ProHoster > Блог > ozi ịntanetị > Sistemụ njikwa sistemụ 249

Sistemụ njikwa sistemụ 249

Mgbe ọnwa atọ nke mmepe gasịrị, a na-ewepụta ntọhapụ nke onye njikwa usoro systemd 249. Ntọhapụ ọhụrụ ahụ na-enye ikike ịkọwapụta ndị ọrụ / otu dị na usoro JSON, na-eme ka akwụkwọ akụkọ ahụ guzosie ike, na-eme ka nhazi nke nchịkọta nkebi diski na-esote, na-agbakwụnye ike. jikọọ mmemme BPF na ọrụ, ma na-emejuputa ndị ọrụ nkewa ihe nchọpụta n'ime akụkụ etinyere, a na-enye nnukwu akụkụ nke ntọala netwọkụ ọhụrụ yana ohere maka ịmalite arịa.

Isi mgbanwe:

  • A na-edekọ ụkpụrụ akwụkwọ akụkọ ma enwere ike iji ya mee ihe na ndị ahịa n'ọnọdụ syslog protocol maka ịnyefe ndekọ ndekọ ndekọ mpaghara. Emejuputala usoro akwụkwọ akụkọ ahụ ogologo oge ma ejiri ya mee ihe n'ọbá akwụkwọ ndị ahịa ụfọdụ, n'agbanyeghị, ekwupụtala nkwado gọọmentị ya.
  • Userdb na nss-systemd na-enye nkwado maka ịgụ nkọwa ndị ọzọ dị na /etc/userdb/, /run/userdb/, /run/host/userdb/ na /usr/lib/userdb/ directories, kpọmkwem na usoro JSON. Achọpụtara na njirimara a ga-enye usoro ọzọ maka ịmepụta ndị ọrụ na usoro ahụ, na-enye ya njikọ zuru oke na NSS na /etc/shadow. Nkwado JSON maka ndenye onye ọrụ/otu ga-ahapụkwa njikwa akụrụngwa na ntọala ndị ọzọ ka etinyere na ndị ọrụ pam_systemd na systemd-logind ghọtara.
  • nss-systemd na-enye njikọ nke ndenye onye ọrụ/otu na /etc/shadow na-eji okwuntughe hashed sitere na systemd-homed.
  • Emebela usoro nke na-eme ka nhazi nke mmelite dị mfe site na iji akụkụ diski na-edochi ibe ha (otu akụkụ na-arụ ọrụ, nke abụọ na-echekwa - a na-edepụta mmelite ahụ na nkebi mapụtara, mgbe nke ahụ gasịrị, ọ na-arụ ọrụ). Ọ bụrụ na enwere akụkụ abụọ ma ọ bụ / usr na onyonyo diski, na udev achọpụtabeghị ọnụnọ nke paramita 'root =', ma ọ bụ na-ahazi onyonyo diski akọwapụtara site na nhọrọ "-image" na systemd-nspawn na systemd. -dissect utilities, enwere ike gbakọọ nkebi buut site na iji akara GPT atụnyere (na-eche na akara GPT na-ekwu nọmba ụdị nke ọdịnaya nke nkebi na sistemu ga-ahọrọ nkebi na mgbanwe ndị na-adịbeghị anya).
  • Agbakwunyela ntọala BPFProgram na faịlụ ọrụ, nke ị nwere ike iji hazie ntinye nke mmemme BPF n'ime kernel wee jikwaa ha site na ijikọ na ọrụ sistemu akọwapụtara.
  • Systemd-fstab-generator na systemd-repart na-agbakwunye ike ịbuba na diski nwere naanị akụkụ / usr na enweghị nkebi mgbọrọgwụ (a ga-emepụta nkebi mgbọrọgwụ site na systemd-repart n'oge mbụ buut).
