Mgbe ọnwa atọ nke mmepe mwepụta njikwa njikwa .
Isi mgbanwe:
- Nkwado agbakwunyere maka onye na-ahụ maka ihe nchịkwa cpuset dabere na cgroups v2, nke na-enye usoro maka ijikọ usoro na CPU kpọmkwem (ntọala “AllowedCPUs”) na oghere ebe nchekwa NUMA (ntọala “AllowedMemoryNodes”);
- Nkwado agbakwunyere maka ntinye ntinye site na SystemdOptions EFI variable for systemd nhazi, nke na-enye gị ohere ịhazi usoro omume n'ọnọdụ ebe ịgbanwe nhọrọ ahịrị kernel bụ nsogbu na nhazi site na diski na-agụ oge n'oge (dịka ọmụmaatụ, mgbe ịchọrọ ịhazi nhọrọ). metụtara ndị isi otu). Iji tọọ mgbanwe na EFI, ị nwere ike iji iwu 'bootctl systemd-efi-options';
- agbakwunyere nkwado na nkeji maka nbudata ntọala site na akwụkwọ ndekọ aha “{unit_type}.d/” metụtara ụdị otu (dịka ọmụmaatụ, “service.d/”), nke enwere ike iji tinye ntọala na-ekpuchi faịlụ otu niile nke ụdị enyere na otu ugboro;
- Maka ngalaba ọrụ, agbakwunyere ọnọdụ ichepụ igbe igbe ọhụrụ ProtectKernelLogs, nke na-enye gị ohere ịgọnarị ịnweta mmemme na nchekwa kernel log, nke a na-enweta site na oku sistemụ syslog (ka ọ ghara inwe mgbagwoju anya na API nke otu aha enyere na libc). Ọ bụrụ na agbanyere ọnọdụ ahụ, a ga-egbochi ohere ịnweta /proc/kmsg, /dev/kmsg na CAP_SYSLOG;
- Maka nkeji, a tụpụtara ntọala RestartKillSignal, nke na-enye gị ohere ịkọwapụta ọnụọgụ nke mgbaàmà ejiri kwụsị usoro ahụ n'oge ịmalitegharị ọrụ (ị nwere ike ịgbanwe omume nke ịkwụsị usoro ahụ na ọkwa nke nkwadebe maka ịmalitegharị);
- Emegharịrị iwu “systemctl clean” maka iji oghere, ugwu, na swap nkeji;
- N'oge mmalite nke nbudata, ihe mgbochi na ike nke kernel na-esi na ozi sitere na oku na-ebipụta na-enwe nkwarụ, nke na-enye ohere ịnweta ndekọ zuru ezu banyere ọganihu loading n'oge na-adịghị ejikọta ya (log. na-akwakọba na kernel's mgbanaka nchekwa). Ịtọlite oke mbipụta site na ahịrị iwu kernel na-ebute ụzọ ma na-enye gị ohere ịkagbu omume sistemụ. Mmemme sistemu nke na-ebupụta ndekọ ozugbo na / dev/kmsg (a na-eme nke a naanị n'isi mbido buut) na-eji mgbochi dị iche iche dị n'ime iji chebe megide mgbochi mgbochi;
- Agbakwunyela iwu 'stop --job-mode=triggering' na utility systemctl, nke na-enye gị ohere ịkwụsị ma otu ahụ akọwapụtara na ahịrị iwu yana nkeji niile nwere ike ịkpọ ya;
- Ozi steeti otu ugbu a gụnyere ozi gbasara ịkpọ oku na nkeji;
- Ọ ga-ekwe omume iji ntọala “RuntimeMaxSec” na nkeji iri (na mbụ ejiri ya naanị na ngalaba ọrụ). Dịka ọmụmaatụ, enwere ike iji "RuntimeMaxSec" ugbu a belata oge nnọkọ PAM site na ịmepụta otu ngalaba.
maka akaụntụ onye ọrụ. Enwere ike ịtọ oke oge site na nhọrọ systemd.runtime_max_sec na paramita nke modul pam_systemd PAM; - Agbakwunyere otu ọhụrụ nke sistemụ oku “@pkey”, mgbe ị na-amachi arịa na ọrụ, na-eme ka ọ dị mfe ịkpọ oku usoro ọcha nke metụtara nchekwa nchekwa;
- Agbakwunyere ọkọlọtọ "w+" na systemd-tmpfiles maka ide na ọnọdụ ntinye faịlụ;
- agbakwunyere ozi na sistemu nyocha nyocha gbasara ma nhazi ebe nchekwa kernel dabara na ntọala sistemụ (dịka ọmụmaatụ, ọ bụrụ na ụfọdụ mmemme ndị ọzọ agbanweela paramita kernel);
- Agbakwunyela nhọrọ "-base-time" na usoro nyocha, mgbe akọwapụtara ya, a na-agbakọ data kalịnda na oge akọwapụtara na nhọrọ a, ọ bụghị n'ihe gbasara oge usoro ugbu a;
- “journalctl —update-catalog” na-eme ka nkwekọ n'usoro nke ihe dị na mmepụta (ọ bara uru maka ịhazi ihe nrụpụta ugboro ugboro);
- Agbakwunyere ikike ịkọwa uru ndabara maka ntọala "WatchdogSec" ejiri na ọrụ sistemu. N'oge a na-achịkọta, enwere ike ikpebi uru ntọala site na nhọrọ "-Dservice-watchdog" (ọ bụrụ na edobere ka ọ bụrụ ihe efu, onye nche ga-enwe nkwarụ);
- Nhọrọ iwu agbakwunyere "-Duser-path" iji mebie uru $PATH;
- Agbakwunyere "-u" ("-uuid") nhọrọ na systemd-id128 iji wepụta ihe nchọpụta 128-bit na UUID (nnọchi anya nke UUID);
- Mee ugbu a chọrọ opekata mpe ụdị libcryptsetup 2.0.1.
Mgbanwe metụtara ntọala netwọk:
- Systemd-networkd agbakwunyere nkwado maka ịhazigharị njikọ na ofufe, nke "reload" na "reconfigure DEVICE..." iwu agbakwunyere na networkctl iji bugharịa ntọala na nhazigharị ngwaọrụ;
- systemd-networkd akwụsịla imepụta ụzọ ndabara maka njikọ IPv4 mpaghara nwere adreesị intranet 169.254.0.0/16 (). Na mbụ, ịmepụta ụzọ ndabara na-akpaghị aka maka njikọ ndị dị otú ahụ butere omume a na-atụghị anya ya na nsogbu ụzọ n'oge ụfọdụ. Iji weghachi omume ochie, jiri ntọala “DefaultRouteOnDevice=ee”. N'otu aka ahụ, a na-akwụsị ọrụ nke adreesị IPv6 mpaghara ma ọ bụrụ na enyereghị ụzọ IPv6 mpaghara maka njikọ ahụ;
- Na sistemụ netwọkụ sistemụ, mgbe ị na-ejikọta na netwọk ikuku na ọnọdụ ad-hoc, a na-emejuputa nhazi nke ndabara na njikọ njikọ mpaghara (njikọ-local);
- Ihe agbakwunyere RxBufferSiz na TxBufferSize iji hazie nha nke nnabata na izipu ihe nchekwa netwọkụ;
- systemd-networkd na-emejuputa mgbasa ozi nke ụzọ IPv6 ndị ọzọ, na-ahazi site na nhọrọ Route na LifetimeSec na ngalaba "[IPv6RoutePrefix]";
- systemd-networkd agbakwunyela ikike ịhazi ụzọ "na-esote hop" site na iji nhọrọ "Gateway" na "Id" na ngalaba "[NextHop]";
- systemd-networkd na networkctl maka DHCP na-enye mmelite na-efe efe nke njide adreesị IP (leases), nke iwu 'networkctl' mebere;
- systemd-networkd na-eme ka nhazigharịa DHCP na ịmalitegharịa (jiri nhọrọ KeepConfiguration iji chekwaa ntọala). Agbanwela uru ndabara nke ntọala SendRelease ka ọ bụrụ “eziokwu”;
