ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > systemd tus thawj tswj hwm tso tawm 250

systemd tus thawj tswj hwm tso tawm 250

Tom qab tsib lub hlis ntawm txoj kev loj hlob, qhov kev tso tawm ntawm tus thawj tswj hwm systemd 250 tau nthuav tawm. Qhov kev tso tawm tshiab tau qhia txog lub peev xwm khaws cov ntaub ntawv pov thawj hauv daim ntawv encrypted, ua pov thawj ntawm kev kuaj pom GPT cov partitions uas siv cov kos npe digital, txhim kho cov ntaub ntawv hais txog qhov ua rau qeeb thaum pib cov kev pabcuam, thiab ntxiv cov kev xaiv rau kev txwv cov kev pabcuam nkag mus rau qee cov ntaub ntawv kaw lus thiab kev sib txuas hauv network, kev txhawb nqa rau kev muab faib kev ncaj ncees saib xyuas siv dm-kev ncaj ncees module yog muab, thiab kev txhawb nqa rau sd-boot auto-update yog ntxiv.

Cov kev hloov loj:

  • Ntxiv kev txhawb nqa rau encrypted thiab authenticated credentials, uas yuav pab tau kom ruaj ntseg khaws cov ntaub ntawv rhiab heev xws li SSL yuam sij thiab nkag mus rau cov passwords. Decryption ntawm daim ntawv pov thawj tsuas yog ua thaum tsim nyog thiab txuas nrog lub hauv paus kev teeb tsa lossis khoom siv. Cov ntaub ntawv yog encrypted cia li siv symmetric encryption algorithms, tus yuam sij uas yuav tsum tau nyob rau hauv cov ntaub ntawv system, nyob rau hauv lub TPM2 nti, los yog siv ib tug ua ke tswvyim. Thaum qhov kev pabcuam pib, cov ntaub ntawv pov thawj tau txiav tawm thiab ua rau muaj rau cov kev pabcuam hauv nws daim ntawv ib txwm muaj. Txhawm rau ua haujlwm nrog cov ntawv pov thawj encrypted, cov khoom siv 'systemd-creds' tau ntxiv, thiab LoadCredentialEncrypted thiab SetCredentialEncrypted nqis tau thov rau cov kev pabcuam.
  • sd-stub, EFI executable uas tso cai rau EFI firmware thauj cov Linux ntsiav, tam sim no txhawb booting lub kernel siv LINUX_EFI_INITRD_MEDIA_GUID EFI raws tu qauv. Ntxiv rau sd-stub yog lub peev xwm los ntim cov ntaub ntawv pov thawj thiab cov ntaub ntawv sysext rau hauv cpio archive thiab hloov cov ntaub ntawv no mus rau lub ntsiav nrog rau cov initrd (cov ntaub ntawv ntxiv tau muab tso rau hauv /.extra/ directory). Cov yam ntxwv no tso cai rau koj los siv cov ntaub ntawv pov thawj tsis tuaj yeem hloov tsis tau initrd, ua tiav los ntawm sysexts thiab cov ntaub ntawv pov thawj encrypted.
  • Qhov Discoverable Partitions specification tau nthuav dav, muab cov cuab yeej rau kev txheeb xyuas, txuas thiab ua kom cov kab ke ua haujlwm siv GPT (GUID Partition Tables). Piv nrog rau kev tshaj tawm yav dhau los, qhov tshwj xeeb tam sim no txhawb cov hauv paus muab faib thiab / usr muab faib rau feem ntau cov qauv, suav nrog cov platforms uas tsis siv UEFI.

    Discoverable Partitions kuj ntxiv kev txhawb nqa rau cov partitions uas nws txoj kev ncaj ncees raug txheeb xyuas los ntawm dm-verity module siv PKCS#7 cov kos npe digital, ua rau nws yooj yim dua los tsim cov duab uas muaj pov thawj tag nrho. Kev lees paub kev txhawb nqa tau muab tso rau hauv ntau yam khoom siv uas tswj cov duab disk, suav nrog systemd-nspawn, systemd-sysext, systemd-dissect, RootImage cov kev pabcuam, systemd-tmpfiles, thiab systemd-sysusers.

