ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > systemd tus thawj tswj hwm tso tawm 246

systemd tus thawj tswj hwm tso tawm 246

Tom qab tsib lub hlis ntawm kev loj hlob hais tawm system manager tso tawm systemd 246. Qhov kev tso tawm tshiab no suav nrog kev txhawb nqa rau cov chav nyob khov, muaj peev xwm txheeb xyuas cov duab hauv paus disk siv cov kos npe digital, kev txhawb nqa log compression thiab core dumps siv ZSTD algorithm, lub peev xwm los qhib cov phau ntawv hauv tsev portable siv FIDO2 tokens, txhawb kev qhib Microsoft BitLocker partitions ntawm /etc/ crypttab, BlackList tau renamed rau DenyList.

ntsiab hloov:

  • Ntxiv kev txhawb nqa rau lub freezer resource controller raws li cgroups v2, uas koj tuaj yeem nres cov txheej txheem thiab tso qee cov peev txheej ib ntus (CPU, I / O, thiab muaj peev xwm txawm tias nco) ua lwm yam haujlwm. Kev khov thiab defrosting ntawm chav nyob yog tswj tau siv qhov tshiab "systemctl freeze" hais kom ua lossis ntawm D-Bus.
  • Ntxiv kev txhawb nqa rau kev txheeb xyuas cov duab hauv paus disk siv tus kos npe digital. Kev pov thawj tau ua tiav siv cov chaw tshiab hauv cov kev pabcuam: RootHash (hauv paus hash rau kev txheeb xyuas cov duab disk uas tau teev tseg los ntawm kev xaiv RootImage) thiab RootHashSignature (kos npe digital hauv PKCS # 7 hom ntawv rau lub hauv paus hash).
  • Tus neeg saib xyuas PID 1 siv lub peev xwm los thauj khoom ua ntej AppArmor cov cai (/etc/apparmor/earlypolicy) ntawm qhov pib khau raj.
  • Cov ntaub ntawv tshiab chav tsev tau ntxiv lawm: ConditionPathIsEncrypted thiab AssertPathIsEncrypted los xyuas qhov chaw ntawm txoj kev teev tseg ntawm ib lub cuab yeej thaiv uas siv encryption (dm-crypt/LUKS), ConditionEnvironment thiab AssertEnvironment los xyuas ib puag ncig hloov pauv (piv txwv li, cov teeb tsa los ntawm PAM lossis thaum teeb tsa cov thawv).
  • Rau *.mount units, qhov chaw ReadWriteOnly tau ua tiav, uas txwv tsis pub mounting ib qho kev faib nyob rau hauv hom nyeem nkaus xwb yog tias nws tsis tuaj yeem mount nws rau kev nyeem ntawv thiab sau ntawv. Hauv /etc/fstab hom no yog teeb tsa siv "x-systemd.rw-tsuas" kev xaiv.
  • Rau *.socket units, PassPacketInfo teeb tsa tau ntxiv, uas ua rau cov ntsiav ntxiv cov metadata ntxiv rau txhua pob ntawv nyeem los ntawm lub qhov (sockets IP_PKTINFO, IPV6_RECVPKTINFO thiab NETLINK_PKTINFO hom rau lub qhov (socket).
  • Rau cov kev pabcuam (*.service units), CoredumpFilter nqis yog npaj siab (txhais ntu nco uas yuav tsum tau suav nrog hauv cov pob pov tseg) thiab
    TimeoutStartFailureMode/TimeoutStopFailureMode (txhais tus cwj pwm (SIGTERM, SIGABRT lossis SIGKILL) thaum lub sij hawm tshwm sim thaum pib lossis nres qhov kev pabcuam).

