qhov project tso tawm , nyob rau hauv uas ib tug system yog tsim los rau cais ua hauj lwm ntawm graphical, console thiab server applications. Siv Firejail tso cai rau koj txo qis qhov kev pheej hmoo ntawm kev cuam tshuam rau lub hauv paus tseem ceeb thaum ua haujlwm tsis txaus ntseeg lossis muaj peev xwm ua rau muaj kev cuam tshuam. Qhov kev zov me nyuam tau sau ua lus C, muaj ntawv tso cai raws li GPLv2 thiab tuaj yeem khiav ntawm txhua qhov kev faib tawm Linux nrog lub kernel laus dua 3.0. Npaj-ua pob khoom nrog Firejail hauv deb (Debian, Ubuntu) thiab rpm (CentOS, Fedora) hom.
Rau kev cais tawm hauv Firejail namespaces, AppArmor, thiab system hu filtering (seccomp-bpf) hauv Linux. Thaum pib, qhov kev zov me nyuam thiab tag nrho nws cov txheej txheem me nyuam siv cais cov kev xav ntawm cov khoom siv kernel, xws li pawg network, txheej txheem rooj, thiab cov ntsiab lus mount. Cov ntawv thov uas nyob ntawm ib leeg tuaj yeem ua ke rau hauv ib qho sandbox. Yog xav tau, Firejail kuj tseem siv tau los khiav Docker, LXC thiab OpenVZ ntim.
Tsis zoo li lub thawv ntim khoom siv hluav taws xob, hluav taws kub hauv tsev yog qhov tsis tshua muaj neeg nyob rau hauv lub configuration thiab tsis xav tau kev npaj ntawm ib tug system duab - lub thawv muaj pes tsawg leeg yog tsim nyob rau hauv yoov raws li cov ntsiab lus ntawm cov ntaub ntawv tam sim no system thiab yog deleted tom qab daim ntawv thov tiav. Kev siv yooj yim ntawm kev teeb tsa cov cai nkag mus rau cov ntaub ntawv kaw lus tau muab; koj tuaj yeem txiav txim siab seb cov ntaub ntawv twg thiab cov npe twg raug tso cai lossis tsis lees paub nkag, txuas cov ntaub ntawv ib ntus (tmpfs) rau cov ntaub ntawv, txwv tsis pub nkag mus rau cov ntaub ntawv lossis cov ntawv qhia kom nyeem nkaus xwb, sib txuas cov npe los ntawm khi-mount thiab overlayfs.
Rau ntau daim ntawv thov nrov, suav nrog Firefox, Chromium, VLC thiab Transmission, npaj txhij system hu kev cais. Txhawm rau khiav ib qho kev pab cuam hauv hom kev cais, tsuas yog qhia lub npe ntawm daim ntawv thov raws li kev sib cav rau lub tsev kaw neeg hluav taws xob, piv txwv li, "firejail firefox" lossis "sudo firejail /etc/init.d/nginx start".
Hauv qhov kev tso tawm tshiab:
- Ib qho yooj yim uas tso cai rau cov txheej txheem tsis zoo los hla lub kaw lus hu rau kev txwv txoj cai tau raug kho. Lub ntsiab lus ntawm qhov tsis zoo yog tias Seccomp cov ntxaij lim dej tau theej rau hauv /run/firejail/mnt directory, uas yog sau tau nyob rau hauv ib puag ncig cais. Cov txheej txheem tsis zoo uas khiav hauv hom kev cais tawm tuaj yeem hloov kho cov ntaub ntawv no, uas yuav ua rau cov txheej txheem tshiab khiav hauv tib qhov chaw kom raug tua yam tsis siv lub kaw lus hu rau lim;
- Lub cim xeeb-tsis lees paub-sau-execute lim kom paub meej tias "memfd_create" hu raug thaiv;
- Ntxiv kev xaiv tshiab "private-cwd" los hloov cov ntaub ntawv ua haujlwm rau hauv tsev kaw neeg;
- Ntxiv "--nodbus" kev xaiv los thaiv D-Bus sockets;
- Rov qab txhawb nqa rau CentOS 6;
- kev them nyiaj yug rau pob khoom hauv cov qauv ΠΈ .
tias cov pob khoom no yuav tsum siv lawv tus kheej cov cuab yeej; - Cov ntawv tshiab tau ntxiv rau cais 87 cov kev pabcuam ntxiv, suav nrog mypaint, nano, xfce4-mixer, gnome-keyring, redshift, font-manager, gconf-editor, gsettings, freeciv, lincity-ng, openttd, torcs, tremulous, warsow, freemind, kid3, freecol, opencity, utox, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, inkview, meteo-qt, ktouch, yelp thiab cantata.
Tau qhov twg los: opennet.ru