ProHoster > Блог > labaran intanet > Systemd System Manager release 243

Systemd System Manager release 243

Bayan watanni biyar na ci gaba gabatar saki mai sarrafa tsarin 243 tsarin kwamfuta. Daga cikin sababbin abubuwa, zamu iya lura da haɗin kai cikin PID 1 na mai kulawa don ƙananan ƙwaƙwalwar ajiya a cikin tsarin, goyon baya don haɗa shirye-shiryen BPF naka don tace zirga-zirgar naúrar, yawancin sababbin zaɓuɓɓuka don tsarin tsarin sadarwa, yanayin don saka idanu da bandwidth na cibiyar sadarwa. musaya, kunna ta tsohuwa akan tsarin 64-bit 22-bit PID lambobin maimakon 16-bit, canzawa zuwa gamayyar ƙungiyoyin ƙungiyoyi, haɗawa a cikin tsarin tsarin-cibiyar sadarwa-janar.

Babban canje-canje:

  • Gane siginar da aka samar da kwaya game da barin ƙwaƙwalwar ajiya (Out-Of-Memory, OOM) an ƙara zuwa mai sarrafa PID 1 don canja wurin raka'a waɗanda suka kai iyakar amfani da ƙwaƙwalwar ajiya zuwa yanayi na musamman tare da zaɓin zaɓi don tilasta musu su ƙare. ko tsayawa;
  • Don fayilolin raka'a, sabbin sigogi IIngressFilterPath da
    IPEgressFilterPath, wanda ke ba ka damar haɗa shirye-shiryen BPF tare da masu gudanar da sabani don tace fakitin IP masu shigowa da masu fita waɗanda aka samar ta hanyoyin da ke da alaƙa da wannan rukunin. Abubuwan da aka tsara suna ba ku damar ƙirƙirar wani nau'in Tacewar zaɓi don sabis na tsarin. Misalin rubutu matatar cibiyar sadarwa mai sauƙi dangane da BPF;

  • An ƙara umarnin "tsabta" zuwa mai amfani na systemctl don share cache, fayilolin runtime, bayanin matsayi da kundayen adireshi;
  • systemd-networkd yana ƙara goyan bayan MACsec, nlmon, IPVTAP da hanyoyin sadarwa na hanyar sadarwa na Xfrm;
  • systemd-networkd yana aiwatar da saitin daban na DHCPv4 da DHCPv6 tari ta cikin sassan "[DHCPv4]" da "[DHCPv6]" a cikin fayil ɗin sanyi. Ƙara zaɓi na RoutesToDNS don ƙara wata hanya ta daban zuwa uwar garken DNS da aka ƙayyade a cikin sigogi da aka karɓa daga uwar garken DHCP (domin ana aika da zirga-zirga zuwa DNS ta hanyar hanyar haɗi ɗaya da babbar hanyar da aka karɓa daga DHCP). An ƙara sababbin zaɓuɓɓuka don DHCPv4: MaxAttempts - matsakaicin adadin buƙatun don samun adireshi, BlackList - jerin baƙar fata na sabar DHCP, SendRelease - ba da damar aika saƙon SAKI na DHCP lokacin da zaman ya ƙare;
  • An ƙara sabbin umarni zuwa tsarin amfani-nanalyze:
    • "tsarin-bincike timestamp" - nazarin lokaci da juyawa;
    • "tsarin-bincike lokutan lokaci" - bincike da juyawa na lokutan lokaci;
    • "tsarin-bincike yanayin" - bincike da gwaji ConditionXYZ maganganu;
    • “System-Analyze Exit-status” - bincike da canza lambobin fita daga lambobi zuwa sunaye da akasin haka;
    • "systemd-analyze unit-files" - Ya lissafa duk hanyoyin fayil don raka'a da laƙabi.
  • Zaɓuɓɓuka Nasara ExitStatus, Sake farawaPreventExitStatus da
    RestartForceExitStatus yanzu yana goyan bayan lambobin dawowar lamba kawai, har ma da masu gano rubutun su (misali, "DATAERR"). Kuna iya duba jerin lambobin da aka sanya wa masu ganowa ta amfani da umarnin “Stemd-analyze exit-status”;

  • An ƙara umarnin "share" zuwa cibiyar sadarwar networkctl don share na'urorin cibiyar sadarwar kama-da-wane, da kuma zaɓin "-stats" don nuna ƙididdiga na na'ura;
  • An ƙara saitunan SpeedMeter da SpeedMeterIntervalSec zuwa networkd.conf don aunawa lokaci-lokaci na mu'amalar hanyar sadarwa. Ana iya duba kididdigar da aka samu daga sakamakon aunawa a cikin fitar da umarnin 'Networkctl status';
  • An ƙara sabon mai amfani systemd-network-generator don ƙirƙirar fayiloli
    .cibiyar sadarwa, .netdev da .link dangane da saitunan IP sun wuce lokacin da aka ƙaddamar da layin umarni na Linux a cikin tsarin saiti na Dracut;

  • Ƙimar sysctl "kernel.pid_max" akan tsarin 64-bit an saita shi ta tsohuwa zuwa 4194304 (22-bit PIDs maimakon 16-bits), wanda ke rage yiwuwar haɗuwa yayin sanya PIDs, yana ƙara iyaka akan adadin lokaci guda. tafiyar matakai, kuma yana da tasiri mai kyau akan tsaro. Canjin na iya yuwuwar haifar da lamuran daidaitawa, amma har yanzu ba a ba da rahoton irin waɗannan batutuwan a aikace ba;
  • Ta hanyar tsoho, matakin ginawa yana canzawa zuwa ga ƙungiyoyin haɗin gwiwa-v2 ("-Ddefault-hierarchy=unified"). A baya can, tsoho shine yanayin gauraye ("-Ddefault-hierarchy= hybrid");
  • An canza dabi'ar tacewa na tsarin kira (SystemCallFilter), wanda, a cikin yanayin haramtacciyar kiran tsarin, yanzu ya ƙare duka tsarin, maimakon zaren mutum ɗaya, tun da ƙare ɗayan zaren na iya haifar da matsalolin da ba za a iya ganewa ba. Canje-canjen suna aiki ne kawai idan kuna da Linux kernel 4.14+ da libseccomp 2.4.0+;
  • Ana ba da shirye-shiryen marasa gata ikon aika fakitin ICMP Echo (ping) ta hanyar saita sysctl "net.ipv4.ping_group_range" don duk kewayon ƙungiyoyi (ga duk matakai);
  • Don hanzarta aikin ginawa, an dakatar da tsararrun litattafan ɗan adam ta tsohuwa (don gina cikakkun takardu, kuna buƙatar amfani da zaɓin "-Dman = gaskiya" ko "-Dhtml = gaskiya" don jagorar a cikin tsarin html). Don sauƙaƙe don duba takardun, an haɗa rubutun biyu: ginawa / mutum / mutum da ginawa / mutum / html don samarwa da samfoti na littattafan sha'awa;
  • Don aiwatar da sunayen yanki tare da haruffa daga haruffan ƙasa, ana amfani da ɗakin karatu na libidn2 ta tsohuwa (don mayar da libidn, yi amfani da zaɓin “-Dlibidn=gaskiya”);
  • Taimako ga fayil ɗin /usr/sbin/halt.local mai aiwatarwa, wanda ya ba da aikin da ba a rarraba ba a cikin rarrabawa, an dakatar da shi. Don tsara ƙaddamar da umarni lokacin rufewa, ana ba da shawarar yin amfani da rubutun a /usr/lib/systemd/system-shutdown/ ko ayyana sabon sashin da ya dogara da final.target;
  • A mataki na ƙarshe na rufewa, systemd yanzu yana haɓaka matakin log ɗin ta atomatik a cikin sysctl “kernel.printk”, wanda ke magance matsalar tare da nunawa a cikin abubuwan log ɗin da suka faru a ƙarshen matakan rufewa, lokacin da daemons na yau da kullun sun riga sun gama. ;
  • A cikin journalctl da sauran abubuwan amfani da ke nuna rajistan ayyukan, ana ba da haske da faɗakarwa cikin rawaya, kuma ana ba da fifikon bayanan binciken da shuɗi don haskaka su a gani daga taron;
  • A cikin canjin yanayi na $PATH, hanyar zuwa bin/ yanzu ta zo gaban hanyar zuwa sbin/, watau. idan akwai sunaye iri ɗaya na fayilolin da za a iya aiwatarwa a cikin kundayen adireshi biyu, fayil ɗin daga bin/ za a aiwatar da shi;
  • systemd-logind yana ba da kira na SetBrightness() don canza hasken allo a amince akan kowane lokaci;
  • An ƙara tutar "- jira-for-farawa" zuwa umarnin "udevadm info" don jira na'urar ta fara;
  • Yayin boot ɗin tsarin, mai sarrafa PID 1 yanzu yana nuna sunayen raka'a maimakon layi tare da bayanin su. Don komawa zuwa halayen da suka gabata, zaku iya amfani da zaɓi na StatusUnitFormat a /etc/systemd/system.conf ko tsarin systemd.status_unit_format kernel zaɓi;
  • Ƙara zaɓin KExecWatchdogSec zuwa /etc/systemd/system.conf don watchdog PID 1, wanda ke ƙayyade lokacin da za a sake farawa ta amfani da kexec. Tsohuwar saitin
    An sake sanyawa ShutdownWatchdogSec suna zuwa RebootWatchdogSec kuma yana bayyana lokacin da za a yi aiki yayin rufewa ko sake farawa na yau da kullun;

