ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > systemd tus thawj tswj hwm tso tawm 253

systemd tus thawj tswj hwm tso tawm 253

Tom qab peb thiab ib nrab lub hlis ntawm kev txhim kho, kev tso tawm ntawm tus thawj tswj hwm systemd 253 tau nthuav tawm.

Ntawm cov kev hloov pauv hauv qhov kev tso tawm tshiab:

  • Cov pob suav nrog cov khoom siv hluav taws xob 'ukify', tsim los tsim, txheeb xyuas thiab tsim cov kos npe rau cov duab sib koom ua ke (UKI, Unified Kernel Image), sib txuas tus neeg tuav pov hwm rau thauj cov ntsiav los ntawm UEFI (UEFI boot stub), Linux kernel duab thiab a system ib puag ncig loaded rau hauv nco initrd, siv rau kev pib pib ntawm theem ua ntej mounting lub hauv paus ntaub ntawv system. Lub tshuab hluav taws xob hloov pauv cov haujlwm ua haujlwm yav dhau los muab los ntawm 'dracut -uefi' hais kom ua thiab ua tiav nws nrog lub peev xwm rau kev txiav txim siab offsets hauv PE cov ntaub ntawv, sib koom ua ke initrds, kos npe kos duab cov duab kos, tsim cov duab sib xyaw nrog sbsign, heuristics rau kev txiav txim siab kernel uname, kuaj xyuas duab nrog txaws npo thiab ntxiv kos npe rau PCR cov cai tsim los ntawm kev siv hluav taws xob systemd-measure.
  • Ntxiv kev txhawb nqa rau initrd ib puag ncig tsis txwv los ntawm kev tso chaw nco, uas siv cov overlayfs es tsis txhob tmpfs. Rau xws li ib puag ncig, systemd tsis rho tawm tag nrho cov ntaub ntawv hauv initrd tom qab hloov cov ntaub ntawv hauv paus.
  • Qhov "OpenFile" parameter tau ntxiv rau cov kev pabcuam rau qhib cov ntaub ntawv tsis txaus ntseeg hauv cov ntaub ntawv kaw lus (lossis txuas mus rau Unix sockets) thiab dhau cov ntaub ntawv cuam tshuam rau cov txheej txheem pib (piv txwv li, thaum koj xav tau teeb tsa kev nkag mus rau cov ntaub ntawv rau ib qho. unprivileged kev pab cuam yam tsis hloov cov cai nkag mus rau cov ntaub ntawv).
  • Hauv systemd-cryptenroll, thaum sau npe cov yuam sij tshiab, nws muaj peev xwm qhib cov kev sib faib encrypted siv FIDO2 tokens (--lock-fido2-device) yam tsis tas yuav tsum muaj tus password. Tus neeg siv tus lej PIN tus lej tau muab khaws cia nrog ntsev kom ua rau muaj kev nyuaj rau kev tshawb nrhiav brute-force.
  • Ntxiv ReloadLimitIntervalSec thiab ReloadLimitBurst nqis, nrog rau cov kab hais kom ua kab xaiv (systemd.reload_limit_interval_sec thiab /systemd.reload_limit_burst) kom txwv qhov kev siv ntawm cov txheej txheem keeb kwm yav dhau rov pib dua.
  • Rau cov chav nyob, qhov kev xaiv "MemoryZSwapMax" tau siv los teeb tsa cov cuab yeej memory.zswap.max, uas txiav txim siab qhov loj tshaj zswap.
  • Rau cov chav nyob, qhov "LogFilterPatterns" kev xaiv tau raug siv, uas tso cai rau koj los teeb tsa cov kab lus tsis tu ncua los lim cov ntaub ntawv tawm mus rau lub cav (tuaj yeem siv los tshem tawm qee qhov tso zis lossis txuag qee cov ntaub ntawv).
  • Scope units tam sim no txhawb nqa "OOMPolicy" teeb tsa los teeb tsa tus cwj pwm thaum sim ua ntej thaum lub cim xeeb qis (cov kev nkag mus rau OOMPolicy = txuas ntxiv kom cov OOM tua neeg tsis yuam kom txiav lawv).
  • Ib hom kev pabcuam tshiab tau raug txhais - "Type =notify-reload", uas txuas ntxiv "Type = ceeb toom" hom nrog lub peev xwm tos rau lub teeb liab pib ua kom tiav (SIGHUP). Cov kev pabcuam systemd-networkd.service, systemd-udevd.service thiab systemd-logind tau raug xa mus rau hom tshiab.
  • udev siv lub tswv yim naming tshiab rau cov khoom siv network, qhov txawv yog tias rau USB li tsis khi rau PCI tsheb npav, ID_NET_NAME_PATH tam sim no tau teeb tsa los xyuas kom meej cov npe twv tau ntau dua. Tus neeg teb xov tooj '-=' tau raug coj los siv rau SYMLINK qhov hloov pauv, tawm hauv cov cim txuas tsis tau teeb tsa yog tias txoj cai ntxiv rau lawv tau txhais yav dhau los.