  • Feem ntau cov kev xaiv tam sim no txhawb nqa hexadecimal qhov tseem ceeb qhia siv "0x" ua ntej.
  • Nyob rau hauv ntau yam kev hais kom ua kab tsis thiab teeb tsa cov ntaub ntawv ntsig txog teeb tsa cov yuam sij lossis daim ntawv pov thawj, nws muaj peev xwm hais qhia txoj hauv kev rau unix sockets (AF_UNIX) rau kev hloov cov yuam sij thiab daim ntawv pov thawj los ntawm kev hu rau IPC cov kev pabcuam thaum nws tsis tsim nyog tso daim ntawv pov thawj rau ntawm qhov tsis muaj ntaub ntawv pov thawj. khaws cia.
  • Ntxiv kev txhawb nqa rau rau tus tshiab specifiers uas tuaj yeem siv rau hauv chav tsev, tmpfiles.d/, sysusers.d/ thiab lwm yam ntaub ntawv teeb tsa: %a rau hloov cov qauv tam sim no, %o/%w/%B/%W rau hloov chaw nrog tus cim los ntawm /etc/os-release thiab %l rau luv hostname hloov pauv.
  • Chav tsev cov ntaub ntawv tsis txhawb cov ".include" syntax, uas tau deprecated 6 xyoo dhau los.
  • Qhov StandardError thiab StandardOutput nqis tsis txhawb qhov tseem ceeb "syslog" thiab "syslog-console", uas yuav tau hloov pauv mus rau "cov ntawv xov xwm" thiab "cov ntawv xov xwm + console".
  • Rau kev tsim tmpfs-raws li mount cov ntsiab lus (/ tmp, / khiav, / dev / shm, thiab lwm yam), txwv ntawm qhov loj thiab tus naj npawb ntawm inodes tau muab, sib xws rau 50% ntawm RAM loj rau /tmp thiab / dev / shm, thiab 10% ntawm RAM rau txhua tus.
  • Ntxiv cov lus txib tshiab kab lus xaiv: systemd.hostname los teeb tsa lub npe hostname ntawm qhov pib khau raj, udev.blockdev_read_only txhawm rau txwv txhua qhov thaiv cov cuab yeej cuam tshuam nrog lub cev tsav mus rau hom nyeem nkaus xwb (koj tuaj yeem siv "blockdev --setrw" hais kom ua. xaiv rho tawm), systemd .swap kom lov tes taw tsis siv neeg ua kom muaj kev sib pauv, systemd.clock-usec los teeb tsa lub moos moos hauv microseconds, systemd.condition-xav tau-hloov tshiab thiab systemd.condition-thawj-khau raj rau override ConditionNeedsUpdate thiab ConditionFirstBoot kuaj.
  • Los ntawm lub neej ntawd, sysctl fs.suid_dumpable yog teem rau 2 ("suidsafe"), uas tso cai rau txuag cov tub ntxhais pov tseg rau cov txheej txheem nrog tus chij suid.
  • Cov ntaub ntawv /usr/lib/udev/hwdb.d/60-autosuspend.hwdb tau qiv rau hauv cov ntaub ntawv kho vajtse los ntawm ChromiumOS, uas suav nrog cov ntaub ntawv hais txog PCI thiab USB li uas txhawb nqa tsis siv neeg pw tsaug zog.
  • Kev teeb tsa ManageForeignRoutes tau ntxiv rau networkd.conf, thaum qhib, systemd-networkd yuav pib tswj txhua txoj hauv kev teeb tsa los ntawm lwm cov khoom siv hluav taws xob.
  • Ib ntu "[SR-IOV]" tau ntxiv rau .network cov ntaub ntawv rau kev teeb tsa cov khoom siv network uas txhawb nqa SR-IOV (Ib leeg hauv paus I/O Virtualization).
  • Hauv systemd-networkd, IPv4AcceptLocal qhov chaw tau ntxiv rau "[Network]" ntu kom tso cai rau pob ntawv tuaj txog nrog qhov chaw nyob hauv zos kom tau txais ntawm lub network interface.
  • systemd-networkd tau ntxiv lub peev xwm los teeb tsa HTB tsheb thauj neeg ua ntej kev qhuab qhia los ntawm [HierarchyTokenBucket] thiab
    [HierarchyTokenBucketClass], "pfifo" ntawm [PFIFO], "GRED" ntawm [GenericRandomEarlyDetection], "SFB" ntawm [StochasticFairBlue], "cake"
    ntawm [CAKE], "PIE" ntawm [PIE], "DRR" ntawm [DeficitRoundRobinScheduler] thiab
    [DeficitRoundRobinSchedulerClass], "BFIFO" ntawm [BFIFO],
    "PFIFOHeadDrop" via [PFIFOHeadDrop], "PFIFOFast" via [PFIFOFast], "HHF"
    via [HeavyHitterFilter], "ETS" via [EnhancedTransmissionSelection],
    "QFQ" ntawm [QuickFairQueueing] thiab [QuickFairQueueingClass].