  • Na systemd-nspawn, nhọrọ "-private-user-chown" ejirila nhọrọ "--private-user-ownership" dochie nhọrọ "-private-user-chown", nke nwere ike ịnakwere ụkpụrụ "chown" dịka "--" private-user-chown", "gbanyụọ" iji gbanyụọ ntọala ochie, "map" iji mapụ NJ onye ọrụ na sistemụ faịlụ etinyere na "akpaaka" ịhọrọ "map" ma ọ bụrụ na ọrụ achọrọ dị na kernel (5.12+) ma ọ bụ daa azụ azụ. na a recursive oku na-aga "chown" ma ọ bụghị. Iji nkewa, ị nwere ike ịdepụta faịlụ otu onye ọrụ na nkebi mba ofesi etinyere na onye ọrụ ọzọ na sistemụ ugbu a, na-eme ka ọ dị mfe ikesa faịlụ n'etiti ndị ọrụ dị iche iche. N'ime usoro ndekọ aha ụlọ nwere obere ụlọ, nkewa ga-enye ndị ọrụ ohere ibugharị akwụkwọ ndekọ aha ụlọ ha gaa na mgbasa ozi mpụga wee jiri ya na kọmpụta dị iche iche na-enweghị otu nhazi NJ onye ọrụ.
  • Na systemd-nspawn, nhọrọ "--private-user" nwere ike jiri uru "identity" gosi kpọmkwem NJ onye ọrụ mgbe ị na-edozi oghere aha njirimara, ya bụ. UID 0 na UID 1 n'ime akpa ga-egosipụta na UID 0 na UID 1 n'akụkụ ndị ọbịa, iji belata vectors ọgụ (akpa ahụ ga-enweta naanị ikike usoro n'aha aha ya).
  • Agbakwunyela nhọrọ "-bind-user" na systemd-nspawn iji zipu akaụntụ onye ọrụ dị na gburugburu ebe obibi na akpa (a na-etinye akwụkwọ ndekọ ụlọ n'ime akpa ahụ, a na-agbakwunye onye ọrụ/otu ntinye, na maapụ UID. a na-eme n'etiti akpa na gburugburu ebe obibi).
  • Nkwado agbakwunyere maka ịrịọ okwuntughe edobere na systemd-ask-password na systemd-sysusers (passwd.hashed-password. na passwd.plaintext-paswọọdụ. ) iji usoro ewebatara na systemd 247 iji nyefee data nwere mmetụta n'enweghị nsogbu site na iji faịlụ etiti na ndekọ dị iche. Site na ndabara, a na-anabata nzere site na usoro PID1, nke na-enweta ha, dịka ọmụmaatụ, site na njikwa njikwa akpa, nke na-enye gị ohere ịhazi paswọọdụ onye ọrụ na mbụ buut.
  • systemd-firstboot na-agbakwụnye nkwado maka iji nfefe echekwara nke usoro data nwere mmetụta iji jụọ ụdị sistemụ dị iche iche, nke enwere ike iji bido ntọala sistemụ mgbe mbụ ị na-ebuli ihe onyonyo akpa na-enweghị ntọala dị mkpa na ndekọ / wdg.
  • Usoro PID 1 na-achọpụta na ma aha otu na nkọwa na-egosipụta n'oge buut. Ị nwere ike ịgbanwe mmepụta site na "StatusUnitFormat = jikọtara" oke na system.conf ma ọ bụ nhọrọ ahịrị kernel "systemd.status-unit-format=jikọtara"
  • Agbakwunyela nhọrọ "--image" na systemd-machine-id-setup na systemd-repart utilities iji bufee faịlụ nwere id igwe gaa na onyonyo diski ma ọ bụ iji welie nha onyonyo diski.
  • Agbakwunyela paramita MakeDirectories na faịlụ nhazi nkebi nke akụrụngwa sistemu-repart ji mee ihe, nke enwere ike iji mepụta akwụkwọ ndekọ aha aka ike na sistemụ faịlụ emepụtara tupu egosipụta ya na tebụl nkebi (dịka ọmụmaatụ, iji mepụta akwụkwọ ndekọ aha maka isi ihe n'elu. nkebi mgbọrọgwụ ka ị nwee ike bulie nkebi ahụ ozugbo na ọnọdụ ọgụgụ naanị). Iji jikwaa ọkọlọtọ GPT na ngalaba ndị emepụtara, agbakwunyela ọkọlọtọ, ReadOnly na NoAuto kwekọrọ. The CopyBlocks paramita nwere uru nke "akpaaka" na-akpaghị aka họrọ nkebi buut dị ugbu a dị ka isi iyi mgbe ị na-edegharị ngọngọ (dịka ọmụmaatụ, mgbe ịchọrọ ịnyefe nkebi mgbọrọgwụ gị na mgbasa ozi ọhụrụ).