- Onye ahịa DHCPv4 na-ahụ na ejiri uru nhọrọ OPTION_INFORMATION_REFRESH_TIME nke sava zitere. Iji rịọ ụfọdụ nhọrọ site na ihe nkesa, a na-atụ aro paramita "RequestOptions", na iziga nhọrọ na ihe nkesa - "SendOption". Iji hazie ụdị ọrụ IP site n'aka onye ahịa DHCP, agbakwunyela “IPServiceType” parameter;
- Iji dochie ndepụta nke sava SIP (Session Initiation Protocol) maka sava DHCPv4, agbakwunyela “EmitSIP” na “SIP”. N'akụkụ ndị ahịa, ịnweta paramita SIP site na ihe nkesa ahụ nwere ike ime ka ọ rụọ ọrụ site na iji ntọala "Jiri SIP = ee";
- Agbakwunyere paramita "PrefixDelegationHint" na onye ahịa DHCPv6 ịrịọ prefix adreesị;
- Faịlụ netwọkụ na-enye nkwado maka maapụ netwọkụ ikuku site na SSID na BSSID, dịka ọmụmaatụ ijikọ aha ebe ohere yana adreesị MAC. A na-egosipụta ụkpụrụ SSID na BSSID na mmepụta networkctl maka ikuku ikuku. Na mgbakwunye, agbakwunyere ikike iji tụnyere ụdị netwọkụ ikuku (WLANInterfaceType parameter);
- systemd-networkd agbakwunyela ikike ịhazi usoro ịhịa aka n'ahụ iji chịkwaa okporo ụzọ site na iji parampat ndị nne na nna ọhụrụ,
NetworkEmulatorDelaySec, NetworkEmulatorDelayJitterSec,
Ngwunye netwọkEmulator na oke nkwụfu nke NetworkEmulator,
NetworkEmulatorDuplicateRate na ngalaba “[TrafficControlQueueingDiscipline]”; - systemd-resolved na-enye nkwenye nke adreesị IP na asambodo mgbe eji GnuTLS na-ewu.
mgbanwe ndị metụtara udev:
- Systemd-udevd ewepụla oge nkwụsị nke abụọ nke 30 iji manye ndị njikwa rapaara ka ha kwụsị. Systemd-udevd ugbu a na-echere mmecha njikwa nke 30 sekọnd ezughị iji rụchaa arụ ọrụ na-emekarị na nnukwu nrụnye (dịka ọmụmaatụ, oge nkwụsịtụ nwere ike ịkwụsị ịmalite ịmalite ọkwọ ụgbọala n'oge usoro nke ịgbanwee nkebi agbakwunyere maka sistemụ faịlụ mgbọrọgwụ). Mgbe ị na-eji systemd, oge nkwụsị nke systemd-udevd ga-echere tupu ịpụ apụ site na ntọala TimeoutStopSec na systemd-udevd.service. Mgbe ị na-agba ọsọ na-enweghị sistemụ, a na-achịkwa oge nkwụsị site na udev.event_timeout parameter;
- Mmemme fido_id agbakwunyere maka udev, nke na-achọpụta akara FIDO CTAP1
("U2F") / CTAP2 dabere na data gbasara ojiji ha gara aga ma gosipụta mgbanwe gburugburu ebe obibi dị mkpa (usoro ihe omume ahụ na-enye gị ohere ime na-enweghị ndepụta ọcha nke mpụga nke akara ngosi niile a maara nke eji na mbụ); - Emepụtara akpaka ọgbọ nke udev autosuspend iwu maka ngwaọrụ sitere na listi ọcha ebubata na Chromium OS (mgbanwe ahụ na-enye gị ohere ịgbasa ojiji nke ụdị nchekwa ike maka ngwaọrụ ndị ọzọ);
- Agbakwunyela ntọala "CONST{key}=Uru" ọhụrụ na udev iji kwe ka eserese nke ụkpụrụ sistemụ na-agba ọsọ ozugbo na-enweghị ndị na-ahụ maka nlele dị iche iche. Ugbu a ọ bụ naanị igodo "arch" na "virt" ka a na-akwado;
- Kwanyere CDROM aka imeghe na ọnọdụ anaghị ekewa mgbe ị na-arụ ọrụ arịrịọ maka ụdịdị akwadoro (mgbanwe ahụ na-edozi nsogbu na mmemme ịnweta CDROM ma belata ihe ize ndụ nke nkwụsị nke mmemme ide diski nke na-adịghị eji ọnọdụ ohere naanị).
isi: opennet.ru