ProHoster > Блог > ozi ịntanetị > Sistemụ njikwa sistemụ 253

Sistemụ njikwa sistemụ 253

Mgbe ọnwa atọ na ọkara nke mmepe gasịrị, ewepụtara ntọhapụ nke sistemụ njikwa sistemu 253.

N'ime mgbanwe ndị dị na mwepụta ọhụrụ:

  • Ngwungwu a gụnyere akụrụngwa 'ukify', nke emebere iji wuo, nyochaa na mepụta mbinye aka maka onyonyo kernel jikọtara ọnụ (UKI, Foto Kernel Unified), na-ejikọ onye na-ahụ maka ibunye kernel site na UEFI (UEFI boot stub), onyonyo kernel Linux na a. gburugburu sistemụ etinyere n'ime initrd ebe nchekwa, ejiri maka mmalite mmalite na ogbo tupu ịgbanye sistemụ faịlụ mgbọrọgwụ. Ngwa ahụ na-edochi arụmọrụ nke iwu 'dracut -uefi' nyere na mbụ wee mejupụta ya na ikike iji gbakọọ desktọpụ na faịlụ PE na-akpaghị aka, ịmekọrịta initrds, ịbịanye aka na onyonyo kernel agbakwunyere, mepụta onyonyo jikọtara ọnụ na sbsign, heuristics maka ịchọpụta aha kernel, ịlele Onyonyo nwere ihu igwe na-agbakwunye atumatu PCR bịanyere aka na ya nke akụrụngwa sistemu-measure mepụtara.
  • Nkwado agbakwunyere maka gburugburu initrd ejedebeghị site na ntinye ebe nchekwa, nke a na-eji overlayfs kama tmpfs. Maka gburugburu ndị dị otú ahụ, systemd anaghị ihichapụ faịlụ niile dị na initrd mgbe ịgbanwere sistemụ faịlụ mgbọrọgwụ.
  • Agbakwunyela paramita “OpenFile” na ọrụ maka imepe faịlụ aka ike na sistemụ faịlụ (ma ọ bụ ijikọ na sockets Unix) wee nyefee nkọwa faịlụ metụtara na usoro ewepụtara (dịka ọmụmaatụ, mgbe ịchọrọ ịhazi ohere ịnweta faịlụ maka otu). ọrụ enweghị ohere na-agbanweghị ikike ịnweta faịlụ).
  • Na systemd-cryptenroll, mgbe ị na-edebanye aha igodo ọhụrụ, ọ ga-ekwe omume imeghe akụkụ ezoro ezo site na iji akara FIDO2 (-unlock-fido2-device) na-achọghị paswọọdụ. A na-echekwa koodu PIN onye ọrụ akọwapụtara na nnu iji mebie nchọpụta ike ike.
  • Agbakwunyere ReloadLimitIntervalSec na ReloadLimitBurst ntọala, yana nhọrọ ahịrị iwu kernel (systemd.reload_limit_interval_sec na /systemd.reload_limit_burst) iji kpachie ike nke usoro ndabere malitegharịa.
  • Maka nkeji, emejuputala nhọrọ "MemoryZSwapMax" iji hazie ihe onwunwe memory.zswap.max, nke na-ekpebi oke zswap.
  • Maka nkeji, emejuputala nhọrọ "LogFilterPatterns", nke na-enye gị ohere ịtọ okwu oge niile iji nyochaa mmepụta ozi na ndekọ (enwere ike iji wepụ ụfọdụ mmepụta ma ọ bụ chekwaa naanị ụfọdụ data).
  • Ngalaba mpaghara na-akwado ntọala "OOMpolicy" iji tọọ omume ahụ mgbe ị na-achọ ịmalite mgbe ebe nchekwa dị ala (a na-edozi oge nbanye na OOMpolicy = gaa n'ihu ka onye na-egbu OOM ghara ịkwụsị ha n'ike).
  • A kọwapụtala ụdị ọrụ ọhụrụ - "Ụdị = notify-reload", nke na-agbatị ụdị "Ụdị = notify" nwere ike ichere mgbama mmalite iji mezue nhazi (SIGHUP). Ebufeela ọrụ systemd-networkd.service, systemd-udevd.service na systemd-logind na ụdị ọhụrụ.
  • udev na-eji atụmatụ ịkpọ aha ọhụrụ maka ngwaọrụ netwọkụ, ihe dị iche bụ na maka ngwaọrụ USB ejikọtaghị na bọs PCI, ID_NET_NAME_PATH ka edobere ugbu a iji hụ na aha ndị ọzọ nwere ike ịkọ. Emejuputala onye ọrụ '-=' maka mgbanwe SYMLINK, na-ahapụ njikọ ihe atụ na-ahazighị ya ma ọ bụrụ na akọwapụtaburu iwu maka ịgbakwunye ha.
