Firejail, application yekuzviparadzanisa system inosvika neiyo nyowani vhezheni yayo 0.9.62

Darkcrizt

4 maminitsi

firejail_crop

firejail furemu inovandudza sisitimu yekuitwa kwakasarudzika kwemifananidzo yekushandisa, console uye server. Uchishandisa Firejail inoderedza njodzi yekukanganisa iyo system main kana uchimhanya isingavimbike kana angave ari panjodzi zvirongwa. Chirongwa chakanyorwa muC, chakagoverwa pasi peGPLv2 rezinesi uye inogona kushanda pane chero kugoverwa kweLinux.

firejail inoshandisa namespaces, AppArmor, uye system kufona kusefa (seccomp-bpf) paLinux yekuzviparadzanisa. Kana yatanga chete, chirongwa ichi pamwe nezvose zvinoitwa nemwana zvinoshandisa zvakamiririrwa zvakasiyana zvezviwanikwa zvekernel, senge network network, tafura yekuita, uye makomo ekukwirisa.

Kunotsamira kunyorera kunogona kusanganiswa mune yakajairwa sandbox. Kana zvichidikanwa, Firejail inogona zvakare kushandiswa kutanga Docker, LXC, uye OpenVZ midziyo.

About Firejail

Kusiyana nemidziyo yekudzivirira midziyo, Firejail iri nyore kwazvo kugadzirisa uye haidi kugadzirirwa kweiyo system mufananidzo: kuumbwa kwemudziyo kunoumbwa zvichibva pane zvirimo mune yazvino faira system uye inobviswa mushure mekunge application yapera.

Se - ipa zvishandiso zvinoshanduka zvekumisikidza faira system yekuwana mitemo, unogona kuona kuti ndeapi mafaera uye madhairekitori akarambidzwa kana kurambidzwa kuwana, batanidza zvenguva pfupi mafaera faira (tmpfs) yedhata, gonesa kuverenga-chete kuwana kune mafaera kana madhairekitori, sanganisa madhairekitori uchishandisa kusunga-kukwira uye pamusoro pekuputira.

Kune huwandu hukuru hwezvakakurumbira zvinoshandiswa, zvinosanganisira Firefox, Chromium, VLC, pakati pevamwe, system kufona yekuzviparadzanisa profiles zvakagadzirwa kunze kwebhokisi.

Kuti uwane maropafadzo anodikanwa ekumisikidza sandbox, iyo firejail inoitiswa inoiswa pamwe neSUID midzi mureza (mushure mekutanga, iwo maropafadzo anoiswazve).

Chii chitsva muFirejail 0.9.62?

Mune iyi vhezheni nyowani zvakasimbiswa izvo inouya nemamwe maprofiles akawedzerwa ekutanga kweapp yakasarudzika iyo huwandu hwese hwemaprofayera hunosvika kusvika 884.

Kunze kwazvo - faira kopi muganho kumisikidza yakawedzerwa kune /etc/firejail/firejail.config gadziriso faira, Izvi zvinokutendera iwe kudzikisira saizi yemafaira ayo anozoteedzerwa kumemory uchishandisa "- zvakavanzika- *" sarudzo (nekutadza, muganho wakaiswa kusvika 500MB).

Iyo chroot kufona ikozvino yaitwa kwete zvinoenderana nenzira, asi pachinzvimbo inoshandisa makomo mapoinzi zvinoenderana nerondedzero yefaira.

Yeimwe shanduko:

  • Mumaprofiles, kushandiswa kwevashandisi kunotenderwa.
  • Yakagadziriswa kusefa kweesystem kufona uchishandisa seccomp mashini.
  • Otomatiki kuona kwemakomputa mureza kunopihwa.
  • Iyo / usr / share dhairekitori rakabvumidzwa kune akasiyana maprofiles.
  • Zvitsva zvekubatsira magwaro gdb-firejail.sh uye sort.py zvakawedzerwa kuchikamu chekupa.
  • Kuvandudzwa kwekuchengetedzwa mune yakasarudzika kodhi yekumisikidza nhanho (SUID).
  • Kune maprofiles, matsva ane mamiriro HAS_X11 uye HAS_NET anoitwa kuti aone kuvepo kweiyo X server uye kuwana kune network.

Maitiro ekuisa Firejail paLinux?

Kune avo vanofarira kugona kuisa Firejail pane yavo Linux kugovera, vanogona kuzviita vachitevera rairo iyo yatinogovana pazasi.

PaDebian, Ubuntu uye zvigadzirwa kumisikidza kuri nyore kubvira ivo vanogona kuisa Firejail kubva kunzvimbo dzekuchengetedza yekuparadzirwa kwayo kana ivo vanogona kurodha pasi akagadzirira madhiri mapakeji kubva tsime. 

Muchiitiko chekusarudza iyo kuisirwa kubva kumatura, ingovhura terminal uye ita unotevera kuraira:

sudo apt-get install firejail

Kana kana ivo vakasarudza kurodha pasi madhata mapakeji, vanogona kuisa neyavanofarira package maneja kana kubva kune iyo terminal nemirairo:

sudo dpkg -i firejail_0.9.62_1*.deb

Panguva yeiyo nyaya yeArch Linux uye zvigadzirwa kubva pane izvi, mhanya chete:

sudo pacman -S firejail

Yenyaya yaFedora, RHEL, CentOS, OpenSUSE kana chero imwe distro ine rutsigiro rwe rpm mapakeji anogona kuwana mapakeji kubva chinotevera chinongedzo.

Uye kumisikidza kwaitwa ne:

sudo rpm -i firejail-0.9.62-1.x86_64.rpm

Setup

Kana kumisikidza kwaitwa, ikozvino isu tichafanirwa kugadzirisa sandbox uye isu zvakare tinofanirwa kuve neAppArmor inogoneswa.

Kubva kuchiteshi tinenge tichinyora:

sudo firecfg

sudo apparmor_parser -r /etc/apparmor.d/firejail-default

Kuti uzive mashandisirwo ayo uye kusangana kwayo unogona kubvunza gwara rayo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako