Maka FreeBSD, a na-atụpụta mmejuputa usoro ikewapụ ngwa, na-echetara oku usoro nkwe na mkpughe nke mmemme OpenBSD mepụtara. A na-enweta ikewapụ na plegde site na machibido ịnweta oku sistemụ anaghị eji na ngwa ahụ, yana n'ikpughe site na ịhọrọ imeghe ohere naanị na ụzọ faịlụ nke ngwa ahụ nwere ike ịrụ ọrụ. Maka ngwa ahụ, a na-emepụta ụdị aha ọcha nke oku sistemụ na ụzọ faịlụ, machibido oku na ụzọ ndị ọzọ niile.
Ọdịiche dị n'etiti analogue nke plegde na mkpughe nke a na-emepe emepe maka FreeBSD na-agbadata na ntinye nke oyi akwa ọzọ na-enye gị ohere ikewapụ ngwa na-enweghị mgbanwe na koodu ha ma ọ bụ jiri obere mgbanwe. Cheta na na OpenBSD, plegde na unveil bụ ebumnuche ijikọ ọnụ na gburugburu ebe dị n'okpuru ma jiri ya tinye nkọwa pụrụ iche na koodu nke ngwa ọ bụla. Iji mee ka nhazi nke nchebe dị mfe, ihe nzacha na-enye gị ohere ịnye nkọwa zuru ezu na ọkwa nke usoro oku nke onye ọ bụla ma na-emegharị klaasị nke oku usoro (ntinye / mmepụta, faịlụ ọgụgụ, ide faịlụ, sockets, ioctl, sysctl, usoro mmalite, wdg.) . Enwere ike ịkpọ ọrụ mmachi ohere na koodu ngwa ka a na-eme ụfọdụ omume, dịka ọmụmaatụ, ịnweta oghere na faịlụ nwere ike ịgọnarị mgbe imepe faịlụ ndị dị mkpa na ịmepụta njikọ netwọk.
Onye edemede nke ọdụ ụgbọ mmiri nke plegde na mkpughe maka FreeBSD bu n'obi inye ikike ikewapụ ngwa aka ike, nke a na-atụpụta ọrụ ákwà mgbochi, nke na-enye gị ohere itinye iwu ndị akọwapụtara na faịlụ dị iche na ngwa. Nhazi a na-atụ aro na-agụnye faịlụ nwere ntọala ntọala nke na-akọwa klas nke oku usoro na ụzọ faịlụ a na-ahụkarị maka ụfọdụ ngwa (na-arụ ọrụ na ụda, mmekọrịta netwọk, ịde osisi, wdg), yana faịlụ nwere iwu ịnweta maka ngwa ngwa.
Enwere ike iji akụrụngwa nke ákwà mgbochi kewapụ ọtụtụ ngwa anaghị agbanwe agbanwe, usoro ihe nkesa, ngwa eserese, na ọbụna nnọkọ desktọpụ dum. Enwere ike iji ákwà mgbochi na-ejikọta ya na usoro iche iche nke ụlọ mkpọrọ Jail na Capsicum na-enye. Ọ bụkwa ike hazie nested kewapụrụ, mgbe ulo oru ngwa eketa iwu setịpụrụ maka nne na nna ngwa, supplementing ha na onye mgbochi. A na-echekwa ụfọdụ ọrụ kernel (ụlọ ọrụ ndozi, POSIX/SysV IPC, PTYs) site na usoro mgbochi na-egbochi ịnweta kernel ihe na-esiteghị na usoro dị ugbu a ma ọ bụ nne na nna.
Usoro nwere ike hazie ikewapụ onwe ya site n'ịkpọ curtainctl ma ọ bụ site na iji ọrụ libcurtain's plegde() na ikpughe() ọrụ, dị ka ndị ahụ dị na OpenBSD. Iji soro mkpọchi mgbe ngwa na-arụ ọrụ, a na-enye sysctl 'security.curtain.log_level'. Enyere ohere ịnweta usoro X11 na Wayland iche iche site na ịkọwapụta nhọrọ "-X"/"-Y" na "-W" mgbe ị na-agba ákwà mgbochi, mana nkwado maka ngwa eserese akwadobeghị nke ọma ma nwee ọtụtụ nsogbu edozibeghị ( nsogbu na-apụtakarị mgbe ị na-eji X11, yana nkwado Wayland na-emejuputa ya nke ọma). Ndị ọrụ nwere ike ịgbakwunye ihe mgbochi ndị ọzọ site na ịmepụta faịlụ iwu mpaghara (~/.curtain.conf). Dịka ọmụmaatụ, iji kwe ka ịde ihe sitere na Firfox naanị na ~/Downloads/ directory, ị nwere ike tinye ngalaba "[firefox]" na iwu "~/Downloads/: rw +".
Mmejuputa a na-agụnye modul kernel mac_curtain maka njikwa ikike ikike (MAC, njikwa nnweta iwu), otu patches maka kernel FreeBSD yana mmejuputa ndị njikwa na nzacha dị mkpa, ọba akwụkwọ libcurtain maka iji plegde na kpughee ọrụ na ngwa, Utility ákwà mgbochi, faịlụ nhazi ihe atụ, ule setịpụrụ na patches maka ụfọdụ mmemme na oghere onye ọrụ (dịka ọmụmaatụ, maka iji $TMPDIR iji jikọta ọrụ na faịlụ nwa oge). Ebe enwere ike, odee bu n'obi ibelata ọnụọgụ mgbanwe nke chọrọ patches na kernel na ngwa.
isi: opennet.ru