ProHoster > Блог > ozi ịntanetị > Sistemụ njikwa sistemụ 250

Sistemụ njikwa sistemụ 250

Mgbe ọnwa ise nke mmepe gasịrị, ewepụtara ntọhapụ nke onye njikwa sistemụ systemd 250. Ntọhapụ ọhụrụ ahụ webatara ikike ịchekwa nzere na ụdị ezoro ezo, mejuputa nkwenye nke akụkụ GPT achọpụtara na-akpaghị aka site na iji mbinye aka dijitalụ, ozi ka mma banyere ihe kpatara igbu oge mgbe. mmalite ọrụ, na agbakwunyere nhọrọ maka igbochi ohere ọrụ na ụfọdụ sistemụ faịlụ na netwọk netwọk, nkwado maka nkebi iguzosi ike n'ezi ihe nlekota oru modul dm-integrity modul na-enye nkwado maka sd-boot auto-update.

Isi mgbanwe:

  • Nkwado agbakwunyere maka nzere ezoro ezo yana zie ezie, nke nwere ike ịba uru maka ịchekwa ihe ndị nwere mmetụta echekwabara dị ka igodo SSL na ịnweta okwuntughe. A na-eme nbibi nke nzere naanị mgbe ọ dị mkpa yana njikọ na ntinye ma ọ bụ akụrụngwa mpaghara. A na-ezobe data na-akpaghị aka site na iji symmetric encryption algọridim, igodo nke enwere ike ịdị na sistemụ faịlụ, na mgbawa TPM2, ma ọ bụ iji atụmatụ ngwakọta. Mgbe ọrụ ahụ malitere, a ga-ewepụ nzere na-akpaghị aka wee dịrị maka ọrụ ahụ n'ụdị ya. Iji rụọ ọrụ na nzere ezoro ezo, agbakwunyela uru 'systemd-creds', yana ntọala LoadCredentialEncrypted na SetCredentialEncrypted ka atụpụtala maka ọrụ.
  • sd-stub, EFI executable nke na-enye ohere EFI firmware ibu kernel Linux, ugbu a na-akwado ịbugharị kernel site na iji LINUX_EFI_INITRD_MEDIA_GUID EFI protocol. Agbakwunyekwara na sd-stub bụ ikike ijikwa nzere na faịlụ sysext n'ime ebe nchekwa cpio wee bufee ebe nchekwa a na kernel yana initrd (a na-etinye faịlụ ndị ọzọ na /.extra/ directory). Njirimara a na-enye gị ohere iji gburugburu initrd enweghị ike ịgbanwe agbanwe, nke sysexts na data nyocha ezoro ezo gbakwunyere.
  • A gbasaala nkọwapụta nkebi nke Discoverable, na-enye ngwaọrụ maka ịchọpụta, ịrịgo na ịgbalite nkebi sistemu site na iji GPT (GUID Partition Tables). E jiri ya tụnyere mwepụta ndị gara aga, nkọwapụta a na-akwado nkebi mgbọrọgwụ na / usr maka ọtụtụ ụlọ ọrụ, gụnyere nyiwe ndị na-adịghị eji UEFI.

    Discoverable Partitions na-agbakwụnyekwa nkwado maka akụkụ nke dm-verity modul kwadoro iguzosi ike n'ezi ihe site na iji PKCS#7 mbinye aka dijitalụ, na-eme ka ọ dịkwuo mfe ịmepụta ihe oyiyi diski zuru oke. A na-ejikọta nkwado nkwenye n'ime ngwa dị iche iche na-emegharị ihe oyiyi diski, gụnyere systemd-nspawn, systemd-sysext, systemd-dissect, RootImage Services, systemd-tmpfiles, na systemd-sysusers.

