Iprojekthi ye-Openwall ipapashe ukukhutshwa kwemodyuli ye-kernel LKRG 0.9.2 (i-Linux Kernel Runtime Guard), eyenzelwe ukufumanisa kunye nokuthintela ukuhlaselwa kunye nokuphulwa kwengqibelelo yezakhiwo zekernel. Ngokomzekelo, imodyuli inokukhusela kwiinguqu ezingagunyaziswanga kwi-kernel esebenzayo kwaye izama ukutshintsha iimvume zeenkqubo zomsebenzisi (ukubona ukusetyenziswa kwezinto ezisetyenziswayo). Imodyuli ifanelekile zombini ukulungiselela ukhuseleko ngokuchasene nokuxhaphaza sele bekwaziwa ubuthathaka be-Linux kernel (umzekelo, kwiimeko apho kunzima ukuhlaziya i-kernel kwinkqubo), kunye nokubala ukuxhaphaza ngenxa yobuthathaka obungaziwa. Ikhowudi yeprojekthi isasazwa phantsi kwelayisensi ye-GPLv2. Unokufunda malunga neempawu zokuphunyezwa kwe-LKRG kwisibhengezo sokuqala seprojekthi.
Phakathi kotshintsho kwinguqulelo entsha:
- Ukuhambelana kunikezelwa ngee-Linux kernels ukusuka kwi-5.14 ukuya kwi-5.16-rc, kunye nohlaziyo lwe-LTS kernels 5.4.118+, 4.19.191+ kunye ne-4.14.233+.
- Inkxaso eyongeziweyo yolungelelwaniso lweCONFIG_SECCOM.
- Inkxaso eyongeziweyo ye "nolkrg" iparameter yekernel yokuvala iLKRG ngexesha lokuqalisa.
- Kulungiswe ubuxoki ngenxa yemeko yogqatso xa kusenziwa i-SECCOMP_FILTER_FLAG_TSYNC.
- Ukuphucula ukukwazi ukusebenzisa iCONFIG_HAVE_STATIC_CALL ukuseta kwiLinux kernels 5.10+ ukubhloka iimeko zogqatso xa ukhulula ezinye iimodyuli.
- Amagama eemodyuli ezivaliweyo xa usebenzisa i-lkrg.block_modules=1 useto agcinwa kwilog.
- Ukubekwa okuphunyeziweyo koseto lwe-sysctl kwifayile /etc/sysctl.d/01-lkrg.conf
- Ifayile yoqwalaselo eyongeziweyo ye-dkms.conf yenkqubo ye-DKMS (i-Dynamic Kernel Module Support) esetyenziselwa ukwakha iimodyuli zeqela lesithathu emva kohlaziyo lwe-kernel.
- Inkxaso ephuculweyo nehlaziyiweyo yolwakhiwo lophuhliso kunye neenkqubo eziqhubekayo zokudityaniswa.
umthombo: opennet.ru