ProHoster > Блог > labaran intanet > Systemd System Manager release 244

Systemd System Manager release 244

Bayan watanni uku na ci gaba gabatar saki mai sarrafa tsarin 244 tsarin kwamfuta.

Babban canje-canje:

  • Ƙara goyon baya ga mai sarrafa albarkatu na cpuset dangane da ƙungiyoyi v2, wanda ke ba da tsari don ɗaure matakai zuwa takamaiman CPUs (saitin "AllowedCPUs") da NUMA ƙwaƙwalwar ƙwaƙwalwar ajiya (saitin "AllowedMemoryNodes");
  • Ƙara goyon baya don saitunan lodawa daga madaidaicin SystemdOptions EFI don tsarin tsarin, wanda ke ba ku damar tsara tsarin tsarin a cikin yanayi inda canza zaɓuɓɓukan layin umarni na kernel yana da matsala kuma an karanta saitin daga faifai ya yi latti (misali, lokacin da kuke buƙatar saita zaɓuɓɓuka. masu alaƙa da matsayi na rukuni). Don saita m a cikin EFI, zaku iya amfani da umarnin 'bootctl systemd-efi-options';
  • Ƙara goyon baya ga raka'a don loda saituna daga "{unit_type}.d/" kundayen adireshi masu alaƙa da nau'ikan naúrar (misali "service.d/"), waɗanda za a iya amfani da su don ƙara saitunan da ke rufe duk fayilolin naúrar nau'in da aka bayar a. sau ɗaya;
  • Don raka'o'in sabis, an ƙara sabon yanayin keɓewar akwatin sandbox ProtectKernelLogs, wanda ke ba ku damar hana damar shirin zuwa buffer log ɗin kernel, samun dama ta hanyar kiran tsarin syslog (kar a ruɗe da API na sunan ɗaya da aka bayar a libc). Idan yanayin ya kunna, za a toshe damar aikace-aikacen zuwa /proc/kmsg, /dev/kmsg da CAP_SYSLOG;
  • Don raka'a, an ba da shawarar saitin RestartKillSignal, wanda ke ba ku damar sake fasalin adadin siginar da aka yi amfani da shi don ƙare aikin yayin sake kunna aikin (zaku iya canza dabi'ar dakatar da aikin a matakin shirye-shiryen sake farawa);
  • An daidaita umarnin "systemctl clean" don amfani tare da soket, mount, da swap raka'a;
  • A farkon matakin lodawa, ƙuntatawa akan tsananin fitowar saƙon kernel ta hanyar buga bugu ba a kashe, wanda ke ba da damar ƙarin cikakkun bayanai game da ci gaban lodin da za a tara a wani matakin da ba a haɗa ma'ajiyar log ɗin ba tukuna (login. yana tarawa a cikin ma'aunin zobe na kernel). Saita iyakoki na bugawa daga layin umarni na kernel yana ɗaukar fifiko kuma yana ba ku damar soke halayen tsarin. Shirye-shiryen da aka tsara waɗanda ke fitar da rajista kai tsaye zuwa / dev/kmsg (ana yin wannan ne kawai a farkon lokacin taya) suna amfani da ƙuntatawa na ciki daban don kare kariya daga toshewa;
  • An ƙara umarnin 'stop --job-mode=triggering' zuwa tsarin amfani na systemctl, wanda ke ba ka damar dakatar da duka naúrar da aka ƙayyade akan layin umarni da duk raka'o'in da za su iya kiran ta;
  • Bayanin jihar yanzu ya haɗa da bayani game da kira da kira na raka'a;
  • Yana yiwuwa a yi amfani da saitin "RuntimeMaxSec" a cikin raka'a masu iyaka (a da an yi amfani da shi a cikin sassan sabis kawai). Misali, "RuntimeMaxSec" yanzu ana iya amfani dashi don iyakance lokacin zaman PAM ta hanyar ƙirƙirar yanki mai iyaka.
    don asusun mai amfani. Hakanan za'a iya saita iyakar lokacin ta hanyar zaɓi na systemd.runtime_max_sec a cikin sigogin tsarin pam_systemd PAM;
  • Ƙara sabon rukunin tsarin yana kiran "@pkey", lokacin da ke iyakance kwantena da ayyuka, yana sauƙaƙa kiran tsarin kira mai alaƙa da kariyar ƙwaƙwalwar ajiya;
  • Ƙara alamar "w+" zuwa systemd-tmpfiles don rubutawa a cikin yanayin ƙara fayil;
  • Ƙarin bayani don nazarin kayan aiki na tsarin-nazartar ko tsarin ƙwaƙwalwar kernel ya dace da saitunan tsarin (misali, idan wasu shirye-shiryen ɓangare na uku sun canza sigogi na kernel);
  • An ƙara zaɓin "-base-time" zuwa tsarin nazarin tsarin, lokacin da aka ƙayyade, ana ƙididdige bayanan kalanda dangane da lokacin da aka ƙayyade a cikin wannan zaɓi, kuma ba dangane da lokacin tsarin yanzu ba;
  • "journalctl -update-catalog" yana tabbatar da daidaito a cikin jerin abubuwan da ke cikin fitarwa (mai amfani don tsara ginin maimaitawa);
  • An ƙara ikon tantance tsohuwar ƙima don saitin "WatchdogSec" da aka yi amfani da shi a cikin ayyukan tsarin. A lokacin tattarawa, ana iya ƙayyade ƙimar tushe ta zaɓin "-Dservice-watchdog" (idan an saita zuwa komai, za a kashe mai sa ido);
  • Ƙara zaɓin ginawa "-Duser-path" don ƙetare ƙimar $ PATH;
  • Ƙara wani zaɓi na "-u" ("-uuid") zuwa systemd-id128 don fitar da masu gano 128-bit a cikin UUID (wakilin UUID na canonical);
  • Gina yanzu yana buƙatar aƙalla sigar libcryptsetup 2.0.1.

Canje-canje masu alaƙa da saitunan cibiyar sadarwa:

  • Systemd-networkd ya ƙara goyon baya don sake saita hanyar haɗin yanar gizo akan tashi, wanda "sake saukewa" da "sake saita DEVICE ..." an ƙara umarni zuwa networkctl don sake kunna saitunan da sake saita na'urori;
  • systemd-networkd ya daina ƙirƙirar tsoffin hanyoyin hanyoyin haɗin IPv4 na gida tare da adiresoshin intranet 169.254.0.0/16 (Link-local). A baya can, ƙirƙirar hanyoyin da suka dace ta atomatik don irin waɗannan hanyoyin haɗin suna haifar da halayen da ba zato ba tsammani da kuma matsalolin sarrafa hanya a wasu lokuta. Don dawo da tsohuwar ɗabi'a, yi amfani da saitin "DefaultRouteOnDevice=ee". Hakazalika, ana dakatar da aikin adiresoshin IPv6 na gida idan ba a kunna hanyar haɗin IPv6 na gida ba;
  • A cikin tsarin sadarwa na tsarin, lokacin da ake haɗawa zuwa cibiyoyin sadarwa mara waya a cikin yanayin ad-hoc, ana aiwatar da saitunan tsoho tare da adireshin mahaɗin-gida (link-local);
  • Ƙara sigogi RxBufferSiz da TxBufferSize don saita girman karɓa da aika buffers na cibiyar sadarwa;
  • systemd-networkd yana aiwatar da tallan ƙarin hanyoyin IPv6, waɗanda aka tsara ta hanyar zaɓuɓɓukan Route da LifetimeSec a cikin sashin “[IPv6RoutePrefix]”;
  • systemd-networkd ya kara da ikon daidaita hanyoyin "na gaba hop" ta amfani da zaɓuɓɓukan "Ƙofar" da "Id" a cikin sashin "[NextHop]";
  • systemd-networkd da networkctl na DHCP suna ba da sabuntawa akan-da- tashi na ɗaurin adireshi na IP (leases), aiwatar da umarnin 'networkctl sabunta';
  • systemd-networkd yana tabbatar da cewa an sake saita saitin DHCP akan sake kunnawa (amfani da zaɓin KeepConfiguration don adana saituna). An canza tsohuwar ƙimar saitin SendRelease zuwa “gaskiya”;
  • Abokin ciniki na DHCPv4 yana tabbatar da cewa ana amfani da ƙimar zaɓin zaɓin OPTION_INFORMATION_REFRESH_TIME da sabar ta aika. Don buƙatar takamaiman zaɓuɓɓuka daga uwar garken, ana ba da shawarar sigar "RequestOptions", kuma don aika zaɓuɓɓuka zuwa uwar garken - "SendOption". Don saita nau'in sabis na IP ta abokin ciniki na DHCP, an ƙara siginar "IPServiceType";
  • Don musanya jerin sabbin sabobin SIP (Labarai na Ƙaddamarwa Zama) don sabar DHCPv4, an ƙara sigogin "EmitSIP" da "SIP". A gefen abokin ciniki, ana iya kunna sigogin SIP daga uwar garken ta amfani da saitin "Yi amfani da SIP = Ee";
  • Ƙara ma'aunin "PrefixDelegationHint" zuwa ga abokin ciniki na DHCPv6 don neman prefix na adireshi;
  • Fayilolin hanyar sadarwa suna ba da tallafi don yin taswirar hanyoyin sadarwar mara waya ta SSID da BSSID, misali don ɗaure sunan wurin shiga da adireshin MAC. Ana nuna ƙimar SSID da BSSID a cikin fitarwa na networkctl don musaya mara waya. Bugu da ƙari, an ƙara ikon kwatanta ta nau'in cibiyar sadarwa mara waya (WLANInterfaceType parameter);
  • systemd-networkd ya kara da ikon daidaita lamuran layi don sarrafa zirga-zirga ta amfani da sabbin sigogin Iyaye,
    NetworkEmulatorDelaySec, NetworkEmulatorDelayJitterSec,
    NetworkEmulatorPacketLimit da NetworkEmulatorLossRate,
    NetworkEmulatorDuplicateRate a cikin sashin "[TrafficControlQueueingDiscipline]";
  • systemd-resolved yana ba da tabbacin adiresoshin IP a cikin takaddun shaida lokacin ginawa tare da GnuTLS.

