Indlela yokuzihlukanisa efana ne-plegde iyathuthukiswa ku-FreeBSD

Darkcrizt

Imizuzu ye-4

Kwambulwa lokho ukuqaliswa kuhlongozwa of a uhlelo lokusebenza lokuzihlukanisa lwe-FreeBSD, okusikhumbuza ukugoqa nokwembula izingcingo zesistimu ezakhiwe iphrojekthi ye-OpenBSD.

Ukuzihlukanisa ku-plegde kwenziwa ngokuvimbela ukufinyelela kumakholi wesistimu angasetshenziswa uhlelo lokusebenza nokudalula ngokukhetha ngokuvula ukufinyelela ezindleleni ezithile zefayela uhlelo lokusebenza olungasebenza ngazo. Ngohlelo lokusebenza, kwakhiwa uhlobo lohlu olumhlophe lwezingcingo zesistimu nezindlela zefayela, futhi zonke ezinye izingcingo nezindlela azivunyelwe.

Umehluko phakathi kokugoqiwe nokungavezwanga, yenzelwe i-FreeBSD, iphelela ekunikezeni isendlalelo esengeziwe lokho kukuvumela ukuthi uhlukanise izinhlelo zokusebenza ngaphandle koshintsho oluncane noma oluncane kumakhodi azo. Khumbula ukuthi ku-OpenBSD plegde futhi uvule uhlose ukuhlanganisa okuqinile nendawo eyisisekelo futhi kusetshenziswa ngokwengeza izichasiselo ezikhethekile kukhodi yohlelo ngalunye.

Ukwenza kube lula ukuhlelwa kokuvikela, izihlungi zikuvumela ukuthi ugweme imininingwane esezingeni lezingcingo zesistimu ngayinye futhi ulawule izigaba zezingcingo zesistimu (okufakwayo/okuphumayo, ukufundwa kwefayela, ukubhalwa kwefayela, amasokhethi, ioctl, i-sysctl, ukuqala kwezinqubo, njll.) . Imisebenzi yokuvinjelwa kokufinyelela ingabizwa ngekhodi yesicelo njengoba kwenziwa izenzo ezithile, isibonelo, ukufinyelela kumasokhethi namafayela kungavalwa ngemva kokuvula amafayela adingekayo nokusungula uxhumano lwenethiwekhi.

Umbhali wokugoqa futhi aveze ichweba le-FreeBSD okuhloswe ngayo ukunikeza ikhono lokuhlukanisa izinhlelo zokusebenza ezingafanele, lapho kuhlongozwa khona insiza yekhethini, evumela ukusebenzisa imithetho echazwe efayeleni elihlukile kuzinhlelo zokusebenza. Ukulungiselelwa okuhlongozwayo kuhlanganisa ifayela elinezilungiselelo eziyisisekelo ezichaza izigaba zezingcingo zesistimu nezindlela zefayela ezivamile eziqondene nezinhlelo ezithile zokusebenza (ukusebenza ngomsindo, amanethiwekhi, ukungena, njll.), kanye nefayela elinemithetho yokufinyelela yezinhlelo zokusebenza eziqondile.

Umsebenzi wamakhethini ungasetshenziswa ukuhlukanisa izinsiza eziningi, izinqubo zeseva, izinhlelo zokusebenza zezithombe, kanye namaseshini edeskithophu yawo wonke angashintshwanga. Ukwabelana ngekhethini nezindlela zokuzihlukanisa ezihlinzekwa yi-Jail ne-Capsicum subsystems kuyasekelwa.

Futhi kungenzeka ukuhlela ukuhlukaniswa kwesidleke, lapho izinhlelo zokusebenza eziqalisiwe zithatha njengefa imithetho ebekwe uhlelo lokusebenza lomzali, ukwenezela ngezingqinamba ezihlukene. Eminye imisebenzi ye-kernel (amathuluzi okulungisa iphutha, i-POSIX/SysV IPC, i-PTY) iphinde ivikelwe indlela yokuvimbela evimbela ukufinyelela ezintweni ze-kernel ezidalwe izinqubo ngaphandle kwenqubo yamanje noma yomzali.

Inqubo ingamisa ukuhlukaniswa kwayo ngokushayela i-curtainctl noma ngokusebenzisa i-plegde() kanye ne-unveil() imisebenzi ehlinzekwa yi-libcurtain library, efana ne-OpenBSD. I-'security.curtain.log_level' sysctl inikezwa ukuze kulandelelwe izikhiya ngenkathi uhlelo lusebenza.

Ukufinyelela kuzimiso ze-X11 kanye ne-Wayland kunikwe amandla ngokuhlukana ngokucacisa okukhethwa kukho okuthi "-X"/"-Y" kanye no-"-W" lapho kuqaliswa ikhethini, kodwa ukusekelwa kwezithombe akukazinzisiswa ngokwanele futhi kunochungechunge lwezinkinga ezingaxazululiwe ( izinkinga zivela ikakhulukazi uma usebenzisa i-X11, futhi ukusekelwa kwe-Wayland kungcono kakhulu). Abasebenzisi bangangeza imikhawulo eyengeziwe ngokudala amafayela emithetho yendawo (~/.curtain.conf). Ngokwesibonelo,

Ukuqaliswa kufaka imojuli ye-mac_curtain kernel yokulawula ukufinyelela okuyisibopho (MAC), isethi yeziqephu ze-FreeBSD kernel ngokusetshenziswa komshayeli nezihlungi ezidingekayo, umtapo wezincwadi we-libcurtain wokusebenzisa i-plegde nemisebenzi eveziwe kuzinhlelo zokusebenza, ikhethini lensiza, likhombisa ukucushwa. amafayela, uchungechunge lokuhlola, neziqeshana zezinhlelo ezithile zesikhala somsebenzisi (ngokwesibonelo, ukusebenzisa i-$TMPDIR ukuze uhlanganise ukusebenza ngamafayela esikhashana). Noma nini lapho kungenzeka, umbhali uzama ukunciphisa inani lezinguquko ezidinga ukuphetshwa i-kernel nezinhlelo zokusebenza.

Okokugcina uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.