ProHoster > Blog > internet nhau > Firejail 0.9.62 Application Isolation Release

Firejail 0.9.62 Application Isolation Release

Mushure memwedzi mitanhatu yebudiriro inowanikwa kuburitswa kweprojekiti Firejail 0.9.62, mukati meiyo sisitimu iri kugadzirwa kuti iite yega yegraphical, console uye server application. Kushandisa Firejail kunobvumira kuti udzikise njodzi yekukanganisa iyo huru sisitimu kana uchimhanya usingavimbike kana zvingangoita zvirongwa zvine njodzi. Chirongwa chakanyorwa mumutauro weC, inoparadzirwa ne ine rezinesi pasi peGPLv2 uye inogona kumhanya pane chero Linux kugovera ine kernel yakakura kupfuura 3.0. Yakagadzirirwa-yakagadzirwa mapakeji neFirejail yakagadzirirwa mu deb (Debian, Ubuntu) uye rpm (CentOS, Fedora) mafomati.

Zvekuzviparadzanisa nevamwe muFirejail zvinoshandiswa namespaces, AppArmor, uye system yekufona kusefa (seccomp-bpf) muLinux. Kana yangotangwa, chirongwa uye ese maitirwo emwana anoshandisa maonero akasiyana ezviwanikwa zve kernel, senge network stack, process table, uye mount point. Zvishandiso zvinoenderana nemumwe zvinogona kusanganiswa kuita bhokisi rejecha rakajairika. Kana zvichidikanwa, Firejail inogona zvakare kushandiswa kumhanya Docker, LXC uye OpenVZ midziyo.

Kusiyana nemidziyo yekuisa midziyo, firejail yakanyanya nyore mukugadzirisa uye hazvidi kugadzirirwa kwemufananidzo wesistimu - chimiro chemudziyo chinoumbwa pane nhunzi zvichienderana nezviri mukati meiyo yazvino faira system uye inobviswa mushure mekunge chikumbiro chapera. Flexible nzira dzekuisa mitemo yekuwana kune iyo faira system inopihwa; iwe unogona kuona kuti ndeapi mafaera nemadhairekitori anotenderwa kana kurambidzwa kupinda, batanidza yenguva faira masisitimu (tmpfs) yedata, ganhurira kuwana mafaera kana madhairekitori ekuverenga-chete, sanganisa madhairekitori kuburikidza. sunga-gomo uye overlayfs.

Kune nhamba huru yezvikumbiro zvakakurumbira, kusanganisira Firefox, Chromium, VLC uye Transmission, yakagadzirira-yakagadzirwa. profiles system call isolation. Kuti uwane maropafadzo anodiwa kumisikidza sandboxed nharaunda, iyo firejail inogadziriswa inoiswa neiyo SUID mudzi mureza (maropafadzo anoiswa patsva mushure mekutanga). Kumhanyisa chirongwa mune yekuzviparadzanisa nevamwe, ingo tsanangura zita rekushandisa senharo kune iyo firejail utility, semuenzaniso, "firejail firefox" kana "sudo firejail /etc/init.d/nginx kutanga".

Mukuburitswa kutsva:

  • Mune faira rekugadzirisa /etc/firejail/firejail.config akawedzera faira-copy-limit setting, iyo inokutendera iwe kudzikamisa saizi yemafaira anozokopwa mundangariro kana uchishandisa "--yakavanzika-*" sarudzo (nekusagadzika muganho unoiswa ku500MB).
  • Matemplate ekugadzira matsva ekurambidza maprofiles akawedzerwa kune /usr/share/doc/firejail directory.
  • Profiles inobvumira kushandiswa kwevagadziri.
  • Yakavandudzwa kusefa kwemafoni esystem uchishandisa iyo secomp mechanism.
  • Kuona otomatiki kwemuumbi wemureza kunopihwa.
  • Iyo chroot kufona haichaitwe zvichibva munzira, asi kushandisa mapoinzi ekumisikidza zvichienderana nefaira descriptor.
  • Iyo /usr/share dhairekitori yakacheneswa nemaprofile akasiyana.
  • Manyoro matsva emubatsiri gdb-firejail.sh uye sort.py awedzerwa kuchikamu checonrib.
  • Yakasimbiswa dziviriro padanho rekuuraya rekodhi yakasarudzika (SUID).
  • Kune maprofile, mitsva ine hunhu HAS_X11 uye HAS_NET yakashandiswa kutarisa kuvepo kweX server uye network kuwana.
  • Akawedzera maprofile ekutanga ega ega application (iyo yese nhamba yemaprofile yakawedzera kusvika 884):
    • i2p,
    • tor-browser (AUR),
    • Zulip,
    • rsync
    • chiratidzo-cli
    • tcpdump
    • shark,
    • qgis
    • OpenArena,
    • godot,
    • klatexformula,
    • klatexformula_cmdl,
    • links
    • xlinks,
    • pandoc
    • zvikwata-zve-linux,
    • gnome-sound-rekodha,
    • newsbeuter,
    • keepassxc-cli,
    • keeppassxc-proxy,
    • rhythmbox-client,
    • jerry
    • shungu,
    • mpg123,
    • kunyengerera,
    • mpg123.bin,
    • mpg123-alsa,
    • mpg123-id3dump,
    • kunze123,
    • mpg123-jack,
    • mpg123-nas,
    • mpg123-yakavhurika,
    • mpg123-oss,
    • mpg123-portaudio,
    • mpg123-pulse,
    • mpg123-strip,
    • pavucontrol-qt,
    • gnome-mavara,
    • gnome-character-mepu,
    • Whalebird
    • tb-starter-wrapper,
    • bzcat,
    • kiwix-desktop,
    • bzcat,
    • zstd,
    • pzstd,
    • zstdcat,
    • zstdgrep,
    • zstdless,
    • zstdmt,
    • unzstd,
    • ar,
    • gnome-latex,
    • pngquant
    • Calgebra
    • kalgebramobile,
    • amuled
    • kfind,
    • kutuka
    • rekodhi rekodhi,
    • cameramonitor
    • ddgtk
    • dhirowa,
    • unf,
    • gmpc,
    • electron-mail,
    • pfungwa
    • gist-paste.

Source: opennet.ru

Voeg