ProHoster > Pūnaewele > nūhou pūnaewele > Hoʻokuʻu ʻia ʻo Firejail Application Isolation System 0.9.60

Hoʻokuʻu ʻia ʻo Firejail Application Isolation System 0.9.60

ʻIke i ka mālamalama hoʻokuʻu papahana Halepaahao Ahi 0.9.60, i loko kahi e hoʻomohala ʻia ai kahi ʻōnaehana no ka hoʻokō kaʻawale ʻana i nā noi kiʻi, console a me nā kikowaena. ʻO ka hoʻohana ʻana iā Firejail hiki iā ʻoe ke hōʻemi i ka pilikia o ka hoʻololi ʻana i ka ʻōnaehana nui i ka wā e holo ana i nā polokalamu hilinaʻi ʻole a i ʻole nā ​​​​polokalamu pilikia. Ua kākau ʻia ka papahana ma ka ʻōlelo C, mahele ʻia e laikini ʻia ma lalo o GPLv2 a hiki ke holo ma kekahi mahele Linux me kahi kernel i ʻoi aku ma mua o 3.0. ʻO nā pūʻolo i hana ʻia me Firejail hoomakaukauia i ka deb (Debian, Ubuntu) a me rpm (CentOS, Fedora).

No ka noho kaʻawale ʻana ma ka hale paʻahao ahi hoʻohana ʻia namespaces, AppArmor, a me ka kānana kelepona ʻōnaehana (seccomp-bpf) ma Linux. I ka wā i hoʻokuʻu ʻia ai, hoʻohana ka papahana a me kāna kaʻina hana a pau i nā manaʻo ʻokoʻa o nā kumuwaiwai kernel, e like me ka waihona pūnaewele, ka papa hana, a me nā wahi mauna. Hiki ke hoʻohui ʻia nā noi e hilinaʻi ana i kekahi i hoʻokahi pahu one maʻamau. Inā makemake ʻia, hiki ke hoʻohana ʻia ʻo Firejail e holo i nā pahu Docker, LXC a me OpenVZ.

ʻAʻole like me nā mea hana insulation container, ʻoi loa ka hale paʻahao māmā i ka hoʻonohonoho ʻana a ʻaʻole koi i ka hoʻomākaukau ʻana i kahi kiʻi ʻōnaehana - ua hoʻokumu ʻia ka hoʻokumu ʻana o ka ipu i ka lele e pili ana i nā mea o ka ʻōnaehana faila o kēia manawa a holoi ʻia ma hope o ka pau ʻana o ka noi. Hāʻawi ʻia nā ala maʻalahi o ka hoʻonohonoho ʻana i nā lula komo i ka ʻōnaehana faila; hiki iā ʻoe ke hoʻoholo i nā faila a me nā papa kuhikuhi i ʻae ʻia a hōʻole ʻia ke komo ʻana, e hoʻopili i nā ʻōnaehana faila manawaleʻa (tmpfs) no ka ʻikepili, e kaupalena i ke komo ʻana i nā faila a i ʻole nā ​​​​papa kuhikuhi i ka heluhelu-wale, hoʻohui i nā papa kuhikuhi ma o hoʻopaʻa-mauna a me nā uhi.

No ka nui o nā noi kaulana, me Firefox, Chromium, VLC a me Transmission, mākaukau nā ʻikepili kaʻawale kelepona ʻōnaehana. No ka holo ʻana i kahi papahana ma ke ʻano kaʻawale, e kuhikuhi wale i ka inoa noi ma ke ʻano he hoʻopaʻapaʻa i ka pono hale paʻahao, no ka laʻana, "firejail firefox" a i ʻole "sudo firejail /etc/init.d/nginx start".

I ka hoʻokuʻu hou:

  • Ua hoʻopaʻa ʻia kahi haʻahaʻa e hiki ai i kahi kaʻina hana ʻino ke kāʻalo i ka ʻōnaehana kelepona kelepona. ʻO ke kumu o ka nāwaliwali ʻo ia ka kope ʻana o nā kānana Seccomp i ka papa kuhikuhi /run/firejail/mnt, hiki ke kākau ʻia i loko o ke kaiapuni kaʻawale. Hiki i nā kaʻina hana ʻino e holo ana ma ke ʻano kaʻawale ke hoʻololi i kēia mau faila, kahi e hoʻokō ʻia ai nā kaʻina hana hou e holo ana ma ka ʻāina like me ka hoʻohana ʻole ʻana i ka kānana kelepona ʻōnaehana;
  • ʻO ke kānana memo-deny-write-execute e hoʻopaʻa ʻia ke kelepona "memfd_create";
  • Hoʻohui hou i kahi koho "private-cwd" e hoʻololi i ka papa kuhikuhi hana no ka hale paʻahao;
  • Hoʻohui ʻia ke koho "--nodbus" e ālai i nā kumu D-Bus;
  • Hoʻihoʻi ʻia ke kākoʻo no CentOS 6;
  • Hoʻopau ʻia kākoʻo no nā pūʻolo ma nā ʻano pāʻani и Snap.
    Hōʻike ʻiae hoʻohana kēia mau pūʻolo i kā lākou mea hana ponoʻī;

  • Ua hoʻohui ʻia nā ʻaoʻao hou e hoʻokaʻawale i 87 mau papahana hou, me ka mypaint, nano, xfce4-mixer, gnome-keyring, redshift, font-manager, gconf-editor, gsettings, freeciv, lincity-ng, openttd, torcs, tremulous, warsow, freemind, kid3, freecol, opencity, utox, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, inkview, meteo-qt, ktouch, yelp and cantata.

Source: opennet.ru

Pākuʻi i ka manaʻo hoʻopuka