Mwepụta Fedora 40 na-atụ aro inye ntọala ikewapụ maka ọrụ sistemu sistemu nke enyere na ndabara, yana ọrụ nwere ngwa dị egwu dịka PostgreSQL, Apache httpd, Nginx, na MariaDB. A na-atụ anya na mgbanwe ahụ ga-abawanye nchebe nke nkesa na nhazi ndabara ma mee ka o kwe omume igbochi adịghị ike amaghi ama na ọrụ usoro. FEsco (Fedora Engineering Steering Committee) atụlebeghị atụmatụ a, bụ nke na-ahụ maka akụkụ teknụzụ nke mmepe nke nkesa Fedora. Enwere ike ịjụ atụmatụ n'oge usoro nyocha obodo.
Ntọala akwadoro iji mee ka:
- PrivateTmp=ee - na-enye akwụkwọ ndekọ aha dị iche iche nwere faịlụ nwa oge.
- ProtectSystem = ee / juputara / siri ike - na-ebuli sistemụ faịlụ na ọnọdụ ọgụgụ naanị (na ọnọdụ “zuru oke” - / wdg /, na ọnọdụ siri ike - sistemụ faịlụ niile ma ewezuga / dev/, /proc/ na / sys/).
- ProtectHome=ee—na-ajụ ịnweta akwụkwọ ndekọ aha ụlọ onye ọrụ.
- PrivateDevices=ee - na-ahapụ ohere naanị na /dev/null, /dev/zero na /dev/random
- ProtectKernelTunables = ee - ohere ịgụ naanị /proc/sys/, /sys/, /proc/acpi, /proc/fs, /proc/irq, wdg.
- ProtectKernelModules=ee - machibido ịkwanye modul kernel.
- ProtectKernelLogs=ee - machibido iji ndekọ kernel banye ebe nchekwa.
- ProtectControlGroups=ee - ohere ịgụ naanị /sys/fs/cgroup/
- NoNewPrivileges=ee - machibido ibuli ihe ùgwù site na ọkọlọtọ setuid, setgid na ike.
- PrivateNetwork=ee - idowe n'ime oghere aha dị iche nke nchịkọta netwọkụ.
- ProtectClock=ee—machibidoro ịgbanwe oge.
- ProtectHostname=ee - machibido ịgbanwe aha nnabata.
- ProtectProc=adịghị ahụ anya - izobe usoro ndị ọzọ na /proc.
- Onye ọrụ= - gbanwee onye ọrụ
Na mgbakwunye, ị nwere ike ịtụle ịme ntọala ntọala ndị a:
- CapabilityBoundingSet=
- DevicePolicy=emechi
- KeyringMode=nkeonwe
- LockPersonality=ee
- MemoryDenyWriteExecute=ee
- PrivateUsers=ee
- WepụIPC=ee
- RestrictAddressFamilies=
- RestrictNamespaces=ee
- RestrictRealtime=ee
- RestrictSUIDSGID=ee
- SystemCallFilter=
- SystemCallArchitectures=nwaafọ
isi: opennet.ru