canje-canje masu alaƙa da udev:

  • Systemd-udevd ya cire lokacin ƙarewar na biyu na 30 don tilasta masu riko da su ƙare. Systemd-udevd yanzu yana jiran kammala masu sarrafa wanda daƙiƙa 30 bai isa ya kammala ayyuka akai-akai a cikin manyan kayan aiki ba (misali, ƙayyadaddun lokaci zai iya katse farawar direba yayin aiwatar da sauya ɓangaren da aka ɗora don tsarin fayil ɗin tushen). Lokacin amfani da systemd, lokacin ƙarewar da systemd-udevd zai jira kafin a saita shi ta hanyar TimeoutStopSec saitin a systemd-udevd.service. Lokacin aiki ba tare da tsarin aiki ba, lokacin ƙarewar ana sarrafa shi ta ma'aunin udev.event_timeout;
  • Ƙara shirin fido_id don udev, wanda ke gano alamun FIDO CTAP1
    ("U2F") / CTAP2 dangane da bayanai game da amfani da su na baya da kuma nuna ma'auni masu mahimmanci (shirin yana ba ku damar yin ba tare da jerin fararen waje na duk sanannun alamun da aka yi amfani da su a baya);
  • Aiwatar da tsarar atomatik na ƙa'idodin udev autosuspend don na'urori daga jerin fararen da aka shigo da su daga Chromium OS (canjin yana ba ku damar faɗaɗa amfani da hanyoyin ceton wuta don ƙarin na'urori);
  • An ƙara sabon saitin "CONST{key}=darajar" zuwa udev don ba da damar yin taswirar ƙimar tsarin kai tsaye ba tare da gudanar da bincike daban-daban ba. A halin yanzu maɓallan "baki" da "virt" kawai ake tallafawa;
  • An kunna CDROM don buɗewa a cikin yanayin da ba na keɓancewa ba yayin aiwatar da aikace-aikacen buƙatun don hanyoyin tallafi (canjin yana warware matsaloli tare da shirye-shiryen shiga CDROM kuma yana rage haɗarin katsewar shirye-shiryen rubuta faifai waɗanda ba sa amfani da keɓantaccen yanayin shiga).

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster