ProHoster > Blog > internet nhau > Firejail 0.9.62 Application Isolation Release

Firejail 0.9.62 Application Isolation Release

Mushure memwedzi mitanhatu yebudiriro inowanikwa kuburitswa kweprojekiti Firejail 0.9.62, mukati meiyo sisitimu iri kugadzirwa kuti iite yega yegraphical, console uye server application. Kushandisa Firejail kunobvumira kuti udzikise njodzi yekukanganisa iyo huru sisitimu kana uchimhanya usingavimbike kana zvingangoita zvirongwa zvine njodzi. Chirongwa chakanyorwa mumutauro weC, inoparadzirwa ne ine rezenisi pasi peGPLv2 uye inogona kushanda pane chero kugoverwa Linux ine kernel yekare kupfuura 3.0. Mapakeji akagadzirwa neFirejail yakagadzirirwa mumafomu edeb (Debian, Ubuntu) uye rpm (CentOS, Fedora).

Zvekuzviparadzanisa nevamwe muFirejail zvinoshandiswa nzvimbo dzemazita, AppArmor, uye kusefa mafoni ehurongwa (seccomp-bpf) mu LinuxKana yangotangwa, purogiramu nemapurogiramu ayo ese evana anoshandisa zviratidzo zvakasiyana zvezviwanikwa zvekernel, zvakaita se network stack, process table, uye mount points. Mapurogiramu anoenderana anogona kubatanidzwa kuita sandbox imwe chete yakagovaniswa. Firejail inogonawo kushandiswa kumhanyisa midziyo yeDocker, LXC, uye OpenVZ.

Kusiyana nemidziyo yekuisa midziyo, firejail yakanyanya nyore mukugadzirisa uye hazvidi kugadzirirwa kwemufananidzo wesistimu - chimiro chemudziyo chinoumbwa pane nhunzi zvichienderana nezviri mukati meiyo yazvino faira system uye inobviswa mushure mekunge chikumbiro chapera. Flexible nzira dzekuisa mitemo yekuwana kune iyo faira system inopihwa; iwe unogona kuona kuti ndeapi mafaera nemadhairekitori anotenderwa kana kurambidzwa kupinda, batanidza yenguva faira masisitimu (tmpfs) yedata, ganhurira kuwana mafaera kana madhairekitori ekuverenga-chete, sanganisa madhairekitori kuburikidza. sunga-gomo uye overlayfs.

Kune nhamba huru yezvikumbiro zvakakurumbira, kusanganisira Firefox, Chromium, VLC uye Transmission, yakagadzirira-yakagadzirwa. profiles system call isolation. Kuti uwane maropafadzo anodiwa kumisikidza sandboxed nharaunda, iyo firejail inogadziriswa inoiswa neiyo SUID mudzi mureza (maropafadzo anoiswa patsva mushure mekutanga). Kumhanyisa chirongwa mune yekuzviparadzanisa nevamwe, ingo tsanangura zita rekushandisa senharo kune iyo firejail utility, semuenzaniso, "firejail firefox" kana "sudo firejail /etc/init.d/nginx kutanga".

Mukuburitswa kutsva:

  • Mune faira rekugadzirisa /etc/firejail/firejail.config akawedzera faira-copy-limit setting, iyo inokutendera iwe kudzikamisa saizi yemafaira anozokopwa mundangariro kana uchishandisa "--yakavanzika-*" sarudzo (nekusagadzika muganho unoiswa ku500MB).
  • Matemplate ekugadzira matsva ekurambidza maprofiles akawedzerwa kune /usr/share/doc/firejail directory.
  • Profiles inobvumira kushandiswa kwevagadziri.
  • Yakavandudzwa kusefa kwemafoni esystem uchishandisa iyo secomp mechanism.
  • Kuona otomatiki kwemuumbi wemureza kunopihwa.
  • Iyo chroot kufona haichaitwe zvichibva munzira, asi kushandisa mapoinzi ekumisikidza zvichienderana nefaira descriptor.
  • Iyo /usr/share dhairekitori yakacheneswa nemaprofile akasiyana.
  • Manyoro matsva emubatsiri gdb-firejail.sh uye sort.py awedzerwa kuchikamu checonrib.
  • Yakasimbiswa dziviriro padanho rekuuraya rekodhi yakasarudzika (SUID).
  • Kune maprofile, mitsva ine hunhu HAS_X11 uye HAS_NET yakashandiswa kutarisa kuvepo kweX server uye network kuwana.
  • Akawedzera maprofile ekutanga ega ega application (iyo yese nhamba yemaprofile yakawedzera kusvika 884):
    • i2p,
    • tor-browser (AUR),
    • Zulip,
    • rsync
    • chiratidzo-cli
    • tcpdump
    • shark,
    • qgis
    • OpenArena,
    • godot,
    • klatexformula,
    • klatexformula_cmdl,
    • links
    • xlinks,
    • pandoc
    • zvikwata-zve-linux,
    • gnome-sound-rekodha,
    • newsbeuter,
    • keepassxc-cli,
    • keeppassxc-proxy,
    • rhythmbox-client,
    • jerry
    • shungu,
    • mpg123,
    • kunyengerera,
    • mpg123.bin,
    • mpg123-alsa,
    • mpg123-id3dump,
    • kunze123,
    • mpg123-jack,
    • mpg123-nas,
    • mpg123-yakavhurika,
    • mpg123-oss,
    • mpg123-portaudio,
    • mpg123-pulse,
    • mpg123-strip,
    • pavucontrol-qt,
    • gnome-mavara,
    • gnome-character-mepu,
    • Whalebird
    • tb-starter-wrapper,
    • bzcat,
    • kiwix-desktop,
    • bzcat,
    • zstd,
    • pzstd,
    • zstdcat,
    • zstdgrep,
    • zstdless,
    • zstdmt,
    • unzstd,
    • ar,
    • gnome-latex,
    • pngquant
    • Calgebra
    • kalgebramobile,
    • amuled
    • kfind,
    • kutuka
    • rekodhi rekodhi,
    • cameramonitor
    • ddgtk
    • dhirowa,
    • unf,
    • gmpc,
    • electron-mail,
    • pfungwa
    • gist-paste.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster