An bayyana cewa an ba da shawarar aiwatarwa a Tsarin keɓewar aikace-aikacen don FreeBSD, wanda ke tunawa da ninki da buɗe kiran tsarin da aikin OpenBSD ya haɓaka.
Keɓewa a cikin plegde ana yin shi ta hanyar hana damar yin amfani da kiran tsarin da aikace-aikacen ba sa amfani da shi da bayyanawa ta hanyar zaɓin buɗe hanyar shiga ga wasu hanyoyin fayil waɗanda aikace-aikacen zai iya aiki da su. Don aikace-aikacen, an ƙirƙiri nau'in farin jerin kira na tsarin da hanyoyin fayil, kuma duk sauran kira da hanyoyi an hana su.
Bambanci tsakanin nadewa da bayyanawa, haɓaka don FreeBSD, Yana tafasa ƙasa don samar da ƙarin Layer wanda ke ba ka damar ware aikace-aikacen ba tare da canje-canje kaɗan ko kaɗan ga lambar su ba. Ka tuna cewa a cikin OpenBSD plegde da buše manufar haɗin gwiwa tare da tushe kuma ana aiwatar da su ta ƙara bayanai na musamman zuwa lambar kowane aikace-aikacen.
Don sauƙaƙe ƙungiyar kariya, masu tacewa suna ba ku damar guje wa cikakkun bayanai a matakin kiran tsarin kowane mutum da sarrafa nau'ikan kiran tsarin (shigarwa / fitarwa, karanta fayil, rubuta fayil, soket, ioctl, sysctl, fara aiwatarwa, da sauransu) . Ana iya kiran ayyukan ƙuntatawa damar shiga lambar aikace-aikacen kamar yadda ake aiwatar da wasu ayyuka, alal misali, samun dama ga soket da fayiloli ana iya rufe su bayan buɗe fayilolin da suka dace da kafa haɗin yanar gizo.
Marubucin ninka da bayyana tashar jiragen ruwa don FreeBSD an yi nufin samar da ikon ware aikace-aikacen sabani, wanda aka ba da shawarar amfanin labule, wanda ke ba da damar yin amfani da ƙa'idodin da aka ayyana a cikin wani fayil daban zuwa aikace-aikace. Tsarin da aka tsara ya haɗa da fayil tare da saitunan asali waɗanda ke ayyana azuzuwan kiran tsarin da hanyoyin fayil na yau da kullun musamman ga wasu aikace-aikacen (aiki tare da sauti, cibiyoyin sadarwa, shiga, da sauransu), kazalika da fayil tare da ƙa'idodin samun dama ga takamaiman aikace-aikace.
Ana iya amfani da kayan aikin labule don keɓance yawancin abubuwan amfani, hanyoyin sabar uwar garken, aikace-aikacen hoto, har ma da duka zaman tebur waɗanda ba a canza su ba. Ana goyan bayan raba labule tare da keɓance hanyoyin keɓancewa daga tsarin Jail da Capsicum.
Har ila yau yana yiwuwa a tsara keɓewar gida, lokacin kaddamar da aikace-aikacen ya gaji ƙa'idodin da aikace-aikacen iyaye suka tsara, yana ƙara su tare da ƙuntatawa daban-daban. Wasu ayyukan kwaya (kayan aikin gyara kuskure, POSIX/SysV IPC, PTY) ana kuma kiyaye su ta hanyar shingen shinge wanda ke hana samun damar abubuwan kernel waɗanda aka ƙirƙira ta hanyar matakai ban da tsarin yanzu ko na iyaye.
Tsari na iya saita keɓewar kansa ta hanyar kiran curtainctl ko ta amfani da plegde() da buɗe () ayyukan da ɗakin karatu na labulen ke bayarwa, kama da na OpenBSD. An samar da 'security.curtain.log_level' sysctl don bin diddigin makullai yayin da aikace-aikacen ke gudana.
Ana kunna samun dama ga ka'idojin X11 da Wayland daban ta hanyar tantance zaɓuɓɓukan "-X"/"-Y" da "-W" lokacin fara labule, amma tallafi ga aikace-aikacen zane bai riga ya daidaita ba kuma yana da jerin batutuwan da ba a warware su ba ( Matsalolin suna bayyana musamman lokacin amfani da X11, kuma tallafin Wayland ya fi kyau). Masu amfani za su iya ƙara ƙarin hani ta ƙirƙirar fayilolin dokokin gida (~/.curtain.conf). Misali,
Ayyukan aiwatarwa sun haɗa da tsarin mac_curtain kernel module don ikon samun damar shiga (MAC), saitin faci don kernel na FreeBSD tare da aiwatar da direbobi masu mahimmanci da masu tacewa, ɗakin karatu na libcurtain don amfani da plegde da bayyana ayyuka a cikin aikace-aikacen, labulen mai amfani, yana nuna daidaitawa. fayiloli, rukunin gwaje-gwaje, da faci don wasu shirye-shiryen sarari-mai amfani (misali, don amfani da $TMPDIR don haɗa aiki tare da fayilolin wucin gadi). A duk lokacin da zai yiwu, marubucin yana ƙoƙarin rage adadin canje-canjen da ke buƙatar facin kernel da aikace-aikace.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.