  • Maka nkeji ndị na-ewe ogologo oge ịmalite ma ọ bụ kwụsị, na mgbakwunye na igosi ihe ngosi ọganihu animated, ọ ga-ekwe omume igosipụta ozi ọnọdụ nke na-enye gị ohere ịghọta ihe kpọmkwem na-eme na ọrụ ahụ n'oge na ọrụ onye njikwa usoro bụ. ugbu a na-eche imecha.
  • Agbakwunyere ihe DefaultOOMScoreAdjust paramita na /etc/systemd/system.conf na /etc/systemd/user.conf, nke na-enye gị ohere ịhazigharị ọnụ ụzọ OOM-killer maka ebe nchekwa dị ala, ọdabara na usoro na-amalite maka sistemụ na ndị ọrụ. Site na ndabara, ibu ọrụ sistemụ dị elu karịa nke ọrụ ndị ọrụ, ya bụ. Mgbe enweghị ebe nchekwa ezughị oke, ohere nke ịkwụsị ọrụ ndị ọrụ dị elu karịa nke sistemụ.
  • Agbakwunyere ntọala RestrictFileSystems, nke na-enye gị ohere igbochi ọrụ ịnweta ụfọdụ ụdị sistemụ faịlụ. Ka ilele ụdị sistemụ faịlụ dị, ị nwere ike iji iwu “systemd-analyze filesystems”. Site na ntụnyere, emejuputala nhọrọ RestrictNetworkInterfaces, nke na-enye gị ohere igbochi ohere ịnweta ụfọdụ ihu netwọkụ. Mmejuputa a dabere na modul BPF LSM, nke na-egbochi ohere nke otu usoro na ihe kernel.
  • Agbakwunyere faịlụ nhazi ọhụrụ / wdg / integritytab yana akụrụngwa systemd-integritysetup nke na-ahazi modul dm-integrity iji chịkwaa iguzosi ike n'ezi ihe data na ọkwa ngalaba, dịka ọmụmaatụ, iji kwe nkwa immutability nke data ezoro ezo (Enyocha ezoro ezo, na-achọpụta na ngọngọ data nwere. emezighi ya n'uzo okirikiri) . Ụdị faịlụ /etc/integritytab yiri faịlụ /etc/crypttab na /etc/veritytab, ma e wezụga na dm-integrity na-eji kama dm-crypt na dm-verity.
  • Agbakwunyere faịlụ otu ọhụrụ systemd-boot-update.service, mgbe arụ ọrụ na arụnyere sd-boot bootloader, systemd ga-emelite ụdị sd-boot bootloader na-akpaghị aka, na-edobe koodu bootloader mgbe niile. Ejiri sd-boot n'onwe ya rụọ ya site na ndabara site na nkwado maka usoro SBAT (UEFI Secure Boot Advanced Targeting), nke na-edozi nsogbu na mwepụ akwụkwọ maka UEFI Secure Boot. Na mgbakwunye, sd-boot na-enye ikike ịtụgharị ntọala buut Microsoft Windows iji wepụta aha nkebi boot nke ọma na Windows wee gosipụta ụdị Windows.

    sd-boot na-enyekwa ikike ịkọwapụta atụmatụ agba n'oge nrụpụta. N'oge usoro buut, agbakwunyere nkwado maka ịgbanwe mkpebi ihuenyo site na ịpị igodo "r". agbakwunyere hotkey “f” ka ịga na interface nhazi ngwa ngwa. Agbakwunyere ọnọdụ iji buo sistemụ na-akpaghị aka na ihe menu ahọpụtara n'oge buut ikpeazụ. Agbakwunyere ike ibunye ndị ọkwọ ụgbọ ala EFI na-akpaghị aka dị na / EFI/systemd/drivers/ directory na ngalaba ESP (EFI System Partition).

