Isingeniso
Ukuhlinzeka ngezinga elengeziwe lokuphepha kweseva, ungasebenzisa ukusatshalaliswa kokufinyelela. Le ncwadi izochaza ukuthi ungayisebenzisa kanjani i-apache ejele ngokufinyelela lezo zingxenye ezidinga ukufinyelela kwe-apache ne-php ukuze zisebenze kahle. Usebenzisa lesi simiso, awukwazi ukukhawulela i-Apache kuphela, kodwa nanoma yisiphi esinye isitaki.
Training
Le ndlela ifaneleka kuphela ohlelweni lwefayela le-ufs; kulesi sibonelo, ama-zfs azosetshenziswa ohlelweni oluyinhloko, nama-ufs ejele, ngokulandelana. Isinyathelo sokuqala ukwakha kabusha i-kernel; lapho ufaka i-FreeBSD, faka ikhodi yomthombo.
Ngemva kokufakwa kwesistimu, hlela ifayela:
/usr/src/sys/amd64/conf/GENERIC
Udinga kuphela ukwengeza umugqa owodwa kuleli fayela:
options MAC_MLS
Ilebula ye-mls/high izoba nendawo evelele phezu kwelebula elithi mls/low, izinhlelo zokusebenza ezizoqaliswa ngelebula elithi mls/low ngeke zikwazi ukufinyelela amafayela anama- mls/high ilebula. Imininingwane eyengeziwe mayelana nabo bonke omaka abatholakalayo ohlelweni lwe-FreeBSD ingatholakala kulokhu .
Okulandelayo, iya ku-directory /usr/src:
cd /usr/src
Ukuze uqale ukwakha i-kernel, sebenzisa (kukhiye we-j, cacisa inani lama-cores ohlelweni):
make -j 4 buildkernel KERNCONF=GENERIC
Ngemuva kokuthi i-kernel isihlanganisiwe, kufanele ifakwe:
make installkernel KERNCONF=GENERIC
Ngemuva kokufaka i-kernel, ungasheshi ukuqalisa kabusha uhlelo, ngoba kudingekile ukudlulisela abasebenzisi ekilasini lokungena, usuyilungiselele ngaphambilini. Hlela ifayela /etc/login.conf, kuleli fayela udinga ukuhlela ikilasi lokungena elizenzakalelayo, ulilethe efomini:
default:
:passwd_format=sha512:
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:
:nologin=/var/run/nologin:
:cputime=unlimited:
:datasize=unlimited:
:stacksize=unlimited:
:memorylocked=64K:
:memoryuse=unlimited:
:filesize=unlimited:
:coredumpsize=unlimited:
:openfiles=unlimited:
:maxproc=unlimited:
:sbsize=unlimited:
:vmemoryuse=unlimited:
:swapuse=unlimited:
:pseudoterminals=unlimited:
:kqueues=unlimited:
:umtxp=unlimited:
:priority=0:
:ignoretime@:
:umask=022:
:label=mls/equal:
Ulayini :label=mls/equal uzovumela abasebenzisi abangamalungu aleli klasi ukuthi bafinyelele amafayela amakwe nganoma iyiphi ilebula (mls/low, mls/high). Ngemuva kwalokhu kukhohlisa, udinga ukwakha kabusha isizindalwazi bese ubeka umsebenzisi wempande (kanye nalabo abayidingayo) kuleli klasi lokungena:
cap_mkdb /etc/login.conf
pw usermod root -L default
Ukuze inqubomgomo isebenze kuphela kumafayela, udinga ukuhlela ifayela /etc/mac.conf, ushiye umugqa owodwa kuphela kulo:
default_labels file ?mls
Udinga futhi ukwengeza imojula ye-mac_mls.ko ku-autorun:
echo 'mac_mls_load="YES"' >> /boot/loader.conf
