ProHoster > Блог > labaran intanet > Systemd System Manager release 246

Systemd System Manager release 246

Bayan watanni biyar na ci gaba gabatar saki mai sarrafa tsarin 246 tsarin kwamfuta. Sabuwar sakin ya haɗa da goyan bayan raka'a masu daskarewa, ikon tabbatar da hoton faifan tushen ta amfani da sa hannu na dijital, tallafi don matsawa log da juji ta amfani da algorithm ZSTD, ikon buɗe kundayen adireshi na gida ta amfani da alamun FIDO2, tallafi don buɗe Microsoft BitLocker. partitions via /etc/ crypttab, BlackList an sake masa suna zuwa DenyList.

Main canji:

  • Ƙara goyon baya ga mai sarrafa albarkatun injin daskarewa dangane da ƙungiyoyi v2, wanda tare da shi zaku iya dakatar da matakai kuma ku 'yantar da wasu albarkatu na ɗan lokaci (CPU, I/O, da yuwuwar ƙwaƙwalwar ajiya) don yin wasu ayyuka. Ana sarrafa daskarewa da daskarewa na raka'a ta amfani da sabon umarnin "systemctl freeze" ko ta D-Bus.
  • Ƙara goyon baya don tabbatar da hoton faifan tushen ta amfani da sa hannu na dijital. Ana yin tabbaci ta amfani da sabbin saituna a cikin raka'o'in sabis: RootHash (tushen zanta don tabbatar da hoton diski da aka ƙayyade ta zaɓin TushenImage) da RootHashSignature (sa hannu na dijital a tsarin PKCS#7 don tushen zanta).
  • Mai kula da PID 1 yana aiwatar da ikon ɗaukar ƙa'idodin AppArmor da aka riga aka tattara ta atomatik (/etc/apparmor/earlypolicy) a matakin farkon taya.
  • An ƙara sabbin saitunan fayil ɗin raka'a: ConditionPathIsEncrypted da AssertPathIsEncrypted don bincika sanya ƙayyadadden hanyar akan na'urar toshe mai amfani da ɓoyewa (dm-crypt/LUKS), YanayiEnvironment da AssertEnvironment don bincika masu canjin yanayi (misali, waɗanda PAM ko saita lokacin kafa kwantena).
  • Don raka'a * .mount, an aiwatar da saitin ReadWriteOnly, wanda ke hana hawa bangare a yanayin karantawa kawai idan ba zai yiwu a sanya shi don karatu da rubutu ba. A /etc/fstab an saita wannan yanayin ta amfani da zaɓin "x-systemd.rw-only".
  • Domin *. soket raka'a, an ƙara saitin PassPacketInfo, wanda ke ba kernel damar ƙara ƙarin metadata ga kowane fakitin da aka karanta daga soket (yana ba da damar IP_PKTINFO, IPV6_RECVPKTINFO da NETLINK_PKTINFO yanayin soket).
  • Don ayyuka (*.Raka'a sabis), ana ba da shawarar saitunan CoredumpFilter (yana bayyana sassan ƙwaƙwalwar ajiya waɗanda yakamata a haɗa su cikin jujjuyawar asali) da
    TimeoutStartFailureMode/TimeoutStopFailureMode (yana bayyana ɗabi'a (SIGTERM, SIGABRT ko SIGKILL) lokacin da aka ƙare lokacin farawa ko dakatar da sabis).

