Firejail 0.9.72 inosvika nekuvandudzwa kwekuchengetedza uye nezvimwe

Darkcrizt

4 maminitsi

firejail_crop

Firejail chirongwa cheSUID chinoderedza njodzi yekutyorwa kwekuchengetedza nekudzora nharaunda yekushandisa application.

Akazivisa kutanga kwe shanduro itsva yeFirejail project 0.9.72, iyo inokura hurongwa hwekuita kwega kwegraphic application, console uye server, iyo inokubvumira kuti uderedze njodzi yekukanganisa iyo huru sisitimu nekumhanyisa kusavimbika kana kungangoita zvirongwa zvine njodzi.

Zvekuzviparadzanisa nevamwe, Firejail shandisa mazita, AppArmor uye system yekufona kusefa (seccomp-bpf) paLinux. Kana yangotanga, chirongwa uye ese maitirwo emwana anoshandisa akaparadzana anomiririra kernel zviwanikwa, senge network stack, process table, uye mount point.

Zvishandiso zvinoenderana nemumwe zvinogona kusanganiswa kuita bhokisi rejecha rakajairika. Kana zvichidikanwa, Firejail inogona zvakare kushandiswa kumhanyisa Docker, LXC, uye OpenVZ midziyo.

Mazhinji emaapps ane mukurumbira, anosanganisira Firefox, Chromium, VLC, uye Transmission, vane pre-yakagadzirirwa system yekufona yekuzviparadzanisa nevamwe. Kuti uwane maropafadzo anodiwa ekumisikidza nzvimbo ine sandboxed, iyo firejail inogadziriswa inoiswa neiyo SUID mudzi wekukurumidza (maropafadzo anoiswa patsva mushure mekutanga). Kumhanyisa chirongwa mune yakasarudzika modhi, ingo tsanangura zita rekushandisa senharo kune firejail utility, semuenzaniso, "firejail firefox" kana "sudo firejail /etc/init.d/nginx start".

Nhau huru dzeFirejail 0.9.72

Mune iyi vhezheni itsva tinogona kuwana izvo yakawedzera seccomp system call sefa kuvhara zvisikwa zvepazita (yakawedzerwa "-restrict-namespaces" sarudzo yekugonesa). Yakagadziridzwa system yekufona matafura uye seccomp mapoka.

mode yave nani manikidza-nonewprivs (NO_NEW_PRIVS) Inovandudza vimbiso dzekuchengetedza uye inotarisirwa kudzivirira maitiro matsva kubva pakuwana mamwe maropafadzo.

Imwe shanduko inomira pachena ndeyekuti kugona kushandisa yako AppArmor profiles yakawedzerwa (iyo sarudzo "-apparmor" inokurudzirwa kubatana).

Tinogona zvakare kuwana izvo iyo nettrace network traffic monitoring system, iyo inoratidza ruzivo nezve IP uye kusimba kwetraffic kero yega yega, inotsigira ICMP uye inopa sarudzo "-dnstrace", "-icmptrace", uye "-snitrace".

Of the dzimwe shanduko dzinomira pachena:

  • Yakabvisa iyo -cgroup uye -shell mirairo (default ndeye -shell = hapana).
  • Firetunnel kuvaka inomira nekukasira.
  • Yakaremara chroot, yakavanzika-lib uye tracelog kumisikidzwa mukati /etc/firejail/firejail.config.
  • Yakabviswa tsigiro yegrsecurity.
  • modif: yakabvisa iyo -cgroup command
  • modif: set --shell=none as default
  • shandura: yakabviswa --shell
  • modif: Firetunnel yakaremara nekumisikidza mu configure.ac
  • modif: yakabviswa gresecurity rutsigiro
  • modif: mira kuvanza mafaira asina kunyorwa mu/etc nekukasira
  • maitiro ekare (akaremara nekusingaperi)
  • gadziriso yebug: mafashama seccomp odhita logi entries
  • bugfix: --netlock isiri kushanda (Kanganiso: hapana bhokisi rejecha rinoshanda)

Chekupedzisira, kune avo vanofarira chirongwa ichi, vanofanirwa kuziva kuti yakanyorwa muC, yakagoverwa pasi peGPLv2 rezinesi, uye inogona kumhanya pane chero Linux kugovera. Firejail Ready mapakeji anogadzirirwa mudhibhi mafomati (Debian, Ubuntu).

Maitiro ekuisa Firejail paLinux?

Kune avo vanofarira kugona kuisa Firejail pane yavo Linux kugovera, vanogona kuzviita vachitevera rairo iyo yatinogovana pazasi.

PaDebian, Ubuntu uye zvigadzirwa kuiswa kuri nyore, kubvira ivo vanogona kuisa Firejail kubva kunzvimbo dzekuchengetedza yekuparadzirwa kwayo kana ivo vanogona kurodha pasi akagadzirira madhiri mapakeji kubva chinotevera chinongedzo.

Muchiitiko chekusarudza iyo kuisirwa kubva kumatura, ingovhura terminal uye ita unotevera kuraira:

sudo apt-get install firejail

Kana kana ivo vakasarudza kurodha pasi madhata mapakeji, vanogona kuisa neyavanofarira package maneja kana kubva kune iyo terminal nemirairo:

sudo dpkg -i firejail_0.9.72-apparmor_1_amd64.deb

Panguva yeiyo nyaya yeArch Linux uye zvigadzirwa kubva pane izvi, mhanya chete:

sudo pacman -S firejail

Setup

Kana kumisikidza kwaitwa, ikozvino isu tichafanirwa kugadzirisa sandbox uye isu zvakare tinofanirwa kuve neAppArmor inogoneswa.

Kubva kuchiteshi tinenge tichinyora:

sudo firecfg

sudo apparmor_parser -r /etc/apparmor.d/firejail-default

Kuti uzive mashandisirwo ayo uye kusangana kwayo unogona kubvunza gwara rayo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako