Qhov kev tso tawm ntawm Firejail 0.9.72 qhov project tau tshaj tawm, uas tsim ib lub kaw lus rau kev cais tawm ntawm graphical, console thiab server applications, tso cai rau txo qis kev pheej hmoo ntawm kev cuam tshuam lub ntsiab system thaum khiav tsis muaj kev ntseeg siab lossis muaj peev xwm ua rau muaj kev cuam tshuam. Qhov kev zov me nyuam tau sau rau hauv C, faib raws li daim ntawv tso cai GPLv2 thiab tuaj yeem khiav ntawm txhua qhov Linux faib nrog cov ntsiav laus dua 3.0. Cov pob Firejail npaj tau npaj rau hauv deb (Debian, Ubuntu) thiab rpm (CentOS, Fedora) hom.
Rau kev sib cais, Firejail siv lub npe chaw, AppArmor, thiab lub kaw lus hu rau lim (seccomp-bpf) ntawm Linux. Thaum pib, qhov kev zov me nyuam thiab tag nrho nws cov txheej txheem me nyuam siv cais cov kev xav ntawm cov khoom siv kernel, xws li pawg network, txheej txheem rooj, thiab cov ntsiab lus mount. Cov ntawv thov uas nyob ntawm ib leeg tuaj yeem ua ke rau hauv ib qho sandbox. Yog xav tau, Firejail kuj tseem siv tau los khiav Docker, LXC thiab OpenVZ ntim.
Tsis zoo li lub thawv cais cov cuab yeej, firejail yog qhov yooj yim heev rau kev teeb tsa thiab tsis tas yuav tsum tau npaj cov duab hauv lub cev - lub thawv muaj pes tsawg leeg yog tsim los ntawm ya raws li cov ntsiab lus ntawm cov ntaub ntawv tam sim no thiab raug tshem tawm tom qab daim ntawv thov tiav. Kev siv yooj yim ntawm kev teeb tsa cov cai nkag mus rau cov ntaub ntawv kaw lus tau muab; koj tuaj yeem txiav txim siab seb cov ntaub ntawv twg thiab cov npe twg raug tso cai lossis tsis lees paub nkag, txuas cov ntaub ntawv ib ntus (tmpfs) rau cov ntaub ntawv, txwv tsis pub nkag mus rau cov ntaub ntawv lossis cov ntawv qhia kom nyeem nkaus xwb, sib txuas cov npe los ntawm khi-mount thiab overlayfs.
Rau ntau daim ntawv thov nrov, suav nrog Firefox, Chromium, VLC thiab Transmission, npaj txhij-ua qhov kev hu xov tooj cais tawm tau npaj. Txhawm rau kom tau txais cov cai tsim nyog los teeb tsa ib puag ncig sandboxed, firejail executable yog ntsia nrog SUID hauv paus chij (tsim nyog tau pib dua tom qab pib). Txhawm rau khiav ib qho kev pab cuam hauv hom kev cais, tsuas yog qhia lub npe ntawm daim ntawv thov raws li kev sib cav rau lub tsev kaw neeg hluav taws xob, piv txwv li, "firejail firefox" lossis "sudo firejail /etc/init.d/nginx start".
Hauv qhov kev tso tawm tshiab:
- Ntxiv cov lim dej seccomp rau kev hu xov tooj uas thaiv kev tsim cov npe chaw (qhov kev xaiv "-- txwv-namespaces" tau ntxiv los pab). Hloov kho qhov system hu cov ntxhuav thiab pawg seccomp.
- Txhim kho force-nonewprivs hom (NO_NEW_PRIVS), uas tiv thaiv cov txheej txheem tshiab los ntawm kev tau txais cov cai ntxiv.
- Ntxiv lub peev xwm los siv koj tus kheej AppArmor profiles (qhov "--apparmor" kev xaiv yog muab rau kev sib txuas).
- Lub nettrace network tsheb taug qab qhov system, uas qhia cov ntaub ntawv hais txog IP thiab kev siv tsheb khiav los ntawm txhua qhov chaw nyob, siv ICMP kev txhawb nqa thiab muab cov kev xaiv "--dnstrace", "--icmptrace" thiab "--snitrace".
- Cov --cgroup thiab --shell commands tau raug tshem tawm (lub neej ntawd yog --shell = tsis muaj). Firetunnel tsim yog nres los ntawm lub neej ntawd. Disabled chroot, private-lib thiab tracelog nqis hauv /etc/firejail/firejail.config. kev txhawb nqa grsecurity tau raug txiav lawm.
Tau qhov twg los: opennet.ru