ProHoster > Blog > litaba tsa inthanete > Firejail 0.9.62 Kopo e Isolation Release

Firejail 0.9.62 Kopo e Isolation Release

Ka mor'a likhoeli tse tšeletseng tsa tsoelo-pele fumaneha tokollo ea morero Mollo oa mollo 0.9.62, moo ho ntseng ho ntlafatsoa sistimi bakeng sa ts'ebetso e ikhethileng ea lits'ebetso tsa graphical, console le seva. Ho sebelisa Firejail ho u lumella ho fokotsa kotsi ea ho senya tsamaiso ea mantlha ha u sebelisa mananeo a sa tšepahaleng kapa a ka bang kotsi. Lenaneo le ngotsoe ka puo ea C, ajoa ke e nang le laesense tlasa GPLv2 mme e ka tsamaisa phepelo efe kapa efe ea Linux ka kernel ea khale ho feta 3.0. Liphutheloana tse lokiselitsoeng ka Firejail lokisitsoe ka liforomo tsa deb (Debian, Ubuntu) le rpm (CentOS, Fedora).

Bakeng sa ho itšehla thajana ho Firejail sebelisoa libaka tsa mabitso, AppArmor, le ho sefa mehala ea sistimi (seccomp-bpf) ho Linux. Ha e se e thakhotsoe, lenaneo le lits'ebetso tsohle tsa lona tsa bana li sebelisa maikutlo a fapaneng a lisebelisoa tsa kernel, joalo ka stack ea marang-rang, tafole ea ts'ebetso, le lintlha tsa ho phahamisa. Lisebelisoa tse itšetlehileng ka tse ling li ka kopanngoa hore e be sandbox e le 'ngoe e tloaelehileng. Haeba o lakatsa, Firejail e ka boela ea sebelisoa ho tsamaisa lijana tsa Docker, LXC le OpenVZ.

Ho fapana le lisebelisoa tsa ho kenya lisebelisoa, mollo oa mollo o matla haholo e bonolo ka tlhophiso mme ha e hloke ho lokisoa ha setšoantšo sa sistimi - sebopeho sa setshelo se thehoa ka fofa ho latela litaba tsa sistimi ea hajoale ea faele mme se hlakolwa kamora hore kopo e phetheloe. Ho fanoa ka mekhoa e feto-fetohang ea ho beha melao ea phihlello ho sistimi ea faele; o ka tseba hore na ke lifaele life le li-directory tse lumelletsoeng kapa tse hanetsoeng ho fihlella, hokela litsamaiso tsa nakoana tsa faele (tmpfs) bakeng sa data, ho fokotsa phihlello ea lifaele kapa li-directory ho bala feela, ho kopanya li-directory ka ho sebelisa. tlama-thaba le overlayfs.

Bakeng sa palo e kholo ea lits'ebetso tse tsebahalang, ho kenyeletsoa Firefox, Chromium, VLC le Transmission, e seng e lokisitsoe. litlaleho ho itšehla thajana hoa tsamaiso. Ho fumana litokelo tse hlokahalang ho theha tikoloho ea sandboxed, firejail e ka phethisoang e kentsoe le folakha ea motso oa SUID (litokelo li setiloe bocha kamora ho qala). Ho tsamaisa lenaneo ka mokhoa oa ho itšehla thajana, hlalosa feela lebitso la kopo e le khang ho setsi sa mollo oa mollo, mohlala, "firejail firefox" kapa "sudo firejail /etc/init.d/nginx start".

Tokollong e ncha:

  • Ho faele ea tlhophiso /etc/firejail/firejail.config eketsoe file-copy-limit setting, e u lumellang ho fokotsa boholo ba lifaele tse tla kopitsoa mohopolong ha u sebelisa likhetho tsa "--private-*" (ka ho sa feleng moeli o behiloe ho 500MB).
  • Li-template tsa ho theha li-profiles tse ncha tsa lithibelo li kentsoe ho /usr/share/doc/firejail directory.
  • Liprofaele li lumella tšebeliso ea li-debugger.
  • Mokhoa o ntlafalitsoeng oa ho sefa ha mehala ea sistimi o sebelisa mochini oa seccomp.
  • Ho fanoe ka ho iphumanela lifolakha tsa komporo.
  • Pitso ea chroot ha e sa etsoa ho ipapisitsoe le tsela, empa ho sebelisoa lintlha tse holimo ho latela tlhaloso ea faele.
  • Sengoloa sa /usr/share se khethiloe ke lifaele tse fapaneng.
  • Lingoliloeng tse ncha tsa gdb-firejail.sh le sort.py li kentsoe karolong ea conrib.
  • Tšireletso e matlafalitsoeng sethaleng sa ts'ebetso ea khoutu e khethehileng (SUID).
  • Bakeng sa litlaleho, likarolo tse ncha tsa maemo HAS_X11 le HAS_NET li kentsoe ts'ebetsong ho hlahloba boteng ba seva sa X le phihlello ea marang-rang.
  • Liprofaele tse ekelitsoeng bakeng sa ho qala ts'ebeliso e ikhethileng (palo eohle ea lintlha e nyolohetse ho 884):
    • i2p,
    • tor-browser (AUR),
    • Zulip,
    • rsync
    • signal-cli
    • tcpdump
    • tshark,
    • qgis
    • OpenArena,
    • godot,
    • klatexformula,
    • klatexformula_cmdl,
    • likhokahanyo
    • xlinks,
    • pandoc
    • lihlopha bakeng sa linux,
    • sehatisi sa molumo oa gnome,
    • moqolotsi oa litaba,
    • keepassxc-cli,
    • keepassxc-proxy,
    • moreki oa morethetho,
    • jerry
    • cheseho,
    • mpg123,
    • bapala,
    • mpg123.bin,
    • mpg123-alsa,
    • mpg123-id3dump,
    • lilemo tse 123,
    • mpg123-jack,
    • mpg123-nas,
    • mpg123-openal,
    • mpg123-oss,
    • mpg123-portaudio,
    • mpg123-pulse,
    • mpg123-strip,
    • pavucontrol-qt,
    • litlhaku tsa gnome,
    • 'mapa oa litlhaku tsa gnome,
    • Leruarua
    • tb-starter-wrapper,
    • bzcat,
    • kiwix-desktop,
    • bzcat,
    • zstd,
    • pzstd,
    • zstdcat,
    • zstdgrep,
    • zstdless,
    • zstdmt,
    • unzstd,
    • ar,
    • gnome-latex,
    • pngquant
    • calgebra
    • kalgebramobile,
    • hlahletsoe
    • fumana,
    • puo e litšila
    • audio-rekhota,
    • cameramonitor
    • ddgtk
    • setšoantšo,
    • unf,
    • gmpc,
    • lengolo-tsoibila,
    • lintlha
    • qoela.

Source: opennet.ru

Eketsa ka tlhaloso