Ngemva kwalokhu, ungakwazi ukuqalisa kabusha uhlelo ngokuphepha. Indlela yokudala Ungayifunda kwenye yezincwadi zami. Kodwa ngaphambi kokudala ijele, udinga ukwengeza i-hard drive futhi udale uhlelo lwefayela kuyo futhi unike amandla amalebula amaningi kuyo, udale uhlelo lwefayela le-ufs2 ngosayizi weqoqo ongu-64kb:
newfs -O 2 -b 64kb /dev/ada1
tunefs -l enable /dev/ada1
Ngemuva kokudala uhlelo lwefayela nokwengeza i-multilabel, udinga ukwengeza i-hard drive ku-/etc/fstab, engeza umugqa kuleli fayela:
/dev/ada1 /jail ufs rw 0 1
E-Mountpoint, cacisa uhla lwemibhalo lapho uzofaka khona i-hard drive; ku-Pass, qiniseka ukuthi ucacisa 1 (i-hard drive izohlolwa ngakuphi ukulandelana) - lokhu kuyadingeka, njengoba uhlelo lwefayela le-ufs luzwela ukunqanyulwa kwamandla okungazelelwe. . Ngemuva kwalezi zinyathelo, faka idiski:
mount /dev/ada1 /jail
Faka ijele kulolu hlu lwemibhalo. Ngemuva kokuthi ijele seliqalile, udinga ukwenza ukukhohlisa okufanayo kulo njengakusistimu enkulu enabasebenzisi kanye namafayela /etc/login.conf, /etc/mac.conf.
Yenza ngokwezifiso
Ngaphambi kokufaka amathegi adingekayo, ngincoma ukuthi ufake wonke amaphakheji adingekayo; kimina, amathegi azosethwa kucatshangelwa lawa maphakheji:
mod_php73-7.3.4_1 PHP Scripting Language
php73-7.3.4_1 PHP Scripting Language
php73-ctype-7.3.4_1 The ctype shared extension for php
php73-curl-7.3.4_1 The curl shared extension for php
php73-dom-7.3.4_1 The dom shared extension for php
php73-extensions-1.0 "meta-port" to install PHP extensions
php73-filter-7.3.4_1 The filter shared extension for php
php73-gd-7.3.4_1 The gd shared extension for php
php73-gettext-7.3.4_1 The gettext shared extension for php
php73-hash-7.3.4_1 The hash shared extension for php
php73-iconv-7.3.4_1 The iconv shared extension for php
php73-json-7.3.4_1 The json shared extension for php
php73-mysqli-7.3.4_1 The mysqli shared extension for php
php73-opcache-7.3.4_1 The opcache shared extension for php
php73-openssl-7.3.4_1 The openssl shared extension for php
php73-pdo-7.3.4_1 The pdo shared extension for php
php73-pdo_sqlite-7.3.4_1 The pdo_sqlite shared extension for php
php73-phar-7.3.4_1 The phar shared extension for php
php73-posix-7.3.4_1 The posix shared extension for php
php73-session-7.3.4_1 The session shared extension for php
php73-simplexml-7.3.4_1 The simplexml shared extension for php
php73-sqlite3-7.3.4_1 The sqlite3 shared extension for php
php73-tokenizer-7.3.4_1 The tokenizer shared extension for php
php73-xml-7.3.4_1 The xml shared extension for php
php73-xmlreader-7.3.4_1 The xmlreader shared extension for php
php73-xmlrpc-7.3.4_1 The xmlrpc shared extension for php
php73-xmlwriter-7.3.4_1 The xmlwriter shared extension for php
php73-xsl-7.3.4_1 The xsl shared extension for php
php73-zip-7.3.4_1 The zip shared extension for php
php73-zlib-7.3.4_1 The zlib shared extension for php
apache24-2.4.39