  • Rau cov koog uas siv sijhawm ntev los pib lossis nres, ntxiv rau kev nthuav qhia cov kev ua haujlwm animated bar, nws tuaj yeem tso saib cov ntaub ntawv xwm txheej uas tso cai rau koj nkag siab tias qhov tshwm sim tiag tiag nrog cov kev pabcuam tam sim no thiab qhov kev pabcuam twg yog tus tswj hwm lub cev. tam sim no tos kom tiav.
  • Ntxiv qhov DefaultOOMScoreAdjust parameter rau /etc/systemd/system.conf thiab /etc/systemd/user.conf, uas tso cai rau koj los kho OOM-killer pib rau lub cim xeeb qis, muaj feem xyuam rau cov txheej txheem uas systemd pib rau lub kaw lus thiab cov neeg siv. Los ntawm lub neej ntawd, qhov hnyav ntawm cov kev pabcuam system yog siab dua li cov neeg siv kev pabcuam, piv txwv li. Thaum muaj kev nco tsis txaus, qhov tshwm sim ntawm kev txiav tawm ntawm cov neeg siv kev pabcuam yog siab dua li ntawm cov kab ke.
  • Ntxiv qhov RestrictFileSystems teeb tsa, uas tso cai rau koj txwv cov kev pabcuam nkag mus rau qee hom ntaub ntawv kaw lus. Txhawm rau saib cov hom ntaub ntawv muaj, koj tuaj yeem siv "systemd-analyze filesystems" hais kom ua. Los ntawm kev sib piv, qhov kev xaiv RestrictNetworkInterfaces tau ua tiav, uas tso cai rau koj txwv kev nkag mus rau qee qhov kev sib txuas hauv network. Qhov kev siv yog ua raws li BPF LSM module, uas txwv tsis pub nkag mus ntawm ib pab pawg txheej txheem rau cov khoom kernel.
  • Ntxiv ib qho tshiab /etc/integritytab configuration file thiab systemd-integritysetup utility uas teeb tsa lub dm-kev ncaj ncees module los tswj cov ntaub ntawv kev ncaj ncees ntawm qib sector, piv txwv li, los lav qhov tsis tuaj yeem ntawm cov ntaub ntawv encrypted (Authenticated Encryption, xyuas kom meej tias cov ntaub ntawv thaiv muaj tsis tau hloov kho nyob rau hauv ib txoj kev roundabout). Cov hom ntawv ntawm /etc/integritytab cov ntaub ntawv zoo ib yam li /etc/crypttab thiab /etc/veritytab cov ntaub ntawv, tshwj tsis yog tias dm-kev ncaj ncees yog siv dm-crypt thiab dm-verity.
  • Ib chav tsev tshiab cov ntaub ntawv systemd-boot-update.service tau ntxiv, thaum qhib thiab sd-boot bootloader tau teeb tsa, systemd yuav hloov kho cov version ntawm sd-boot bootloader, khaws cov bootloader code ib txwm muaj. sd-boot nws tus kheej yog tam sim no tsim los ntawm lub neej ntawd nrog kev txhawb nqa rau SBAT (UEFI Secure Boot Advanced Targeting), uas daws teeb meem nrog kev tshem tawm daim ntawv pov thawj rau UEFI Secure Boot. Tsis tas li ntawd, sd-boot muab lub peev xwm los txheeb xyuas Microsoft Windows boot settings kom raug tsim cov npe ntawm khau raj partitions nrog Windows thiab tso saib Windows version.

    sd-boot kuj muab lub peev xwm los txhais cov qauv xim ntawm lub sijhawm tsim. Thaum lub sijhawm khau raj, ntxiv kev txhawb nqa rau kev hloov pauv qhov kev daws teeb meem ntawm lub vijtsam los ntawm nias lub "r" tus yuam sij. Ntxiv hotkey "f" mus rau lub firmware configuration interface. Ntxiv ib hom kom cia li khau raj lub kaw lus sib raug rau cov ntawv qhia zaub mov xaiv thaum lub caij khau raj kawg. Ntxiv lub peev xwm los thauj cov EFI tsav tsheb nyob rau hauv /EFI/systemd/drivers/ directory hauv ESP (EFI System Partition) section.

  • Ib chav tsev tshiab cov ntaub ntawv Hoobkas-reset.target suav nrog, uas tau ua tiav hauv systemd-logind hauv txoj hauv kev zoo ib yam li kev rov pib dua, poweroff, ncua kev ua haujlwm thiab hibernate, thiab yog siv los tsim cov neeg ua haujlwm rau kev ua haujlwm rov pib dua lub Hoobkas.
  • Cov txheej txheem kev daws teeb meem tam sim no tsim ib qho kev mloog ntxiv ntawm 127.0.0.54 ntxiv rau 127.0.0.53. Cov lus thov tuaj txog ntawm 127.0.0.54 yog ib txwm xa rov qab mus rau DNS servers thiab tsis ua tiav hauv zos.
  • Muab lub peev xwm los tsim systemd-importd thiab systemd-kev daws teeb meem nrog lub tsev qiv ntawv OpenSSL tsis yog libgcrypt.
  • Ntxiv kev txhawb nqa thawj zaug rau LoongArch architecture siv hauv Loongson processors.
  • systemd-gpt-auto-generator muab lub peev xwm los txiav txim siab qhov system-txhais kev sib pauv kev faib tawm encrypted los ntawm LUKS2 subsystem.
  • GPT duab parsing code siv hauv systemd-nspawn, systemd-dissect, thiab cov khoom siv zoo sib xws siv lub peev xwm los txiav txim siab cov duab rau lwm cov architectures, tso cai rau systemd-nspawn siv los khiav cov duab ntawm emulators ntawm lwm cov architectures.
  • Thaum kuaj xyuas cov duab disk, systemd-dissect tam sim no qhia cov ntaub ntawv hais txog lub hom phiaj ntawm kev muab faib, xws li kev tsim nyog rau khau raj ntawm UEFI lossis khiav hauv lub thawv.
  • Daim teb "SYSEXT_SCOPE" tau ntxiv rau hauv qhov system-extension.d/ cov ntaub ntawv, tso cai rau koj los qhia txog qhov peev txheej ntawm cov duab kab ke - "initrd", "system" lossis "portable".
  • Ib daim teb "PORTABLE_PREFIXES" tau ntxiv rau cov ntaub ntawv os-tso, uas tuaj yeem siv rau hauv cov duab portable los txiav txim siab cov ntaub ntawv ua ntej txhawb nqa.
  • systemd-logind qhia txog cov chaw tshiab HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress thiab HandleHibernateKeyLongPress, uas tuaj yeem siv los txiav txim seb yuav ua li cas thaum qee cov yuam sij tau tuav tseg rau ntau dua 5 vib nas this (piv txwv li, nias lub Suspendby qhov tseem ceeb tuaj yeem ua tau sai sai. , thiab thaum tuav cia, nws yuav mus pw).
  • Rau cov chav nyob, StartupAllowedCPUs thiab StartupAllowedMemoryNodes nqis yog siv, uas txawv ntawm cov chaw zoo sib xws yam tsis muaj Startup prefix nyob rau hauv uas lawv tau thov tsuas yog nyob rau hauv lub khau raj thiab kaw theem, uas tso cai rau koj mus teem lwm yam kev pab cuam thaum lub sij hawm khau raj.
  • Ntxiv [Txheej xwm|Assert][Memory|CPU|IO] Kev ntsuas siab uas tso cai rau kev ua haujlwm ntawm chav ua haujlwm kom hla lossis ua tsis tiav yog tias PSI mechanism pom qhov hnyav ntawm lub cim xeeb, CPU, thiab I / O hauv lub kaw lus.
  • Qhov siab tshaj plaws inode txwv tau nce rau / dev muab faib los ntawm 64k rau 1M, thiab rau / tmp muab faib los ntawm 400k rau 1M.
  • Kev teeb tsa ExecSearchPath tau raug npaj rau cov kev pabcuam, uas ua rau nws tuaj yeem hloov txoj hauv kev rau kev tshawb nrhiav cov ntaub ntawv ua tiav tau pib los ntawm kev teeb tsa zoo li ExecStart.
  • Ntxiv qhov RuntimeRandomizedExtraSec teeb tsa, uas tso cai rau koj los qhia qhov sib txawv tsis sib xws rau hauv lub sijhawm RuntimeMaxSec, uas txwv lub sijhawm ua tiav ntawm ib chav.
  • Cov syntax ntawm RuntimeDirectory, StateDirectory, CacheDirectory thiab LogsDirectory nqis tau nthuav dav, uas los ntawm kev qhia tus nqi ntxiv cais los ntawm cov nyuv, tam sim no koj tuaj yeem teeb tsa kev tsim cov cim txuas rau ib daim ntawv teev npe rau kev teeb tsa kev nkag mus raws ntau txoj hauv kev.
  • Rau cov kev pabcuam, TTYRows thiab TTYColumns teeb tsa muaj los teeb tsa cov kab thiab kab hauv TTY ntaus ntawv.
  • Ntxiv qhov ExitType teeb tsa, uas tso cai rau koj hloov lub logic rau kev txiav txim siab qhov kawg ntawm kev pabcuam. Los ntawm lub neej ntawd, systemd tsuas yog saib xyuas kev tuag ntawm cov txheej txheem tseem ceeb, tab sis yog tias ExitType = cgroup raug teeb tsa, tus thawj tswj hwm yuav tos cov txheej txheem kawg hauv cgroup kom tiav.
  • systemd-cryptsetup qhov kev siv ntawm TPM2 / FIDO2 / PKCS11 kev txhawb nqa tam sim no kuj tau tsim los ua lub cryptsetup plugin, tso cai rau cov lus txib cryptsetup ib txwm siv los qhib qhov kev faib tawm encrypted.
  • TPM2 handler hauv systemd-cryptsetup/systemd-cryptsetup ntxiv kev txhawb nqa rau RSA thawj cov yuam sij ntxiv rau ECC cov yuam sij los txhim kho kev sib raug zoo nrog cov tsis-ECC chips.
  • Cov kev xaiv token-timeout tau ntxiv rau /etc/crypttab, uas tso cai rau koj los txhais lub sijhawm siab tshaj plaws los tos rau PKCS # 11 / FIDO2 token kev sib txuas, tom qab ntawd koj yuav raug ceeb toom kom nkag mus rau lo lus zais lossis tus yuam sij rov qab.
  • systemd-timesyncd siv lub SaveIntervalSec teeb tsa, uas tso cai rau koj kom txuag tau lub sijhawm tam sim no rau disk, piv txwv li, siv lub moos monotonic ntawm cov tshuab tsis muaj RTC.
  • Cov kev xaiv tau muab ntxiv rau qhov systemd-analyze utility: "--duab" thiab "--hauv paus" rau kev tshuaj xyuas cov ntaub ntawv hauv tsev hauv ib daim duab lossis cov npe hauv paus, "--recursive-errors" rau kev coj mus rau hauv tus account nyob rau hauv cov chav nyob thaum ua yuam kev tau kuaj pom, "--offline" rau kev tshuaj xyuas cais cov ntaub ntawv khaws tseg rau hauv disk, "-json" rau cov ntawv tso tawm hauv JSON hom, "- ntsiag to" kom lov tes taw cov lus tsis tseem ceeb, "-profile" los khi rau lub portable profile. Tsis tas li ntawd ntxiv yog qhov tshuaj xyuas-elf cov lus txib rau kev txheeb xyuas cov ntaub ntawv tseem ceeb hauv ELF hom ntawv thiab muaj peev xwm txheeb xyuas cov ntaub ntawv hauv chav tsev nrog lub npe chav tsev, tsis hais seb lub npe no puas phim lub npe cov ntaub ntawv.
  • systemd-networkd tau nthuav dav kev txhawb nqa rau Controller Area Network (CAN) tsheb npav. Ntxiv cov chaw los tswj CAN hom: Loopback, OneShot, PresumeAck thiab ClassicDataLengthCode. Ntxiv TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment2 thiab DataSyncJumpWidth kev xaiv ntawm cov ntaub ntawv C.
  • Systemd-networkd tau ntxiv ib qho kev xaiv Label rau DHCPv4 tus neeg siv khoom, uas tso cai rau koj los teeb tsa qhov chaw nyob daim ntawv lo siv thaum teeb tsa IPv4 chaw nyob.
  • systemd-udevd rau "ethtool" siv kev txhawb nqa tshwj xeeb "max" qhov tseem ceeb uas teeb tsa qhov loj me rau qhov siab tshaj plaws uas txhawb nqa los ntawm kho vajtse.
  • Hauv .link cov ntaub ntawv rau systemd-udevd tam sim no koj tuaj yeem teeb tsa ntau yam tsis zoo rau kev sib txuas network adapters thiab txuas cov cuab yeej kho vajtse (offload).
  • systemd-networkd muaj cov ntaub ntawv tshiab .network los ntawm lub neej ntawd: 80-container-vb.network los txhais cov txuas txuas network tsim thaum khiav systemd-nspawn nrog "--network-bridge" lossis "--network-zone" xaiv; 80-6rd-tunnel.network los txhais cov tunnels uas tau tsim thaum tau txais DHCP cov lus teb nrog 6RD kev xaiv.
