ProHoster > Blog > litaba tsa inthanete > Fedora 40 e rera ho nolofalletsa ho itšehla thajana ha litšebeletso tsa sistimi

Fedora 40 e rera ho nolofalletsa ho itšehla thajana ha litšebeletso tsa sistimi

Tokollo ea Fedora 40 e fana ka maikutlo a ho nolofalletsa litlhophiso tsa ho itšehla thajana bakeng sa lits'ebeletso tsa sistimi tse nolofalitsoeng ka boiketsetso, hammoho le lits'ebeletso tse nang le lits'ebetso tsa bohlokoa joalo ka PostgreSQL, Apache httpd, Nginx, le MariaDB. Ho lebeletsoe hore phetoho e tla eketsa haholo ts'ireletso ea kabo ho tlhophiso ea kamehla 'me e tla etsa hore ho khonehe ho thibela bofokoli bo sa tsejoeng litšebeletsong tsa tsamaiso. Tlhahiso ha e e-s'o nahanoe ke FESCo (Komiti ea Tsamaiso ea Boenjiniere ea Fedora), e ikarabellang bakeng sa karolo ea botekgeniki ea nts'etsopele ea phepelo ea Fedora. Tlhahiso e ka boela ea hanoa nakong ea ts'ebetso ea tlhahlobo ea sechaba.

Litlhophiso tse khothalelitsoeng ho lumella:

  • PrivateTmp=e - e fana ka li-directory tse arohaneng tse nang le lifaele tsa nakoana.
  • ProtectSystem = e / e tletse / e thata - kenya sistimi ea faele ka mokhoa oa ho bala feela (ka "fell" mode - / joalo-joalo/, ka mokhoa o thata - lits'ebetso tsohle tsa faele ntle le / dev /, /proc/ le / sys/).
  • ProtectHome=e-e hana phihlello ea libuka tsa lapeng tsa basebelisi.
  • PrivateDevices = e - ho siea phihlello feela ho / dev / null, / dev / zero le / dev / ka tšohanyetso
  • ProtectKernelTunables=e - phihlello ea ho bala feela ho /proc/sys/, /sys/, /proc/acpi, /proc/fs, /proc/irq, joalo-joalo.
  • ProtectKernelModules=e - thibela ho kenya li-module tsa kernel.
  • ProtectKernelLogs=e - e thibela ho fihlella buffer ka kernel logs.
  • ProtectControlGroups=e - phihlello ya ho bala feela ho /sys/fs/cgroup/
  • NoNewPrivileges=e - e thibelang ho phahamisoa ha litokelo ka lifolakha tsa setuid, setgid le bokhoni.
  • PrivateNetwork=e - ho beoa sebakeng se arohaneng sa mabitso a marang-rang a marang-rang.
  • ProtectClock=e—thibela ho fetola nako.
  • ProtectHostname=e - e thibela ho fetola lebitso la moamoheli.
  • ProtectProc=sa bonahaleng - ho pata lits'ebetso tsa batho ba bang ho /proc.
  • Mosebedisi= - fetola mosebedisi

Ho feta moo, o ka nahana ho lumella litlhophiso tse latelang:

  • CapabilityBoundingSet=
  • DevicePolicy=kwetswe
  • KeyringMode=poraefete
  • LockPersonality=e
  • MemoryDenyWriteExecute=e
  • PrivateUsers=ee
  • TlosaIPC=e
  • RestrictAddressFamilies=
  • RestrictNamespaces=ee
  • RestrictRealtime=e
  • RestrictSUIDSGID=e
  • SystemCallFilter=
  • SystemCallArchitectures=ea tlhaho

Source: opennet.ru

Eketsa ka tlhaloso