ProHoster > Блог > ozi ịntanetị > Mwepụta nke Sistemụ Mwepu Ngwa Firejail 0.9.60

Mwepụta nke Sistemụ Mwepu Ngwa Firejail 0.9.60

Hụrụ ọkụ ntọhapụ oru ngo Ụlọ ọkụ ọkụ 0.9.60, n'ime nke a na-emepụta usoro maka mkpochapụ dịpụrụ adịpụ nke eserese, ngwa njikwa na ngwa nkesa. Iji Firejail na-enye gị ohere ibelata ihe ize ndụ nke imebi usoro isi mgbe ị na-eme mmemme enweghị ntụkwasị obi ma ọ bụ nke nwere ike ịdaba. Edere mmemme ahụ n'asụsụ C, kesara site nyere ikike n'okpuru GPLv2 ma nwee ike ịgba ọsọ na nkesa Linux ọ bụla yana kernel tọrọ 3.0. Ngwa dị njikere na Firejail kwadebere na deb (Debian, Ubuntu) na rpm (CentOS, Fedora) usoro.

Maka iche na Firejail eji oghere aha, AppArmor, na nzacha oku sistemụ (seccomp-bpf) na Linux. Ozugbo emepere ya, mmemme na usoro ụmụaka ya niile na-eji echiche dị iche iche gbasara akụrụngwa kernel, dị ka nchịkọta netwọkụ, tebụl nhazi, na ebe ugwu. Enwere ike ijikọ ngwa ndị dabere na ibe ha n'otu igbe ájá. Ọ bụrụ na achọrọ, Firejail nwekwara ike iji Docker, LXC na OpenVZ.

N'adịghị ka ngwaọrụ mkpuchi akpa, firejail dị oke egwu dị mfe na nhazi na ọ dịghị achọ nkwadebe nke ihe oyiyi usoro - a na-emepụta ihe mejupụtara akpa na ofufe dabere na ọdịnaya nke usoro faịlụ dị ugbu a ma kpochapụ ya mgbe emechara ngwa ahụ. A na-enye ụzọ mgbanwe iji tinye iwu ịnweta usoro faịlụ; ị nwere ike ikpebi faịlụ na akwụkwọ ndekọ aha anabatara ma ọ bụ jụ ịnweta, jikọọ sistemụ faịlụ nwa oge (tmpfs) maka data, kpachie ohere ịnweta faịlụ ma ọ bụ akwụkwọ ndekọ aha ka ị gụọ naanị, jikọta akwụkwọ ndekọ aha site na. kechie-ugwu na overlayfs.

Maka ọnụ ọgụgụ buru ibu nke ngwa ewu ewu, gụnyere Firefox, Chromium, VLC na nnyefe, emebere ya profaịlụ usoro oku iche. Iji mee mmemme na ọnọdụ kewapụrụ onwe ya, kọwaa naanị aha ngwa ahụ ka ọ bụrụ arụmụka maka ụlọ ọrụ firejail, dịka ọmụmaatụ, “firejail firefox” ma ọ bụ “sudo firejail /etc/init.d/nginx start”.

Na mwepụta ọhụrụ:

  • Edozila adịghị ike nke na-enye ohere ka usoro ọjọọ gafere usoro mmachi oku sistemu. Isi ihe adịghị ike bụ na a na-eṅomi ihe nzacha Seccomp na ndekọ /run/firejail/mnt, nke a na-ede n'ime ebe dịpụrụ adịpụ. Usoro obi ọjọọ na-agba ọsọ na ọnọdụ dịpụrụ adịpụ nwere ike gbanwee faịlụ ndị a, nke ga-eme ka usoro ọhụrụ na-agba ọsọ n'otu gburugburu ebe a na-egbu na-enweghị itinye nzacha oku usoro;
  • Ihe nzacha ebe nchekwa-deny-write-execute na-achọpụta na akpọchiela oku “memfd_create”;
  • agbakwunyere nhọrọ ọhụrụ "private-cwd" iji gbanwee akwụkwọ ndekọ aha maka nga;
  • agbakwunyere "-nodbus" nhọrọ iji gbochie oghere D-Bus;
  • Nkwado eweghachiri maka CentOS 6;
  • Akwụsịla nkwado maka ngwugwu n'ụdị elupak и snap.
    Kpọpụtarana ngwugwu ndị a kwesịrị iji ngwá ọrụ nke ha;

  • Agbakwunyela profaịlụ ọhụrụ iji kewapụ mmemme 87 ọzọ, gụnyere mypaint, nano, xfce4-mixer, gnome-keyring, redshift, font-manager, gconf-editor, gsettings, freeciv, lincity-ng, openttd, torcs, tremulous, warsow, freemind, kid3, freecol, opencity, utox, freeoffice-planmaker, freeoffice- ngosi, freeoffice-textmaker, inkview, meteo-qt, ktuch, yelp na cantata.

isi: opennet.ru

Tinye a comment