  • An ƙara sabon zaɓi don ayyuka Ƙaddamarwa, wanda ke ba ka damar saka umarnin da za a aiwatar kafin ExecStartPre. Dangane da lambar kuskuren da umarnin ya dawo, an yanke shawara akan ƙarin aiwatar da naúrar - idan lambar 0 ta dawo, ƙaddamarwar naúrar ta ci gaba, idan daga 1 zuwa 254 ta ƙare cikin shiru ba tare da tutar gazawa ba, idan 255 ta ƙare tare da tutar gazawa;
  • Ƙara sabon sabis systemd-pstore.service don cire bayanai daga sys/fs/pstore/ kuma daga adanawa zuwa /var/lib/pstore don ƙarin bincike;
  • An ƙara sababbin umarni zuwa mai amfani na timedatectl don daidaita sigogin NTP don tsarin tsarin lokaci-syncd dangane da mu'amalar cibiyar sadarwa;
  • Umurnin "localectl list-locales" ba ya nuna wuraren da ba UTF-8 ba;
  • Yana tabbatar da cewa kurakuran ayyuka masu canzawa a cikin fayilolin sysctl.d/ an yi watsi da su idan sunan mai canzawa ya fara da harafin "-";
  • sabis systemd-bazuwar-iri.sabis yanzu yana da alhakin ƙaddamar da tafkin entropy na Linux kernel pseudorandom lambobi janareta. Sabis ɗin da ke buƙatar farawa daidai / dev/urandom yakamata a fara shi bayan sabis na systemd-random-seed.
  • Mai ɗaukar boot ɗin boot-boot yana ba da damar zaɓi don tallafawa fayil iri tare da jerin bazuwar a cikin Tsarin Tsarin EFI (ESP);
  • An ƙara sababbin umarni zuwa bootctl mai amfani: "bootctl random-seed" don samar da fayil iri a cikin ESP da "bootctl an shigar da shi" don duba shigarwa na tsarin boot-boot boot loader. bootctl kuma an daidaita shi don nuna faɗakarwa game da daidaitaccen tsarin shigarwar taya (misali, lokacin da aka goge hoton kernel, amma an bar shigarwar don loda shi);
  • Yana ba da zaɓi na atomatik na ɓangaren musanya lokacin da tsarin ya shiga yanayin barci. An zaɓi ɓangaren dangane da fifikon da aka saita don shi, kuma a cikin yanayin fifiko iri ɗaya, adadin sarari kyauta;
  • Ƙara zaɓi-lokacin ƙare maɓalli zuwa /etc/crypttab don saita tsawon lokacin da na'urar tare da maɓallin ɓoyewa za ta jira kafin a nemi kalmar sirri don samun damar ɓoyayyen ɓangaren;
  • Ƙara zaɓi na IOWeight don saita nauyin I/O don mai tsara BFQ;
  • systemd-tsarin ƙara yanayin 'tsattsauran ra'ayi' don DNS-over-TLS kuma aiwatar da ikon cache kawai tabbataccen martanin DNS ("Cache no-negative" a cikin resolved.conf);
  • Don VXLAN, systemd-networkd ya ƙara wani zaɓi na GenericProtocolExtension don ba da damar kari na ƙa'idar VXLAN. Don VXLAN da GENEVE, an ƙara zaɓin IPDoNotFragment don saita tutar hana gutsuttsura don fakiti masu fita;
  • A cikin tsarin sadarwa na tsarin, a cikin sashin "[Hanyar hanya]", zaɓin FastOpenNoCookie ya bayyana don ba da damar hanyar buɗe hanyoyin haɗin TCP da sauri (TFO - TCP Fast Open, RFC 7413) dangane da hanyoyin mutum ɗaya, da zaɓin TTLPropagate. don saita TTL LSP (Label Switched Path). Zaɓin "Nau'i" yana ba da tallafi ga gida, watsa shirye-shirye, kowane watsa shirye-shirye, multicast, kowane da xresolve hanyoyin sarrafa kayan aiki;
  • Systemd-networkd yana ba da zaɓi na DefaultRouteOnDevice a cikin sashin "[Network]" don saita tsohuwar hanya ta atomatik don na'urar sadarwar da aka bayar;
  • Systemd-networkd ya kara ProxyARP da
    ProxyARPWifi don saita halayen ARP na wakili, MulticastRouter don saita sigogin kewayawa a cikin yanayin multicast, MulticastIGMPersion don canza sigar IGMP (Protocol Gudanarwar Rukunin Intanet) don multicast;