  • Hauv systemd-networkd, qhov chaw UseGateway tau ntxiv rau hauv ntu [DHCPv4] kom tsis txhob siv cov ntaub ntawv rooj vag tau txais los ntawm DHCP.
  • Hauv systemd-networkd, hauv [DHCPv4] thiab [DHCPServer] ntu, SendVendorOption tau ntxiv rau kev txhim kho thiab ua cov kev xaiv muag khoom ntxiv.
  • systemd-networkd siv cov txheej txheem tshiab ntawm EmitPOP3 / POP3, EmitSMTP / SMTP thiab EmitLPR / LPR kev xaiv hauv ntu [DHCPServer] ntxiv cov ntaub ntawv hais txog POP3, SMTP thiab LPR servers.
  • Hauv systemd-networkd, hauv .netdev cov ntaub ntawv hauv ntu [Bridge], qhov chaw VLANProtocol tau ntxiv los xaiv VLAN raws tu qauv siv.
  • Hauv systemd-networkd, hauv .network cov ntaub ntawv hauv ntu [Txuas], Pawg Pab Pawg tau siv los tswj cov pab pawg sib txuas.
  • BlackList nqis tau hloov npe mus rau DenyList ( khaws cia lub npe qub tuav rau rov qab sib raug zoo).
  • Systemd-networkd tau ntxiv ib feem loj ntawm kev teeb tsa ntsig txog IPv6 thiab DHCPv6.
  • Ntxiv "forcerenew" hais kom ua rau networkctl kom yuam txhua qhov chaw nyob khi kom hloov kho (nqis).
  • Hauv kev daws teeb meem, hauv DNS configuration, nws tau los ua kom paub meej tus naj npawb chaw nres nkoj thiab tus tswv lub npe rau DNS-tshaj-TLS daim ntawv pov thawj. Kev siv DNS-dhau-TLS tau ntxiv kev txhawb nqa rau SNI kuaj.
  • Systemd- daws tam sim no muaj peev xwm los teeb tsa kev hloov pauv ntawm ib lub npe DNS npe (ib daim ntawv lo, los ntawm ib lub npe tswv).
  • systemd-journald muab kev txhawb nqa rau kev siv zstd algorithm los nthuav cov teb loj hauv cov ntawv xov xwm. Kev ua haujlwm tau ua los tiv thaiv kev sib tsoo hauv cov rooj hash siv hauv cov ntawv xov xwm.
  • Clickable URLs nrog cov txuas mus rau cov ntaub ntawv tau muab ntxiv rau journalctl thaum tso saib cov ntawv teev lus.
  • Ntxiv qhov Kev Ntsuam Xyuas qhov chaw rau journald.conf los tswj seb puas muaj kev tshuaj xyuas tau qhib thaum lub sij hawm systemd-journald pib.
  • Systemd-coredump tam sim no muaj lub peev xwm los nthuav cov pob zeb pov tseg uas siv zstd algorithm.
  • Ntxiv UUID teeb tsa rau systemd-repart kom muab UUID rau qhov kev faib tsim.
  • Qhov kev pabcuam systemd-homed, uas muab kev tswj xyuas cov chaw khaws cia hauv tsev, tau ntxiv lub peev xwm los qhib cov npe hauv tsev siv FIDO2 tokens. Lub LUKS muab faib encryption backend tau ntxiv kev txhawb nqa rau kev xa rov qab cov ntaub ntawv khoob khoob thaum qhov kev sib tham xaus. Ntxiv kev tiv thaiv tiv thaiv ob chav encryption ntawm cov ntaub ntawv yog tias nws tau txiav txim siab tias / tsev muab faib ntawm lub kaw lus twb tau encrypted.
  • Ntxiv cov chaw rau /etc/crypttab: "keyfile-erase" rho tawm tus yuam sij tom qab siv thiab "sim-dawb-password" txhawm rau sim qhib qhov muab faib nrog tus lej zais zais ua ntej ua rau tus neeg siv rau tus password (tseem ceeb rau kev txhim kho cov duab encrypted nrog tus password muab tom qab thawj khau raj, tsis yog thaum lub sijhawm teeb tsa).
  • systemd-cryptsetup ntxiv kev txhawb nqa rau kev qhib Microsoft BitLocker partitions ntawm lub sijhawm khau raj siv /etc/crypttab. Kuj ntxiv muaj peev xwm nyeem tau
    cov yuam sij kom tau txais kev qhib cov partitions los ntawm cov ntaub ntawv /etc/cryptsetup-keys.d/ .key thiab /run/cryptsetup-keys.d/ .key.

  • Ntxiv systemd-xdg-autostart-generator los tsim cov ntaub ntawv ntawm .desktop autostart cov ntaub ntawv.
  • Ntxiv "reboot-to-firmware" hais kom ua "bootctl".
  • Ntxiv cov kev xaiv rau systemd-firstboot: "--image" kom qhia meej cov duab disk rau khau raj, "--kernel-command-line" txhawm rau pib cov ntaub ntawv /etc/kernel/cmdline, "--root-password-hashed" rau qhia meej lub hauv paus lo lus zais hash, thiab "--delete-root-password" kom rho tawm tus password hauv paus.

Tau qhov twg los: opennet.ru

Ntxiv ib saib