  • Yawancin zaɓuɓɓuka yanzu suna goyan bayan ƙimar hexadecimal waɗanda aka ƙayyade ta amfani da prefix "0x".
  • A cikin sigogin layin umarni daban-daban da fayilolin daidaitawa masu alaƙa da saita maɓalli ko takaddun shaida, yana yiwuwa a ƙayyade hanyar zuwa sockets unix (AF_UNIX) don canja wurin maɓalli da takaddun shaida ta hanyar kira zuwa ayyukan IPC lokacin da ba a so a sanya takaddun shaida akan faifan da ba a ɓoye ba. ajiya.
  • Ƙara goyon baya don sababbin ƙayyadaddun bayanai guda shida waɗanda za a iya amfani da su a cikin raka'a, tmpfiles.d/, sysusers.d/ da sauran fayilolin sanyi: %a don musanya tsarin gine-gine na yanzu, %o/% w/% B/% W don musanya filayen tare da masu ganowa daga /etc/os-release da %l don gajeriyar maye gurbin sunan mai masauki.
  • Fayilolin naúrar ba su ƙara goyan bayan tsarin “.clude” ba, wanda aka soke shekaru 6 da suka gabata.
  • Saitunan StandardError da StandardOutput sun daina goyan bayan ƙimar "syslog" da "syslog-console", waɗanda za a canza ta atomatik zuwa "jarida" da "jarida+console".
  • Don ƙirƙirar matakan tushen tmpfs ta atomatik (/tmp, /run, / dev/shm, da sauransu), ana ba da iyaka akan girman da adadin inodes, daidai da 50% na girman RAM don /tmp da / dev/ shm, da 10% na RAM ga kowa da kowa.
  • Ƙara sabon zaɓuɓɓukan layin umarni na kernel: systemd.hostname don saita sunan mai masauki a matakin farko na taya, udev.blockdev_read_only don iyakance duk na'urorin toshe masu alaƙa da abubuwan motsa jiki zuwa yanayin karantawa kawai (zaka iya amfani da umarnin "blockdev --setrw" zuwa zažužžukan soke), systemd .swap don kashe kunna kunnawa ta atomatik na ɓangaren musanya, systemd.clock-usec don saita agogon tsarin a cikin microseconds, systemd.condition-needs-update da systemd.condition-first-boot don ƙetare Yanayin BukatunUpdate da ConditionFist cak.
  • Ta hanyar tsoho, an saita sysctl fs.suid_dumpable zuwa 2 ("suidsafe"), wanda ke ba da damar adana jijiyoyin jijiya don aiwatarwa tare da tutar suid.
  • An aro fayil ɗin /usr/lib/udev/hwdb.d/60-autosuspend.hwdb a cikin rumbun adana bayanai daga ChromiumOS, wanda ya haɗa da bayanai game da na'urorin PCI da USB waɗanda ke goyan bayan yanayin bacci ta atomatik.
  • An ƙara saitin ManageForeignRoutes zuwa networkd.conf, lokacin da aka kunna, tsarin sadarwa na tsarin zai fara sarrafa duk hanyoyin da wasu kayan aiki suka daidaita.
  • An ƙara sashin "[SR-IOV]" zuwa fayilolin cibiyar sadarwa don daidaita na'urorin cibiyar sadarwa waɗanda ke goyan bayan SR-IOV (Tsarin I/O Virtualization Single).
  • A cikin tsarin sadarwar tsarin, an ƙara saitin IPv4AcceptLocal zuwa sashin "[Network]" don ba da damar fakiti masu zuwa tare da adireshi na gida don karɓar akan hanyar sadarwa.
  • systemd-networkd ya kara da ikon saita horon fifikon zirga-zirgar zirga-zirgar HTB ta hanyar [HierarchyTokenBucket] da
    [HierarchyTokenBucketClass], "pfifo" ta [PFIFO], "GRED" ta [GenericRandomEarlyDetection], "SFB" ta [StochasticFairBlue], "cake"
    ta [CAKE], "PIE" ta [PIE], "DRR" ta [DeficitRoundRobinScheduler] da
    [DeficitRoundRobinSchedulerClass], "BFIFO" ta [BFIFO],
    "PFIFOHeadDrop" ta [PFIFOHeadDrop], "PFIFOFast" ta [PFIFOFast], "HHF"
    ta [HeavyHitterFilter], "ETS" ta [EnhancedTransmissionSelection],
    "QFQ" ta hanyar [QuickFairQueueing] da [QuickFairQueueingClass].

