I-Bubblewrap 0.6 ifika ngokusekelwa kwe-Meson nokuningi

Darkcrizt

Imizuzu ye-4

Muva nje ukutholakala kwe inguqulo entsha ye-sandboxing ukugoqa ibhamuza 0.6, lapho kwenziwe khona izinguquko ezibalulekile njengokufakwa kosekelo lokuhlanganiswa ne-Meson, ukusekelwa ngokwengxenye kokucaciswa kwe-REUSE kanye nezinye izinguquko ezimbalwa.

Kulabo abangazi ngeBubblewrap, kufanele wazi ukuthi le yi- into esetshenziswayo ngokuvamile esetshenziselwa ukukhawulela izinhlelo zokusebenza ezingazodwana kubasebenzisi abangenamalungelo. Empeleni, iphrojekthi ye-Flatpak isebenzisa i-Bubblewrap njengesendlalelo sokuhlukanisa izinhlelo zokusebenza eziqaliswe kumaphakheji.

Ngokuzihlukanisa, iLinux isebenzisa ubuchwepheshe bokubona iziqukathi zendabuko ezisuselwa ekusetshenzisweni kwamaqoqo, izikhala zamagama, iSeccomp neSELinux. Ukwenza imisebenzi enelungelo lokumisa isitsha, i-Bubblewrap iqalwa ngamalungelo ezimpande (ifayela elisebenzisekayo elinefulegi elizimele), lilandelwe ukusethwa kabusha kwelungelo ngemuva kokuqala kwesiqukathi.

Mayelana neBubblewrap

I-Bubblewrap ibekwe njengokusetshenziswa okunomkhawulo kwe-suida kusuka kusethi engezansi yemisebenzi yamagama ezikhala zomsebenzisi ukukhipha wonke ama-id womsebenzisi nacubungula kusuka emvelweni ngaphandle kwaleyo yamanje, sebenzisa izindlela I-CLONE_NEWUSER ne-CLONE_NEWPID.

Ukuvikelwa okungeziwe, izinhlelo ezisebenza ku-Bubblewrap ziqala ngemodi PR_SET_NO_NEW_PRIVS, evimbela amalungelo amasha, isibonelo, nefulegi le-setuid.

Ukuhlukaniswa ezingeni lesistimu yefayela kwenziwa ngokwakha indawo entsha yokubeka igama ngokuzenzakalela, lapho ukwahlukaniswa kwezimpande kungenalutho kusetshenziswa i-tmpfs.

Uma kunesidingo, izingxenye zangaphandle ze-FS zinamathiselwe kulesi sigaba ku- «ukukhweza -bopha»(Isibonelo, ukuqala ngenketho«bwrap -ro-bind / usr / usr', Isigaba se / usr sidluliswa sisuka kumsingathi ngemodi yokufunda kuphela).

Amakhono we inethiwekhi ikhawulelwe ukufinyelela kusixhumi esibonakalayo se-loopback kuguqulwe ukuhlukaniswa kwesitaki senethiwekhi ngezinkomba I-CLONE_NEWNET ne-CLONE_NEWUTS.

Umehluko omkhulu ngephrojekthi efanayo yeFirejail, okusebenzisa futhi isiqalisi se-setuid, ukuthi ku-Bubblewrap, ungqimba lwesitsha lufaka kuphela ubuncane bezici ezidingekayo nayo yonke imisebenzi ethuthukile edingeka ukwethula izinhlelo zokusebenza zokuqhafaza, ukuxhumana nedeskithophu, nokuhlunga izingcingo ePulseaudio, kulethwa ohlangothini lweFlatpak bese isebenza ngemuva kokuthi amalungelo esethwe kabusha.

Amanoveli amakhulu we-Bubblewrap 0.6

Kule nguqulo entsha ye-Bubblewrap 0.6 eyethulwa, kugqanyiswe lokho wanezela ukwesekwa for uhlelo lokwakha UMeson, lapho ukusekelwa kokuhlanganiswa ne Amathuluzi e-auto agcinelwe manje, kodwa kuhloswe ukuthi lokhu izosuswa esikhundleni sokusebenzisa i-Meson ekukhishweni okuzayo.

Enye into entsha kule nguqulo entsha ye-Bubblewrap 0.6 ukuqaliswa kwenketho "-add-seccomp" ukwengeza ngaphezu kohlelo olulodwa lwe-seccomp, futhi wengeze isexwayiso sokuthi uma inketho ethi “–seccomp” icaciswa futhi, inketho yokugcina kuphela ezosetshenziswa.

Kuyaziwa futhi ukuthi ukusekela ngokwengxenye kokucaciswa kwe-REUSE, ehlanganisa inqubo yokucacisa ilayisense nolwazi lwe-copyright.

Ngaphandle kwalokho kwengezwe nezihloko I-SPDX-License-Identifier yamafayela amaningi yekhodi. Ukulandela imihlahlandlela ye-REUSE kwenza kube lula ukunquma ngokuzenzakalelayo ukuthi iyiphi ilayisensi esebenza ukuthi yiziphi izingxenye zekhodi yakho yesicelo.

Ngakolunye uhlangothi, wanezela i-agumenti counter value isheke kusukela kulayini womyalo (argc) futhi usebenzise indlela ephumayo ephuthumayo uma ikhawunta inguziro. Ushintsho pIkuvumela ukuthi uvimbe izinkinga zokuphepha okubangelwa ukuphathwa okungalungile kwezimpikiswano zomugqa womyalo ophasisiwe, njenge-CVE-2021-4034 ku-Polkit

Kwezinye izinguquko okuvelele kule nguqulo entsha:

  • Igatsha eliyinhloko endaweni yokugcina ye-git liqanjwe kabusha laba elikhulu
  • Susa ukuhlanganiswa kwe-CI endala
  • Ukusebenzisa i-bash nge-PATH ukuze uhambisane kangcono namasistimu wokusebenza okungewona awe-FHS

ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo mayelana nale nguqulo entsha, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.