  • Na systemd-boot, a rụgharịala mbufe mkpụrụ maka pseudo-random number generators na kernel na maka diski azụ azụ. Nkwado agbakwunyere maka ịkwanye kernel ọ bụghị naanị site na ESP (EFI System Partition), dịka ọmụmaatụ, site na firmware ma ọ bụ ozugbo maka QEMU. Enyere nlebanya nke paramita SMBIOS iji chọpụta mmalite na gburugburu ebe a na-eme nke ọma. Emebela ọnọdụ 'if-safe' ọhụrụ nke a na-ebugo asambodo UEFI Secure Boot site na ESP naanị ma ọ bụrụ na a na-eche na ọ dị mma (na-agba na igwe mebere).
  • Utility bootctl na-emejuputa ọgbọ nke token sistemu na sistemụ EFI niile, belụsọ gburugburu gburugburu. Agbakwunyere iwu 'kernel-identify' na 'kernel-inspect' iji gosipụta ụdị onyonyo kernel na ozi gbasara nhọrọ ahịrị iwu yana ụdị kernel, 'unlink' iji wepu faịlụ metụtara ụdị ndekọ ndekọ mbụ, 'nhicha' iji wepu ihe niile. faịlụ sitere na ndekọ ndekọ "ntinye-token" na ESP na XBOOTLDR, ejikọtaghị ya na ụdị ndekọ ndekọ mbụ nke mbụ. Nhazi nke KERNEL_INSTALL_CONF_ROOT agbanweela.
  • Iwu 'systemctl list-dependencies' na-akwado nhazi nke nhọrọ '--type' na '-state', yana iwu 'systemctl kexec' na-agbakwụnye nkwado maka gburugburu dabere na Xen hypervisor.
  • Na faịlụ netwọkụ dị na ngalaba [DHCPv4], nkwado maka SocketPriority na QuickAck, RouteMetric=high|ọkara | nhọrọ dị ala agbakwunyere ugbu a.
  • Sistemu-repart agbakwunyere nhọrọ “--gụnyere-nkebi”, “--exclude-partitions” na “--defer-partitions” iji nzacha nkebi site na ụdị UUID, nke, dịka ọmụmaatụ, na-enye gị ohere ịmepụta onyonyo nke otu akụkụ dị na ya. wuru dabere na ọdịnaya nke akụkụ ọzọ . Agbakwunyekwara nhọrọ "--sector-size" iji kọwaa nha nke ngalaba eji eme ihe mgbe ị na-eke nkebi. Nkwado agbakwunyere maka imepụta faịlụ erofs. Ntọala wedata na-arụ ọrụ nhazi nke uru “kachasị mma” iji họrọ nha onyonyo kacha nta enwere ike.
  • systemd-journal-remote na-enye ohere iji MaxUse, KeepFree, MaxFileSize na MaxFiles ntọala iji gbochie oriri ohere diski.
  • systemd-cryptsetup na-agbakwụnye nkwado maka izipu arịrịọ ngwa ngwa na akara FIDO2 iji chọpụta ọnụnọ ha tupu nyocha.
  • Agbanyela tpm2-measure-bank na tpm2-measure-pcr ọhụrụ na crypttab.
  • systemd-gpt-auto-generator na-arụ ọrụ ịrị elu nke ESP na XBOOTLDR na ụdị "noexec, nosuid, nodev", ma na-agbakwụnye ndekọ maka rootfstype na rootflags parameters gafere site na kernel Command Line.
  • systemd-resolved na-enye ikike ịhazi ihe nkesa mkpebi site na ịkọwa aha nkesa, ngalaba, network.dns na network.search_domains na ahịrị iwu kernel.
  • Iwu "systemd-analyze plot" nwere ikike ịwepụta n'ụdị JSON mgbe a na-akọwapụta ọkọlọtọ "-json". Nhọrọ ọhụrụ "--table" na "-no-legend" atụkwasịkwarala na mmepụta njikwa.
  • N'afọ 2023, anyị na-eme atụmatụ ịkwụsị nkwado maka cgroups v1 na nhazi akwụkwọ ndekọ aha (ebe / usr na-etinye iche na mgbọrọgwụ, ma ọ bụ / bin na / usr / bin, / lib na / usr / lib kewapụrụ).

isi: opennet.ru

Tinye a comment