  • Systemd-networkd thiab systemd-udevd tau ntxiv kev txhawb nqa rau IP xa mus rau InfiniBand interfaces, uas "[IPoIB]" ntu tau ntxiv rau cov ntaub ntawv systemd.netdev, thiab kev ua tiav ntawm tus nqi "ipoib" tau siv hauv Hom kev teeb tsa.
  • systemd-networkd muab cov kev teeb tsa tsis siv neeg rau cov chaw nyob uas tau teev tseg hauv AllowedIPs parameter, uas tuaj yeem teeb tsa los ntawm RouteTable thiab RouteMetric tsis nyob hauv [WireGuard] thiab [WireGuardPeer] ntu.
  • systemd-networkd muab cov cim tsis siv neeg ntawm qhov tsis hloov MAC chaw nyob rau batadv thiab choj txuas. Txhawm rau lov tes taw tus cwj pwm no, koj tuaj yeem hais qhia MACAddress = tsis muaj nyob hauv .netdev cov ntaub ntawv.
  • Kev teeb tsa WakeOnLanPassword tau ntxiv rau .link cov ntaub ntawv hauv ntu "[Txuas]" txhawm rau txiav txim siab tus password thaum WoL tab tom khiav hauv "SecureOn" hom.
  • Ntxiv AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Ntxuav, SplitGSO thiab UseRawPacketSize nqis mus rau "[CAKE]" ntu ntawm .network cov ntaub ntawv los txhais cov kev txwv ntawm CAKE (Common Applications mechanism) Kev tswj xyuas kab ke. .
  • Ntxiv qhov teeb tsa IgnoreCarrierLoss rau "[Network]" ntu ntawm .network cov ntaub ntawv, tso cai rau koj los txiav txim siab ntev npaum li cas los tos ua ntej yuav ua rau poob ntawm cov teeb liab thauj khoom.
  • Systemd-nspawn, homectl, machinectl thiab systemd-run tau txuas ntxiv cov syntax ntawm "--setenv" parameter - yog tias tsuas yog lub npe sib txawv tau teev tseg (tsis muaj "="), tus nqi yuav raug coj los ntawm qhov chaw sib txawv ntawm qhov sib txawv (rau Piv txwv li, thaum qhia "--setenv=FOO" tus nqi yuav raug coj los ntawm $FOO ib puag ncig hloov pauv thiab siv rau hauv ib puag ncig hloov pauv ntawm tib lub npe teev hauv lub thawv).
  • systemd-nspawn tau ntxiv qhov "--suppress-sync" kev xaiv los lov tes taw sync() / fsync() / fdatasync() system hu thaum tsim lub thawv (pab tau thaum ceev yog qhov tseem ceeb thiab khaws cov khoom qub thaum tsis ua haujlwm tsis ua haujlwm. tseem ceeb, vim lawv tuaj yeem rov tsim dua txhua lub sijhawm).
  • Ib qho tshiab hwdb database tau ntxiv, uas suav nrog ntau hom teeb liab ntsuas (multimeters, raws tu qauv ntsuas, oscilloscopes, thiab lwm yam). Cov ntaub ntawv hais txog lub koob yees duab hauv hwdb tau nthuav dav nrog thaj chaw nrog cov ntaub ntawv hais txog hom lub koob yees duab (tsis tu ncua lossis infrared) thiab kev tso lo ntsiab muag (pem hauv ntej lossis nram qab).
  • Ua kom muaj cov npe tsis hloov pauv network interface rau cov khoom siv netfront siv hauv Xen.
  • Kev tsom xam ntawm cov ntaub ntawv tseem ceeb los ntawm qhov systemd-coredump cov nqi hluav taws xob raws li libdw / libelf cov tsev qiv ntawv tam sim no tau ua nyob rau hauv cov txheej txheem cais, cais hauv ib puag ncig sandbox.
  • systemd-importd tau ntxiv kev txhawb nqa rau ib puag ncig hloov pauv $ SYSTEMD_IMPORT_BTRFS_SUBVOL, $ SYSTEMD_IMPORT_BRFS_QUOTA, $ SYSTEMD_IMPORT_SYNC, uas koj tuaj yeem lov tes taw tiam ntawm Btrfs subpartitions, nrog rau kev teeb tsa quotas thiab disk synchronization.
  • Nyob rau hauv systemd-journald, ntawm cov ntaub ntawv systems uas txhawb kev luam-on-sau hom, COW hom yog rov qhib rau cov ntaub ntawv khaws tseg, tso cai rau lawv tau compressed siv Btrfs.
  • systemd-journald siv deduplication ntawm tib yam teb nyob rau hauv ib lo lus, uas yog ua nyob rau theem ua ntej muab cov lus nyob rau hauv phau ntawv journal.
  • Ntxiv "--show" kev xaiv rau kaw lus txib kom tso saib lub sijhawm kaw.

Tau qhov twg los: opennet.ru

Ntxiv ib saib