  • A cikin tsarin sadarwa na tsarin, an ƙara saitin UseGateway zuwa sashin [DHCPv4] don kashe amfani da bayanan ƙofar da aka samu ta DHCP.
  • A cikin tsarin sadarwa na tsarin, a cikin [DHCPv4] da [DHCPServer] sassan, an ƙara saitin SendVendorOption don shigarwa da sarrafa ƙarin zaɓuɓɓukan mai siyarwa.
  • systemd-networkd yana aiwatar da sabon saitin EmitPOP3/POP3, EmitSMTP/SMTP da EmitLPR/LPR a cikin sashin [DHCPServer] don ƙara bayani game da sabar POP3, SMTP da LPR.
  • A systemd-networkd, a cikin fayilolin .netdev a cikin sashin [Bridge], an ƙara saitunan VLANProtocol don zaɓar ka'idar VLAN don amfani.
  • A cikin tsarin tsarin sadarwa, a cikin fayilolin .network a cikin sashin [Haɗi], ana aiwatar da saitin Ƙungiya don sarrafa rukunin haɗin gwiwa.
  • An canza saitunan BlackList suna zuwa DenyList (kiyaye tsohuwar sarrafa sunan don dacewa ta baya).
  • Systemd-networkd ya ƙara babban yanki na saituna masu alaƙa da IPv6 da DHCPv6.
  • Ƙara umarnin "forcerenew" zuwa networkctl don tilasta duk ɗaurin adireshi sabunta (lease).
  • A cikin tsarin da aka warware, a cikin tsarin DNS, ya zama mai yiwuwa a saka lambar tashar jiragen ruwa da sunan mai masauki don tabbatar da takaddun shaida na DNS-over-TLS. Aiwatar da DNS-over-TLS ya ƙara tallafi don duba SNI.
  • Systemd-resolved yanzu yana da ikon daidaita jujjuyawar sunayen DNS mai lamba ɗaya (lakabi ɗaya, daga sunan mai masauki ɗaya).
  • systemd-journald yana ba da tallafi don amfani da zstd algorithm don damfara manyan filayen a cikin mujallu. An yi aiki don kare kai daga karo a cikin teburan zanta da aka yi amfani da su a cikin mujallu.
  • URLs masu dannawa tare da hanyoyin haɗi zuwa takaddun an ƙara su zuwa journalctl lokacin nuna saƙon log.
  • An ƙara saitin Audit zuwa journald.conf don sarrafa ko an kunna dubawa yayin ƙaddamar da tsarin jarida.
  • Systemd-coredump yanzu yana da ikon damfara jujjuyawar asali ta amfani da zstd algorithm.
  • Ƙara saitin UUID zuwa tsarin-repartment don sanya UUID zuwa ɓangaren da aka ƙirƙira.
  • Sabis na gida-gida, wanda ke ba da sarrafa kundayen adireshi na gida, ya ƙara ikon buɗe kundayen adireshi ta amfani da alamun FIDO2. Ƙaƙƙarfan ɓoyayyen ɓangarori na LUKS ya ƙara tallafi don dawo da tubalan tsarin fayil mara komai ta atomatik lokacin da taro ya ƙare. Ƙara kariya daga ɓoyayyen bayanai sau biyu idan an ƙaddara cewa an riga an rufaffen ɓangaren /gidan kan tsarin.
  • Ƙara saituna zuwa / sauransu/crypttab: "keyfile-erase" don share maɓalli bayan amfani da "gwada-kowace kalmar sirri" don ƙoƙarin buɗe bangare tare da kalmar sirri mara komai kafin faɗakar da mai amfani don kalmar sirri (yana da amfani don shigar da hotunan da aka ɓoye. tare da kalmar sirri da aka sanya bayan taya ta farko, ba lokacin shigarwa ba).
  • systemd-cryptsetup yana ƙara tallafi don buɗe sassan Microsoft BitLocker a lokacin taya ta amfani da /etc/crypttab. Hakanan an ƙara ikon karantawa
    maɓallai don buɗe ɓangarori ta atomatik daga fayilolin /etc/cryptsetup-keys.d/ .key da /run/cryptsetup-keys.d/ .key.

  • Ƙara systemd-xdg-autostart-generator don ƙirƙirar fayilolin naúrar daga .desktop autostart fayiloli.
  • An ƙara umarnin "sake yi-to-firmware" zuwa "bootctl".
  • Zaɓuɓɓukan da aka ƙara zuwa tsarin tsarin-firstboot: "--image" don tantance hoton diski don taya, "--kernel-command-line" don fara fayil ɗin /etc/kernel/cmdline, "--tushen-password-hashed" zuwa saka tushen kalmar sirri hash, da "--delete-root-password" don share tushen kalmar sirri.

source: budenet.ru

Add a comment