Wutar wuta Tsarin tsari ne wanda ke haɓaka tsarin aiwatar da aikace-aikacen hoto, na'ura mai kwakwalwa da kuma sabar. Amfani da Firejail yana rage haɗarin lalata tsarin babba yayin gudanar da shirye-shiryen abin dogaro ko mai yuwuwa. An rubuta shirin a cikin C, an rarraba shi a ƙarƙashin lasisin GPLv2 kuma yana iya aiki akan kowane rarraba Linux.
Wutar wuta yana amfani da sararin suna, AppArmor, da kuma tsarin kiran tsarin (seccomp-bpf) akan Linux don warewa. Da zarar an fara, shirin da duk matakan yaransa suna amfani da wakilcin keɓaɓɓun albarkatun kernel, kamar su tsarin cibiyar sadarwa, teburin tsari, da wuraren hawa.
Za'a iya haɗa aikace-aikacen dogaro a cikin sandbox gama gari. Idan ana so, ana iya amfani da Firejail don fara kwantena Docker, LXC, da OpenVZ.
Game da Firejail
Ba kamar kayan aikin rufi ba, Firejail yana da sauƙin sauƙi don daidaitawa kuma baya buƙatar shirye-shiryen hoto: an ƙirƙira abun da ke cikin akwatin bisa abubuwan da ke cikin tsarin fayil ɗin yanzu kuma ana cire su bayan aikace-aikacen ya ƙare.
Se - samar da kayan aiki masu sassauƙa don saita dokokin samun damar tsarin fayil, Kuna iya tantance waɗanne fayiloli da kundin adireshi waɗanda aka hana ko hana su, haɗa tsarin fayil na wucin gadi (tmpfs) don bayanai, ƙuntata damar karanta kawai ga fayiloli ko kundayen adireshi, haɗa kanun adireshi ta amfani da ɗaurawa da ƙari.
Don adadi mai yawa na shahararrun aikace-aikace, gami da Firefox, Chromium, VLC da sauransu, an shirya bayanan martabar keɓewar kira daga akwatin.
Don samun damar da ake buƙata don kafa sandbox, ana shigar da wuta mai kashe wuta tare da tutar asalin SUID (bayan farawa, an sake saita gatan).
Menene sabo a Firejail 0.9.62?
A cikin wannan sabon sigar an haskaka cewa ya zo tare da ƙarin bayanan martaba waɗanda aka kara don farawa app keɓance wanda jimlar bayanan martaba ya kai 884.
Bayan shi an kara saitin iyakokin kwafi don daidaita fayil /etc/firejail/firejail.config, Wannan yana ba ka damar iyakance girman fayilolin da za a kwafa zuwa ƙwaƙwalwa ta amfani da zaɓuɓɓukan "–private- *" (a tsora, an saita iyaka zuwa 500MB).
Yanzu ana yin kiran chroot ba bisa dogaro da hanyar ba, amma a maimakon haka yana amfani da matakan hawa bisa ga mai bayanin fayil.
Daga wasu canje-canje:
- A cikin bayanan martaba, an ba da izinin lalata.
- Inganta tace tsarin kira ta amfani da tsarin seccomp.
- An samar da atomatik gano tutocin mai tarawa.
- Adireshin / usr / share ana amfani dasu don ƙarin bayanan martaba.
- Sabbin rubutun mataimaka gdb-firejail.sh da sort.py an kara su zuwa sashin hadawa.
- Ingantaccen kariya a cikin matakan zartar da lambar zartarwa (SUID).
- Don bayanan martaba, ana aiwatar da sababbin alamomin HAS_X11 da HAS_NET don tabbatar da kasancewar uwar garken X da kuma isa ga hanyar sadarwar.
Yadda ake girka Firejail akan Linux?
Ga waɗanda suke da sha'awar iya shigar da Firejail akan rarraba Linux, za su iya yin ta bin umarnin cewa muna raba a kasa.
Akan Debian, Ubuntu da abubuwan banbanci shigarwa abu ne mai sauki tunda suna iya girka Firejail daga rumbun adana bayanai na rarrabawa ko kuma za su iya zazzage fakitin bashi daga tushe.
Dangane da zaɓin shigarwa daga wuraren ajiya, kawai buɗe tashar kuma aiwatar da umarnin mai zuwa:
sudo apt-get install firejail
Ko kuma idan sun yanke shawarar zazzage abubuwan fakitin, zasu iya girkawa tare da manajan kunshin da suka fi so ko daga tashar tare da umarnin:
sudo dpkg -i firejail_0.9.62_1*.deb
Duk da yake don batun Arch Linux da abubuwan da suka samo asali daga wannan, kawai gudu:
sudo pacman -S firejail
Game da shari'ar Fedora, RHEL, CentOS, OpenSUSE ko kowane sauran distro tare da tallafi don kunshin rpm na iya samun fakitin daga mahada mai zuwa.
Kuma an yi shigarwa tare da:
sudo rpm -i firejail-0.9.62-1.x86_64.rpm
sanyi
Da zarar an gama girkawa, yanzu zamu saita sandbox kuma dole ne a kunna AppArmor.
Daga tashar da za mu buga:
sudo firecfg sudo apparmor_parser -r /etc/apparmor.d/firejail-default
Don sanin amfani da hadewarta zaka iya tuntubar jagorarta A cikin mahaɗin mai zuwa.