Kulesi sibonelo, amalebula azosethwa kucatshangelwa ukuncika kwalawa maphakheji. Kunjalo, ungakwenza kube lula: kufolda /usr/local/lib kanye namafayela atholakala kulolu hlu lwemibhalo, setha amalebula ama-ml/low namaphakheji afakiwe alandelayo (isibonelo, izandiso ezengeziwe ze-php) zizokwazi ukufinyelela. imitapo yolwazi kulolu hlu lwemibhalo, kodwa kubonakala kungcono kimina ukunikeza ukufinyelela kulawo mafayela adingekayo kuphela. Misa ijele futhi usethe ama-ml/amalebula aphezulu kuwo wonke amafayela:
setfmac -R mls/high /jail
Lapho kusetha amamaki, inqubo izomiswa uma i-setfmac ihlangana nezixhumanisi eziqinile, esibonelweni sami ngisuse izixhumanisi eziqinile kuzinkomba ezilandelayo:
/var/db/etcupdate/current/
/var/db/etcupdate/current/etc
/var/db/etcupdate/current/usr/share/openssl/man/en.ISO8859-15
/var/db/etcupdate/current/usr/share/man/en.ISO8859-15
/var/db/etcupdate/current/usr/share/man/en.UTF-8
/var/db/etcupdate/current/usr/share/nls
/etc/ssl
/usr/local/etc
/usr/local/etc/fonts/conf.d
/usr/local/openssl
Ngemuva kokuthi amalebula esethiwe, udinga ukusetha amalebula we-mls/low we-apache, into yokuqala okudingeka uyenze ukuthola ukuthi yimaphi amafayela adingekayo ukuze uqale i-apache:
ldd /usr/local/sbin/httpd
Ngemva kokwenza lo myalo, okuncikile kuzovezwa esikrinini, kodwa ukusetha amalebula adingekayo kulawa mafayela ngeke kwanele, njengoba izinkomba lapho lawa mafayela atholakala khona zinelebula elithi mls/high, ngakho lezi zinkomba nazo zidinga ukulebula. mls/phansi. Uma uqala, i-apache izophinde ikhiphe amafayela adingekayo ukuze isebenze, futhi nge-php lezi zincika zingatholakala kulogi ye-httpd-error.log.
setfmac mls/low /
setfmac mls/low /usr/local/lib/libpcre.so.1
setfmac mls/low /usr/local/lib/libaprutil-1.so.0
setfmac mls/low /usr/local/lib/libdb-5.3.so.0
setfmac mls/low /usr/local/lib/libgdbm.so.6
setfmac mls/low /usr/local/lib/libexpat.so.1
setfmac mls/low /usr/local/lib/libapr-1.so.0
setfmac mls/low /lib/libcrypt.so.5
setfmac mls/low /lib/libthr.so.3
setfmac mls/low /lib/libc.so.7
setfmac mls/low /usr/local/lib/libintl.so.8
setfmac mls/low /var
setfmac mls/low /var/run
setfmac mls/low /var/log
setfmac mls/low /var/log/httpd-access.log
setfmac mls/low /var/log/httpd-error.log
setfmac mls/low /var/run/httpd.pid
setfmac mls/low /lib
setfmac mls/low /lib/libcrypt.so.5
setfmac mls/low /usr/local/lib/db5/libdb-5.3.so.0
setfmac mls/low /usr/local/lib/db5/libdb-5.3.so.0.0.0
setfmac mls/low /usr/local/lib/db5
setfmac mls/low /usr/local/lib
setfmac mls/low /libexec
setfmac mls/low /libexec/ld-elf.so.1
setfmac mls/low /dev
setfmac mls/low /dev/random
setfmac mls/low /usr/local/libexec
setfmac mls/low /usr/local/libexec/apache24
setfmac mls/low /usr/local/libexec/apache24/*
setfmac mls/low /etc/pwd.db
setfmac mls/low /etc/passwd
setfmac mls/low /etc/group
setfmac mls/low /etc/
setfmac mls/low /usr/local/etc
setfmac -R mls/low /usr/local/etc/apache24
setfmac mls/low /usr