  • Systemd-networkd ya ƙara Zaɓuɓɓukan Gida, Peer da PeerPort don tunnels FooOverUDP don saita adiresoshin IP na gida da na nesa, da lambar tashar tashar cibiyar sadarwa. Don TUN tunnels, zaɓin VnetHeader an ƙara don saita tallafin GSO (Generic Segment Offload);
  • A cikin tsarin tsarin tsarin, a cikin .network da fayilolin .link a cikin sashin [Match], wani zaɓi na Property ya bayyana, wanda ke ba ka damar gano na'urori ta takamaiman kaddarorin su a udev;
  • A cikin tsarin sadarwa na tsarin, an ƙara wani zaɓi na AssignToLoopback don tunnels, wanda ke sarrafa ko an sanya ƙarshen rami zuwa na'urar madauki "lo";
  • systemd-networkd ta atomatik yana kunna tari na IPv6 ta atomatik idan an katange ta ta sysctl disable_ipv6 - IPv6 yana kunna idan an ayyana saitunan IPv6 (a tsaye ko DHCPv6) don ƙirar hanyar sadarwa, in ba haka ba an riga an saita ƙimar sysctl ba ta canzawa;
  • A cikin fayilolin hanyar sadarwa, an maye gurbin saitin CriticalConnection da zaɓin KeepConfiguration, wanda ke ba da ƙarin hanyoyi don ma'anar yanayi ("e", "a tsaye", "dhcp-on-stop", "dhcp") a cikin abin da tsarin sadarwa ya kamata. kar a taɓa haɗin da ke akwai lokacin farawa;
  • Kafaffen rauni CVE-2019-15718, wanda ya haifar da rashin ikon samun dama ga tsarin tsarin D-Bus da aka warware. Batun yana ba da damar mai amfani mara amfani don yin ayyukan da ke samuwa ga masu gudanarwa kawai, kamar canza saitunan DNS da kuma jagorantar tambayoyin DNS zuwa sabar dan damfara;
  • Kafaffen rauni CVE-2019-9619mai alaƙa da rashin kunna pam_systemd don zaman da ba a haɗa shi ba, wanda ke ba da damar zubewar zaman aiki.

source: budenet.ru

Add a comment