Firejail - Gbaa ngwa atụkwasịghị obi na Linux
Mgbe ụfọdụ ị nwere ike chọọ iji ngwa a na-anwalebeghị nke ọma na gburugburu ebe dị iche iche, mana ị ga-ejirịrị ha. N'ọnọdụ ndị dị otú ahụ, ọ bụ ihe dị mma ichegbu onwe gị maka nchekwa nke sistemụ gị. Otu ihe enwere ike ịme na Linux bụ iji ngwa n'ime igbe ájá.
Sandboxing bụ ikike ịme ngwa ngwa na mpaghara nwere oke, n'ụzọ dị otú ahụ, a na-enye ngwa ahụ ego ole na ole, dị mkpa iji rụọ ọrụ. N'ihi ngwa a na-akpọ Firejail, ị nwere ike ịme ngwa na-enweghị ntụkwasị obi na Linux.
Firejail bụ ngwa SUID (Set Owner User ID) nke na-ebelata mkpughe nke mmebi nchekwa site na ịmachi gburugburu ebe mmemme enweghị ntụkwasị obi site na iji aha Linux na seccomp-bpf.
Ọ na-eme usoro na ụmụ ya niile ka ha nwee echiche nzuzo nke onwe ha banyere ihe onwunwe kernel zuru ụwa ọnụ, dị ka nchịkọta netwọk, tebụl nhazi, okpokoro ugwu.
Ụfọdụ atụmatụ Firejail na-eji:
- Oghere aha Linux
- akpa sistemụ faịlụ
- Ihe nzacha nchekwa
- Nkwado netwọk
- Kwapụta akụrụngwa
Enwere ike ịchọta ozi gbasara atụmatụ Firejail na ibe gọọmentị.
Otu esi etinye Firejail na Linux
Enwere ike mezue nrụnye ahụ site na nbudata ngwugwu kachasị ọhụrụ na ibe github nke oru ngo site na iji git iwu dị ka egosiri.
$ git clone https://github.com/netblue30/firejail.git $ cd firejail $ ./configure && make && sudo make install-strip
Ọ bụrụ na ị nweghị git arụnyere na sistemụ gị, ịnwere ike iji:
$ sudo apt install git [On Debian/Ubuntu] # yum install git [On CentOS/RHEL] # dnf install git [On Fedora 22+]
Ụzọ ọzọ ịwụnye firejail bụ ibudata ngwugwu jikọtara na nkesa Linux gị wee wụnye ya na njikwa ngwugwu ya. Enwere ike ibudata faịlụ site na SourceForge ibe nke oru ngo. Ozugbo ebudatara faịlụ ahụ, ịnwere ike iji:
$ sudo dpkg -i firejail_X.Y_1_amd64.deb [On Debian/Ubuntu] $ sudo rpm -i firejail_X.Y-Z.x86_64.rpm [On CentOS/RHEL/Fedora]
Otu esi agba ngwa na Firejail na Linux
Ị dịla njikere ime ngwa gị na firejail. A na-arụzu nke a site n'ịmepụta ọdụ na ịgbakwunye firejail tupu iwu ịchọrọ ịgba ọsọ.
Nke a bụ ọmụmaatụ:
$ firejail firefox #start Firefox web browser $ firejail vlc # start VLC player
Firejail gụnyere ọtụtụ profaịlụ nchekwa maka ngwa dị iche iche ma echekwara ya na:
/etc/firejail
Ọ bụrụ na ị wulite ọrụ a site na isi mmalite, ị nwere ike ịhụ profaịlụ na:
# path-to-firejail/etc/
Ọ bụrụ na ijiri ngwungwu rpm/deb, ị nwere ike ịhụ profaịlụ nchekwa na:
/etc/firejail/
Ndị ọrụ kwesịrị idowe profaịlụ ha na ndekọ ndị a:
~/.config/firejail
Ọ bụrụ na ịchọrọ ịgbatị profaịlụ nchekwa dị adị, ịnwere ike iji gụnyere gụnyere na ụzọ profaịlụ wee tinye ahịrị gị ma emechaa. Nke a kwesịrị ịdị ka nke a:
$ cat ~/.config/firejail/vlc.profile include /etc/firejail/vlc.profile net none
Ọ bụrụ na-ịchọrọ igbochi ohere nke ngwa na ụfọdụ ndekọ, ị nwere ike iji a blacklist iwu imezu kpọmkwem nke ahụ. Dịka ọmụmaatụ, ịnwere ike ịgbakwunye ihe ndị a na profaịlụ nchekwa gị:
blacklist ${HOME}/Documents
Ụzọ ọzọ ị ga-esi nweta otu nsonaazụ ahụ bụ ịkọwapụta ụzọ zuru ezu na folda nke ịchọrọ igbochi:
blacklist /home/user/Documents
Enwere ọtụtụ ụzọ dị iche iche nke ị nwere ike isi hazie profaịlụ nchekwa gị, dị ka ịhapụ ohere ịnweta, ikwe ka ịnweta naanị ịgụ ihe wdg. Ọ bụrụ na ị nwere mmasị na ịmepụta profaịlụ omenala, ị nwere ike ịlele ntụziaka na-esonụ firejail.
Firejail bụ ngwá ọrụ dị egwu maka ndị ọrụ nchekwa, ndị chọrọ ichekwa usoro ha.