  • A na-agụnye ụlọ ọrụ faịlụ ọhụrụ-reset.target, nke a na-ahazi na systemd-logind n'ụzọ yiri nke ahụ na reboot, poweroff, nkwusioru na hibernate ọrụ, na-eji na-emepụta handlers maka ịrụ a factory nrụpụta.
  • Usoro edoziziri sistemụ ugbu a na-emepụta oghere ntị ọzọ na 127.0.0.54 na mgbakwunye na 127.0.0.53. Arịrịọ na-abịarute na 127.0.0.54 ka a na-ebugharị ya na sava DNS dị elu ma anaghị ahazi ya na mpaghara.
  • Enyere ikike iji wuo sistemu-bubata na sistemu-edozi ya na ọbaakwụkwọ OpenSSL kama libgcrypt.
  • agbakwunyere nkwado izizi maka ihe owuwu LoongArch ejiri na ndị nrụpụta Loongson.
  • systemd-gpt-auto-generator na-enye ike ịhazi akụkụ swap akọwapụtara sistemu akpaghị aka site na sistemụ LUKS2 ezoro ezo.
  • Koodu ntughari onyonyo GPT ejiri na systemd-nspawn, systemd-dissect, na ihe ndị yiri ya na-emejuputa ikike decode onyonyo maka ihe owuwu ndị ọzọ, na-enye ohere ka ejiri sistemu-nspawn mee ihe onyonyo na emulators nke ụlọ ndị ọzọ.
  • Mgbe ị na-enyocha onyonyo diski, systemd-dissect ugbu a na-egosiputa ozi gbasara ebumnuche nke nkebi, dị ka adabara maka booting site na UEFI ma ọ bụ ịgba ọsọ n'ime akpa.
  • Agbakwunyela mpaghara “SYSEXT_SCOPE” na sistemu-extension.d/ faịlụ, na-enye gị ohere igosi oke onyonyo sistemụ - “initrd”, “sistemu” ma ọ bụ “obere”.
  • Agbakwunyela mpaghara "PORTABLE_PREFIXES" na faịlụ os-release, nke enwere ike iji na foto enwere ike iji chọpụta prefixes faịlụ otu akwadoro.
  • systemd-logind na-ewebata ntọala ọhụrụ HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress na HandleHibernateKeyLongPress, nke enwere ike iji chọpụta ihe na-eme mgbe ejidere ụfọdụ igodo ruo ihe karịrị sekọnd ise (dịka ọmụmaatụ, ịpị igodo nkwusioru ngwa ngwa ka etinyere ya n'ime ọnọdụ kwụsiri ike). , na mgbe e jidere ya, ọ ga-arahụ ụra).
  • Maka nkeji, a na-emejuputa ntọala StartupAllowedCPUs na StartupAllowedMemoryNodes, nke dị iche na ntọala ndị yiri ya na-enweghị mmalite mmalite n'ihi na a na-etinye ha naanị na akpụkpọ ụkwụ na nkwụsị nkwụsị, nke na-enye gị ohere ịtọ ihe mgbochi ndị ọzọ n'oge buut.
  • Agbakwụnyere [Ọnọdụ | Okwu [Memory|CPU|IO] Nlele nrụgide na-enye ohere ka ịwụpụ ma ọ bụ daa n'ọrụ ma ọ bụrụ na usoro PSI chọpụtara ibu dị arọ na ebe nchekwa, CPU, na I/O na sistemụ.
  • abawanyela oke inode kacha nke ndabara maka akụkụ / dev site na 64k ruo 1M, yana maka nkebi / tmp site na 400k ruo 1M.
  • Atụpụtala ntọala ExecSearchPath maka ọrụ, nke na-eme ka o kwe omume ịgbanwe ụzọ maka ịchọ faịlụ enwere ike ịmalite site na ntọala dị ka ExecStart.
  • Agbakwunyere ntọala RuntimeRandomizedExtraSec, nke na-enye gị ohere iwebata ndịiche na-enweghị usoro n'ime oge RuntimeMaxSec, nke na-amachi oge mmezu nke otu.
  • A gbasaa syntax nke RuntimeDirectory, StateDirectory, CacheDirectory na LogsDirectory ntọala, nke site n'ịkọpụta uru ọzọ nke colon kewara, ị nwere ike ịhazi ugbu a ịmepụta njikọ ihe atụ na akwụkwọ ndekọ aha maka ịhazi ohere n'ọtụtụ ụzọ.
