Kwanan nan samuwar sabon sigar sandboxing kumfa 0.6, a cikin abin da aka yi wasu muhimman canje-canje kamar haɗawa da goyon baya don haɗawa tare da Meson, goyon bayan wani ɓangare don ƙayyadaddun REUSE da wasu wasu canje-canje.
Ga waɗanda ba su san Bubblewrap ba, ya kamata ku sani cewa wannan a amfanin amfanin yawanci ana amfani dashi don taƙaita aikace-aikacen mutum ɗaya ga masu amfani marasa gata. A aikace, aikin Flatpak yana amfani da Bubblewrap azaman Layer don ware aikace-aikacen da aka ƙaddamar daga fakiti.
Don keɓancewa, Linux yana amfani da fasahohin haɓaka ƙarfi na kwantena na gargajiya dangane da amfani da cgroups, sunayen sarauta, Seccomp da SELinux. Don aiwatar da ayyukan alfarma don saita kwantena, Bubblewrap an fara shi da gatan tushen (fayil mai zartarwa tare da tutar asusu), sannan sake saiti na gata bayan an fara akwatin.
Game da Bubblewrap
Bubblewrap an sanya shi azaman iyakantaccen aikin suida daga rukunin ayyukan suna na sararin mai amfani don keɓance duk mai amfani da aiwatar da ids daga mahalli banda na yanzu, amfani da hanyoyin CLONE_NEWUSER da CLONE_NEWPID.
Don ƙarin kariya, shirye-shiryen da ke gudana a cikin Bubblewrap suna farawa a cikin yanayin PR_SET_NO_NEW_PRIVS, wanda ya haramta sabon gata, misali, tare da tutar setuid.
Keɓewa a matakin tsarin fayil ana yin shi ta ƙirƙirar, ta hanyar tsoho, sabon sararin suna, wanda aka ƙirƙiri ɓangaren tushen komai ta amfani da tmpfs.
Idan ya cancanta, sassan FS na waje suna haɗe da wannan ɓangaren a cikin «hau –bind»(Misali, farawa da zaɓi«bwrap –ro-bind / usr / usr', An tura sashen / usr daga mai masaukin a yanayin karanta-kawai).
The capability na cibiyar sadarwa tana iyakance don samun dama ga madaidaicin madauki juyawa tare da keɓewar hanyar sadarwa ta hanyar alamun CLONE_NEWNET da CLONE_NEWUTS.
Bambancin maɓalli tare da irin wannan aikin Firejail, wanda kuma yayi amfani da setuid launcher, shine a cikin Bubblewrap, Layer akwatin ya haɗa da mafi ƙarancin fasali masu mahimmanci kuma duk ayyukan da aka ci gaba da ake buƙata don ƙaddamar da aikace-aikacen zane, mu'amala da tebur, da kuma kiran kira zuwa Pulseaudio, an kawo su a gefen Flatpak kuma suna gudana bayan an sake saita gata.
Babban sabbin abubuwan Bubblewrap 0.6
A cikin wannan sabon sigar Bubblewrap 0.6 da aka gabatar, an haskaka hakan ƙara goyon baya ga tsarin ginawa Meson, wanda ta hanyar tallafi don haɗawa tare da An adana kayan aikin atomatik don yanzu, amma ana nufin cewa wannan za a cire shi don amfani da Meson a cikin sakin gaba.
Wani sabon abu a cikin wannan sabon sigar Bubblewrap 0.6 shine aiwatar da zaɓi "-add-seccomp" don ƙara shirin fiye da ɗaya, Hakanan ya kara gargadin cewa idan an sake kayyade zabin “–seccomp”, zabin karshe kawai za a yi amfani da shi.
Haka kuma an lura da cewa goyon bayan wani ɓangare don ƙayyadaddun REUSE, wanda ke haɗa tsarin tantance lasisi da bayanan haƙƙin mallaka.
Bayan haka an kuma kara masu kai SPDX-Lasisi-Gano ga fayiloli da yawa da code. Bin jagororin SAKE amfani da shi yana ba da sauƙin tantancewa ta atomatik wanne lasisin ya shafi sassan lambar aikace-aikacen ku.
A daya bangaren, ya kara da cewa gardama counter darajar duba daga layin umarni (argc) kuma aiwatar da fita gaggawa idan ma'aunin sifili ne. Canjin pYana ba ku damar toshe matsalolin tsaro lalacewa ta hanyar kuskuren sarrafa gardama na layin umarni, kamar CVE-2021-4034 a cikin Polkit.
Na sauran canje-canje wanda ya fice daga wannan sabon sigar:
- Babban reshe a cikin ma'ajiyar git an sake masa suna zuwa babba
- Cire tsohuwar haɗin CI
- Amfani da bash ta hanyar PATH don ingantaccen dacewa tare da tsarin aiki marasa FHS
a karshe idan kun kasance sha'awar sanin ɗan ƙarin game da shi game da wannan sabon sigar, zaku iya bincika cikakkun bayanai A cikin mahaɗin mai zuwa.