni. An rubuta shirin a cikin harshen C, mai lasisi a ƙarƙashin GPLv2 kuma yana iya gudana akan kowane rarraba Linux tare da kernel wanda ya girmi 3.0. Shirye-shiryen fakiti tare da Firejail a cikin tsarin deb (Debian, Ubuntu) da rpm (CentOS, Fedora).
Domin keɓewa a cikin Firejail wuraren suna, AppArmor, da tace kiran tsarin (seccomp-bpf) a cikin Linux. Da zarar an ƙaddamar da shi, shirin da duk tsarin tafiyar da yaran sa suna amfani da ra'ayi daban-daban na albarkatun kwaya, kamar tari na cibiyar sadarwa, tebur mai sarrafawa, da wuraren hawa. Ana iya haɗa aikace-aikacen da suka dogara da junansu cikin akwatin yashi na gama-gari. Idan ana so, Hakanan ana iya amfani da Firejail don gudanar da kwantena Docker, LXC da OpenVZ.
Ba kamar kayan aikin kwandon shara ba, gidan yarin yana da matuƙar girma a cikin daidaitawa kuma baya buƙatar shirye-shiryen hoton tsarin - an kafa abun da ke ciki a kan tashi bisa abubuwan da ke cikin tsarin fayil na yanzu kuma an share shi bayan kammala aikace-aikacen. Ana samar da hanyoyi masu sassauƙa na saita ƙa'idodin samun dama ga tsarin fayil; zaku iya tantance waɗanne fayiloli da kundayen adireshi aka ba su izini ko hana damar shiga, haɗa tsarin fayilolin wucin gadi (tmpfs) don bayanai, iyakance damar yin amfani da fayiloli ko kundayen adireshi don karantawa kawai, haɗa kundayen adireshi ta hanyar daure-mount da overlayfs.
Don ɗimbin shahararrun aikace-aikace, gami da Firefox, Chromium, VLC da Watsawa, shirye-shirye keɓewar tsarin kira. Don gudanar da shirin a yanayin keɓe, kawai saka sunan aikace-aikacen azaman hujja ga kayan aikin gidan kashe gobara, misali, "firejail firefox" ko "sudo firejail /etc/init.d/nginx start".
A cikin sabon saki:
- An gyara rashin lahani wanda ke ba da damar mugun aiki don ƙetare tsarin hana kiran tsarin. Mahimmancin raunin shine cewa ana kwafin matatun Seccomp zuwa ga /run/firejail/mnt directory, wanda aka rubuta a cikin keɓantaccen mahalli. Hanyoyin ƙeta suna gudana a cikin yanayin keɓewa na iya canza waɗannan fayiloli, wanda zai haifar da sababbin hanyoyin da ke gudana a cikin yanayi guda don aiwatar da su ba tare da amfani da tace tsarin kira ba;
- Ƙwaƙwalwar ƙwaƙwalwa-ƙi-rubutu-execute tace yana tabbatar da cewa an katange kiran "memfd_create";
- Ƙara sabon zaɓi "private-cwd" don canza kundin aiki na gidan yari;
- Ƙara zaɓin "-nodbus" don toshe kwas ɗin D-Bus;
- An dawo da tallafi don CentOS 6;
- goyan bayan fakiti a cikin tsari и .
cewa waɗannan fakitin su yi amfani da kayan aikin nasu; - An ƙara sabbin bayanan martaba don ware ƙarin shirye-shirye 87, gami da mypaint, nano, xfce4-mixer, gnome-keyring, redshift, font-manager, gconf-editor, gsettings, freeciv, lincity-ng, openttd, torcs, tremulous, warsow, freemind, kid3, freecol, opencity, utox, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, inkview, meteo-qt, ktuch, yelp da cantata.
source: budenet.ru