  • Maka ọrụ, a na-enye ntọala TTYRows na TTYColumn ka ịtọ ọnụọgụ ahịrị na kọlụm dị na ngwaọrụ TTY.
  • Agbakwunyere ntọala ExitType, nke na-enye gị ohere ịgbanwe mgbagha maka ikpebi njedebe nke ọrụ. Site na ndabara, systemd naanị na-enyocha ọnwụ nke usoro isi, mana ọ bụrụ na edobere ExitType=cgroup, onye njikwa sistemụ ga-echere usoro ikpeazụ na otu ga-emecha.
  • systemd-cryptsetup's mmejuputa TPM2/FIDO2/PKCS11 nkwado a na-ewukwa ugbu a dị ka ngwa mgbakwunye cryptsetup, na-enye ohere iji iwu cryptsetup nkịtị mee ihe iji mepee akụkụ ezoro ezo.
  • Onye na-ahụ maka TPM2 na systemd-cryptsetup/systemd-cryptsetup na-agbakwụnye nkwado maka igodo isi RSA na mgbakwunye na igodo ECC iji melite ndakọrịta na ibe ndị na-abụghị ECC.
  • Agbakwunyela nhọrọ token-timeout na /etc/crypttab, nke na-enye gị ohere ịkọwa oge kachasị ichere maka njikọ akara PKCS#11/FIDO2, emesia a ga-akpali gị itinye paswọọdụ ma ọ bụ igodo mgbake.
  • systemd-timesyncd na-emejuputa ntọala SaveIntervalSec, nke na-enye gị ohere ịchekwa oge usoro dị ugbu a na diski, dịka ọmụmaatụ, iji mejuputa elekere monotonic na sistemụ na-enweghị RTC.
  • Agbakwunyela nhọrọ na akụrụngwa nyocha-systemd: “--image” na “--root” maka ịlele faịlụ otu n'ime onyonyo enyere ma ọ bụ ndekọ mgbọrọgwụ, “--recursive-errors” maka iburu n'uche nkeji dabere mgbe njehie. achọpụtara, "--anọghị n'ịntanetị" maka ịlele faịlụ ndị dị iche iche echekwara na diski, "-json" maka mmepụta n'ụdị JSON, "-dị jụụ" iji gbanyụọ ozi ndị na-adịghị mkpa, "-profaịlụ" iji jikọta na profaịlụ mkpanaka. Agbakwunyekwara bụ iwu nyocha-elf maka ịkọwapụta isi faịlụ na usoro ELF yana ikike ịlele faịlụ otu na aha otu enyere, n'agbanyeghị ma aha a dabara na aha faịlụ ahụ.
  • systemd-networkd agbasawanyela nkwado maka ụgbọ ala Mpaghara Network (CAN). Ntọala agbakwunyere iji jikwaa ụdịdị CAN: Loopback, OneShot, PresumeAck na ClassicDataLengthCode. agbakwunyere TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment2 na DataSyncJumpWidth nhọrọ imekọrịta faịlụ na ngalaba nke ntanetịime ntanetị nke CAN.
  • Systemd-networkd agbakwunyela nhọrọ Label maka onye ahịa DHCPv4, nke na-enye gị ohere ịhazi akara adreesị ejiri mgbe ị na-ahazi adreesị IPv4.
  • systemd-udevd maka "ethtool" na-arụ ọrụ nkwado maka ụkpụrụ "max" pụrụ iche nke na-edobe nha nchekwa na uru kachasị nke ngwaike na-akwado.
  • Na faịlụ .link maka systemd-udevd ị nwere ike hazie paramita dị iche iche maka ijikọ ihe nkwụnye netwọkụ yana njikọ njikwa ngwaike (offload).
  • systemd-networkd na-enye faịlụ .netwọk ọhụrụ site na ndabara: 80-container-vb.network iji kọwaa àkwà mmiri netwọk emepụtara mgbe ị na-agba ọsọ systemd-nspawn na nhọrọ "--network-bridge" ma ọ bụ "--network-zone"; 80-6rd-tunnel.network iji kọwaa ọwara ndị a na-emepụta na-akpaghị aka mgbe ị na-enweta nzaghachi DHCP na nhọrọ 6RD.
  • Systemd-networkd na systemd-udevd agbakwunyela nkwado maka mbugharị IP n'elu InfiniBand interfaces, nke agbakwunyere ngalaba "[IPoIB]" na faịlụ systemd.netdev, na nhazi nke uru "ipoib" ka etinyere n'ụdị ahụ. ntọala.