  • Hauv systemd-boot, cov noob xa mus rau pseudo-random tooj generators nyob rau hauv lub ntsiav thiab rau lub disk backend tau rov ua haujlwm. Ntxiv kev txhawb nqa rau thauj cov ntsiav tsis yog los ntawm ESP (EFI System Partition), piv txwv li, los ntawm firmware lossis ncaj qha rau QEMU. Parsing ntawm SMBIOS tsis yog muab los txiav txim pib hauv ib puag ncig virtualization. Ib hom tshiab 'yog tias muaj kev nyab xeeb' tau ua tiav nyob rau hauv uas daim ntawv pov thawj rau UEFI Secure Boot yog loaded los ntawm ESP tsuas yog tias nws raug pom zoo (khiav hauv lub tshuab virtual).
  • bootctl kev siv hluav taws xob siv cov cim cim cim ntawm txhua lub tshuab EFI, tshwj tsis yog qhov chaw virtualization. Ntxiv 'kernel-identify' thiab 'kernel-inspect' cov lus txib kom tso saib cov duab ntsiav hom thiab cov ntaub ntawv hais txog kab lus hais kom ua thiab cov ntsiav version, 'Unlink' kom tshem tawm cov ntaub ntawv cuam tshuam nrog thawj hom khau raj cov ntaub ntawv, 'cleanup' kom tshem tawm tag nrho cov ntaub ntawv los ntawm " nkag-token" directory hauv ESP thiab XBOOTLDR, tsis cuam tshuam nrog thawj hom khau raj cov ntaub ntawv. Kev ua haujlwm ntawm KERNEL_INSTALL_CONF_ROOT hloov pauv tau muab.
  • 'systemctl list-dependencies' hais kom ua tam sim no txhawb kev ua haujlwm ntawm '--type' thiab '--state' cov kev xaiv, thiab 'systemctl kexec' hais kom ntxiv kev txhawb nqa rau ib puag ncig raws li Xen hypervisor.
  • Hauv .network cov ntaub ntawv hauv ntu [DHCPv4], kev txhawb nqa rau SocketPriority thiab QuickAck, RouteMetric = high|medium|tsawg xaiv tau tam sim no tau ntxiv.
  • Systemd-repart ntxiv cov kev xaiv "--include-partitions", "--exclude-partitions" thiab "--defer-partitions" los lim partitions los ntawm UUID hom, uas, piv txwv li, tso cai rau koj los tsim cov duab nyob rau hauv uas ib tug muab faib yog ua raws li cov ntsiab lus ntawm lwm qhov muab faib. Kuj ntxiv qhov kev xaiv "--sector-size" los qhia qhov loj ntawm cov sector siv thaum tsim cov muab faib. Ntxiv kev txhawb nqa rau erofs cov ntaub ntawv tsim. Qhov Minimize teeb tsa siv ua qhov "zoo tshaj" tus nqi los xaiv qhov tsawg kawg nkaus ua tau duab loj.
  • systemd-journal-remote tso cai rau siv MaxUse, KeepFree, MaxFileSize thiab MaxFiles nqis los txwv qhov chaw siv disk.
  • systemd-cryptsetup ntxiv kev txhawb nqa rau kev xa cov ntawv thov rau FIDO2 tokens los txiav txim siab lawv muaj ua ntej kev lees paub.
  • Cov tsis tshiab tpm2-measure-bank thiab tpm2-measure-pcr tau ntxiv rau crypttab.
  • systemd-gpt-auto-generator siv mounting ntawm ESP thiab XBOOTLDR partitions nyob rau hauv lub "noexec, nosuid, nodev" hom, thiab kuj ntxiv accounting rau lub rootfstype thiab rootflags tsis dhau los ntawm lub ntsiav hais kom ua kab.
  • systemd-resolved muab lub peev xwm los teeb tsa cov kev daws teeb meem los ntawm kev qhia lub npe server, sau npe, network.dns thiab network.search_domains cov kev xaiv ntawm cov kab hais kom ua kernel.
  • Cov lus txib "systemd-analyze" tam sim no muaj peev xwm tso tawm hauv JSON hom ntawv thaum qhia tus chij "-json". Cov kev xaiv tshiab "--table" thiab "-no-legend" kuj tau ntxiv los tswj cov zis.
  • Hauv 2023, peb npaj yuav xaus kev txhawb nqa rau cgroups v1 thiab faib cov npe hierarchies (qhov twg / usr yog mounted cais los ntawm lub hauv paus, lossis / bin thiab / usr / bin, / lib thiab / usr / lib raug cais).

Tau qhov twg los: opennet.ru

Ntxiv ib saib