setfmac mls/low /usr/local
setfmac mls/low /usr/local/sbin
setfmac mls/low /usr/local/sbin/*
setfmac -R mls/low /usr/local/etc/rc.d/
setfmac mls/low /usr/local/sbin/htcacheclean
setfmac mls/low /var/log/httpd-access.log
setfmac mls/low /var/log/httpd-error.log
setfmac -R mls/low /usr/local/www
setfmac mls/low /usr/lib
setfmac mls/low /tmp
setfmac -R mls/low /usr/local/lib/php
setfmac -R mls/low /usr/local/etc/php
setfmac mls/low /usr/local/etc/php.conf
setfmac mls/low /lib/libelf.so.2
setfmac mls/low /lib/libm.so.5
setfmac mls/low /usr/local/lib/libxml2.so.2
setfmac mls/low /lib/libz.so.6
setfmac mls/low /usr/lib/liblzma.so.5
setfmac mls/low /usr/local/lib/libiconv.so.2
setfmac mls/low /usr/lib/librt.so.1
setfmac mls/low /lib/libthr.so.3
setfmac mls/low /usr/local/lib/libpng16.so.16
setfmac mls/low /usr/lib/libbz2.so.4
setfmac mls/low /usr/local/lib/libargon2.so.0
setfmac mls/low /usr/local/lib/libpcre2-8.so.0
setfmac mls/low /usr/local/lib/libsqlite3.so.0
setfmac mls/low /usr/local/lib/libgd.so.6
setfmac mls/low /usr/local/lib/libjpeg.so.8
setfmac mls/low /usr/local/lib/libfreetype.so
setfmac mls/low /usr/local/lib/libfontconfig.so.1
setfmac mls/low /usr/local/lib/libtiff.so.5
setfmac mls/low /usr/local/lib/libwebp.so.7
setfmac mls/low /usr/local/lib/libjbig.so.2
setfmac mls/low /usr/lib/libssl.so.8
setfmac mls/low /lib/libcrypto.so.8
setfmac mls/low /usr/local/lib/libzip.so.5
setfmac mls/low /etc/resolv.conf
Lolu hlu luqukethe ama-mls/amathegi aphansi awo wonke amafayela adingekayo ukuze kusebenze kahle inhlanganisela ye-apache ne-php (kulawo maphakheji afakwe esibonelweni sami).
Ukuthintwa kokugcina kuzoba ukulungisa ijele ukuthi lisebenze ezingeni le-mls/elilinganayo, kanye ne-apache ezingeni le-mls/eliphansi. Ukuze uqale ijele, udinga ukwenza izinguquko kusikripthi /etc/rc.d/jail, thola imisebenzi ye-jail_start kulesi script, ushintshe umyalo oguquguqukayo ube yifomu:
command="setpmac mls/equal $jail_program"
Umyalo we-setpmac usebenzisa ifayela elisebenzisekayo ezingeni elidingekayo lamandla, kulokhu mls/equal, ukuze ukwazi ukufinyelela wonke amalebula. Ku-apache udinga ukuhlela iskripthi sokuqalisa /usr/local/etc/rc.d/apache24. Shintsha umsebenzi we-apache24_prestart:
apache24_prestart() {
apache24_checkfib
apache24_precmd
eval "setpmac mls/low" ${command} ${apache24_flags}
}
Π Imanuwali iqukethe esinye isibonelo, kodwa angikwazanga ukusisebenzisa ngoba bengilokhu ngithola umlayezo mayelana nokungakwazi ukusebenzisa umyalo we-setpmac.
isiphetho
Le ndlela yokusabalalisa ukufinyelela izokwengeza izinga elingeziwe lokuphepha ku-apache (nakuba le ndlela ifaneleka kunoma yisiphi esinye isitaki), okuyinto ngaphezu kwalokho egijima ejele, ngesikhathi esifanayo, kumlawuli konke lokhu kuzokwenzeka ngokusobala futhi kungabonakali.
Uhlu lwemithombo engisizile ekubhaleni lokhu kushicilelwa:
Source: www.habr.com