  • systemd-networkd na-enye nhazi ụzọ akpaaka maka adreesị akọwapụtara na paramita AllowedIPs, nke enwere ike ịhazi site na RouteTable na RouteMetric parameters na ngalaba [WireGuard] na [WireGuardPeer].
  • systemd-networkd na-enye ọgbọ akpaaka nke adreesị MAC na-adịghị agbanwe agbanwe maka batadv na bridge interfaces. Iji gbanyụọ omume a, ị nwere ike ezipụta MACAddress=ọnweghị na faịlụ .netdev.
  • Agbakwunyela ntọala WakeOnLanPassword na faịlụ .njikọ dị na ngalaba “[Njikọ]” iji chọpụta okwuntughe mgbe WoL na-agba na ọnọdụ “SecureOn”.
  • Agbakwunyere AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Wash, SplitGSO na UseRawPacketSize ntọala na ngalaba "[CAKE]" nke faịlụ netwọk iji kọwaa paramita nke CAKE (Ngwakọta Ngwa na-emeziwanye njikwa) netwọkụ. .
  • Agbakwunyere ntọala IgnoreCarrierLoss na ngalaba "[Network]" nke faịlụ netwọkụ, na-enye gị ohere ikpebi ogologo oge ị ga-echere tupu i meghachi omume na mfu nke mgbaàmà ụgbọelu.
  • Systemd-nspawn, homectl, machinectl na systemd-run agbatịla syntax nke paramita "--setenv" - ma ọ bụrụ na ọ bụ naanị aha agbanwe agbanwe (na-enweghị "="), a ga-ewepụ uru ahụ site na mgbanwe gburugburu ebe obibi kwekọrọ (maka ọmụmaatụ, mgbe ezipụta "--setenv=FOO" uru a ga-ewere na $FOO gburugburu ebe obibi na-eji na gburugburu ebe obibi mgbanwe nke otu aha enịm ke akpa).
  • systemd-nspawn agbakwunyela nhọrọ "--suppress-sync" iji gbanyụọ oku usoro sync ()/fsync()/fdatasync() mgbe ị na-emepụta akpa (ọ bara uru mgbe ọsọ bụ ihe kacha mkpa na ichekwa ihe arụrụ arụ ma ọ bụrụ na ọdịda adịghị. dị mkpa, ebe ọ bụ na enwere ike ịmepụtaghachi ha n'oge ọ bụla).
  • Agbakwunyela nchekwa data hwdb ọhụrụ, nke gụnyere ụdị dị iche iche nke nyocha mgbaàmà (multimeter, protocol analyzers, oscilloscopes, wdg). A gbasaa ozi gbasara igwefoto na hwdb site na mpaghara nwere ozi gbasara ụdị igwefoto (mgbe ma ọ bụ infrared) na ntinye oghere (n'ihu ma ọ bụ azụ).
  • Agbanyere ọgbọ nke aha interface netwọk anaghị agbanwe agbanwe maka ngwaọrụ netfront ejiri na Xen.
  • A na-eme nyocha nke faịlụ isi site na akụrụngwa sistemu-coredump dabere na ọba akwụkwọ libdw / libelf ugbu a na usoro dị iche, nke dịpụrụ adịpụ na gburugburu igbe ájá.
  • systemd-importd agbakwunyela nkwado maka mgbanwe gburugburu ebe obibi $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA, $SYSTEMD_IMPORT_SYNC, nke ị nwere ike gbanyụọ ọgbọ nke subpartitions Btrfs, yana hazie oke na mmekọrịta diski.
  • Na systemd-journald, na sistemụ faịlụ ndị na-akwado ụdị nnomi-na-edi, a na-emeghachi ọnọdụ COW maka akwụkwọ akụkọ echekwara, na-enye ohere ka ejiri Btrfs chịkọta ha.
  • systemd-journald na-arụ ọrụ deduplication nke otu ubi n'otu ozi, nke a na-eme na ogbo tupu etinye ozi na akwụkwọ akụkọ.
  • Agbakwunyere "--show" nhọrọ iji mechie iwu iji gosipụta nkwụsị nke ahaziri.

isi: opennet.ru

Tinye a comment