ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Firejail 0.9.62 Daim Ntawv Thov Kev Tso Cai Tso Tawm

Firejail 0.9.62 Daim Ntawv Thov Kev Tso Cai Tso Tawm

Tom qab rau lub hlis ntawm kev loj hlob muaj qhov project tso tawm Firejail 0.9.62, nyob rau hauv uas ib tug system yog tsim los rau cais ua hauj lwm ntawm graphical, console thiab server applications. Siv Firejail tso cai rau koj txo qis qhov kev pheej hmoo ntawm kev cuam tshuam rau lub hauv paus tseem ceeb thaum ua haujlwm tsis txaus ntseeg lossis muaj peev xwm ua rau muaj kev cuam tshuam. Qhov kev zov me nyuam tau sau ua lus C, faib los ntawm muaj ntawv tso cai raws li GPLv2 thiab tuaj yeem khiav ntawm txhua qhov kev faib tawm Linux nrog lub kernel laus dua 3.0. Npaj-ua pob khoom nrog Firejail npaj hauv deb (Debian, Ubuntu) thiab rpm (CentOS, Fedora) hom.

Rau kev cais tawm hauv Firejail yog siv namespaces, AppArmor, thiab system hu filtering (seccomp-bpf) hauv Linux. Thaum pib, qhov kev zov me nyuam thiab tag nrho nws cov txheej txheem me nyuam siv cais cov kev xav ntawm cov khoom siv kernel, xws li pawg network, txheej txheem rooj, thiab cov ntsiab lus mount. Cov ntawv thov uas nyob ntawm ib leeg tuaj yeem ua ke rau hauv ib qho sandbox. Yog xav tau, Firejail kuj tseem siv tau los khiav Docker, LXC thiab OpenVZ ntim.

Tsis zoo li lub thawv ntim khoom siv hluav taws xob, hluav taws kub hauv tsev yog qhov tsis tshua muaj neeg yooj yim nyob rau hauv lub configuration thiab tsis xav tau kev npaj ntawm ib tug system duab - lub thawv muaj pes tsawg leeg yog tsim nyob rau hauv yoov raws li cov ntsiab lus ntawm cov ntaub ntawv tam sim no thiab raug tshem tawm tom qab daim ntawv thov tiav. Kev siv yooj yim ntawm kev teeb tsa cov cai nkag mus rau cov ntaub ntawv kaw lus tau muab; koj tuaj yeem txiav txim siab seb cov ntaub ntawv twg thiab cov npe twg raug tso cai lossis tsis lees paub nkag, txuas cov ntaub ntawv ib ntus (tmpfs) rau cov ntaub ntawv, txwv kev nkag mus rau cov ntaub ntawv lossis cov ntawv qhia kom nyeem nkaus xwb, sib txuas cov npe los ntawm khi-mount thiab overlayfs.

Rau ntau daim ntawv thov nrov, suav nrog Firefox, Chromium, VLC thiab Transmission, npaj txhij cov ntaub ntawv system hu kev cais. Txhawm rau kom tau txais cov cai tsim nyog los teeb tsa ib puag ncig sandboxed, firejail executable yog ntsia nrog SUID hauv paus chij (tsim nyog tau pib dua tom qab pib). Txhawm rau khiav ib qho kev pab cuam hauv hom kev cais, tsuas yog qhia lub npe ntawm daim ntawv thov raws li kev sib cav rau lub tsev kaw neeg hluav taws xob, piv txwv li, "firejail firefox" lossis "sudo firejail /etc/init.d/nginx start".

Hauv qhov kev tso tawm tshiab:

  • Nyob rau hauv cov ntaub ntawv configuration /etc/firejail/firejail.config ntxiv file-copy-limit setting, uas tso cai rau koj txwv qhov loj ntawm cov ntaub ntawv uas yuav muab luam rau hauv lub cim xeeb thaum siv cov kev xaiv "--private-*" (los ntawm lub neej ntawd qhov txwv yog teem rau 500MB).
  • Cov qauv tsim los tsim cov ntawv thov txwv tshiab tau ntxiv rau hauv /usr/share/doc/firejail directory.
  • Profiles tso cai rau siv debuggers.
  • Txhim kho lim ntawm kev hu xov tooj siv lub tshuab seccomp.
  • Nws pib-nrhiav ntawm compiler chij yog muab.
  • Kev hu chroot tsis yog ua raws li txoj hauv kev, tab sis siv cov ntsiab lus mount raws li cov ntaub ntawv piav qhia.
  • Lub /usr/share directory yog whitelisted los ntawm ntau yam profiles.
  • Tus neeg pab tshiab scripts gdb-firejail.sh thiab sort.py tau ntxiv rau hauv ntu conrib.
  • Txhim khu kev tiv thaiv nyob rau theem ua tiav ntawm txoj cai muaj cai (SUID).
  • Rau cov ntaub ntawv, cov yam ntxwv tshiab HAS_X11 thiab HAS_NET tau raug coj los kuaj xyuas qhov muaj X server thiab nkag mus rau lub network.
  • Ntxiv cov ntaub ntawv rau cov ntawv thov cais tawm (tag nrho cov naj npawb ntawm cov profiles tau nce mus rau 884):
    • i2p, ua.
    • tor-browser (AUR),
    • Zulip,
    • rsync
    • teeb liab-cli
    • tcp pom
    • tserk,
    • qgis ib
    • OpenArena,
    • godot,
    • klatexformula,
    • klatexformula_cmdl,
    • txuas
    • xlinks,
    • pandoc
    • teams-rau-linux,
    • gnome-suab-cuam,
    • xov xwm tshiab,
    • keepassxc-cli,
    • keepassxc-proxy,
    • rhythmbox-neeg siv,
    • jerry
    • mob siab rau,
    • mpg123, ua.
    • sib tham,
    • mpg123.bin, ib
    • mpg123-lsa,
    • mpg123-id3dump,
    • ntawm 123,
    • mpg123-jack,
    • mpg123-nas,
    • mpg123-qhib,
    • mpg123-oss,
    • mpg123-portaudio,
    • mpg123- mem tes,
    • mpg123-kab,
    • pavucontrol-qt,
    • gnome-cov cim,
    • gnome-tus cim-map,
    • Whalebird
    • tb-starter-wrapper,
    • bzcat,
    • kiwix-desktop,
    • bzcat,
    • zstd,
    • pzstd,
    • zstdcat,
    • zstdgrep,
    • zstdless,
    • zstdmt,
    • unzstd,
    • ar,
    • gnome-latex,
    • pngquant
    • calgebra
    • kalgebramobile,
    • amuled
    • kfind,
    • lus dag
    • audio recorder,
    • lub koob yees duab saib
    • ddgtk ua
    • drawio,
    • unf,
    • gmpc,
    • electron-mail,
    • gist
    • gist-paste.

Tau qhov twg los: opennet.ru

Ntxiv ib saib