  • GPT na-arụ ọrụ ọkọlọtọ "grow-file-system", nke yiri x-systemd.growfs mount nhọrọ ma na-enye mgbasawanye akpaaka nke nha FS na ókèala nke ngwaọrụ ngọngọ ma ọ bụrụ na nha FS dị ntakịrị karịa nkebi. Ọkọlọtọ ahụ dị na sistemụ faịlụ Ext3, XFS na Btrfs, enwere ike itinye ya na akụkụ achọpụtara na-akpaghị aka. Enyere ọkọlọtọ na ndabara maka akụkụ a na-ede ede na-akpaghị aka site na systemd-repart. Agbakwunyela nhọrọ GrowFileSystem iji hazie ọkọlọtọ na sistemu-repart.
  • Faịlụ ntọhapụ /etc/os na-enye nkwado maka mgbanwe IMAGE_VERSION na IMAGE_ID ọhụrụ iji chọpụta ụdị na NJ nke onyonyo emelitere n'ụzọ atọ. A na-atụpụta nkọwapụta %M na %A iji dochie ụkpụrụ akọwapụtara n'ime iwu dị iche iche.
  • Agbakwunyela paramita “--extension” na akụrụngwa portablectl iji mee ka onyonyo ndọtị sistemụ rụọ ọrụ (dịka ọmụmaatụ, site na ha ị nwere ike kesaa onyonyo yana ọrụ ndị ọzọ etinyere na nkebi mgbọrọgwụ).
  • Utility systemd-coredump na-enye mmịpụta nke ELF build-id ozi mgbe ị na-emepụta isi ihe nke usoro, nke nwere ike ịba uru maka ikpebi ngwugwu nke usoro ọdịda bụ ma ọ bụrụ na e wuru ozi gbasara aha na ụdị nke ngwugwu deb ma ọ bụ rpm. n'ime faịlụ ELF.
  • Agbakwunyela ntọala ngwaike ọhụrụ maka ngwaọrụ FireWire (IEEE 1394) na udev.
  • Na udev, agbakwunyere mgbanwe atọ na atụmatụ aha nhọrọ netwọkụ interface "net_id" na-emebi ndakọrịta azụ: a na-eji "_" dochie mkpụrụedemede ezighi ezi na aha interface ugbu a; A na-ahazi aha oghere PCI hotplug maka sistemụ s390 n'ụdị hexadecimal; A na-anabata iji ihe ruru 65535 arụnyere na ngwaọrụ PCI (a gbochiri ọnụ ọgụgụ ndị gara aga n'elu 16383).
  • systemd-resolved na-agbakwụnye ngalaba “home.arpa” na ndepụta NTA (Ngative Trust Anchors), nke akwadoro maka netwọkụ ụlọ mpaghara, mana ejighị ya na DNSSEC.
  • Oke CPUAffinity na-enye ntule nke nkọwapụta “%”.
  • Agbakwunyela paramita ManageForeignRoutingPolicyRules na faịlụ .netwọk, nke enwere ike iji wepụ sistemu-netwọk na nhazi atumatu mbugharị ndị ọzọ.
  • Agbakwunyela oke achọrọFamilyForOnline na faịlụ “.netwọk” iji chọpụta ọnụnọ nke adreesị IPv4 ma ọ bụ IPv6 dị ka akara na interface netwọk dị na steeti “online”. Networkctl na-enye ngosipụta nke ọkwa "online" maka njikọ ọ bụla.
  • Agbakwunyere ihe nrụbama OutgoingInterface na faịlụ .netwọk iji kọwapụta oghere ndị na-apụ apụ mgbe ị na-ahazi àkwà mmiri netwọkụ.
  • Agbakwunyela otu paramita otu na faịlụ ".netwọk", na-enye gị ohere ịhazi otu Multipath maka ntinye na ngalaba "[NextHop]".
  • Nhọrọ agbakwunyere "-4" na "-6" na systemd-network-wait-online iji belata njikọ na-echere naanị IPv4 ma ọ bụ IPv6.
  • Agbakwunyela oke RelayTarget na ntọala nkesa DHCP, nke na-atụgharị ihe nkesa na ọnọdụ DHCP Ralay. Maka nhazi mgbakwunye DHCP relay, a na-enye nhọrọ RelayAgentCircuitId na RelayAgentRemoteId.
  • Agbakwunyela oke ServerAddress na nkesa DHCP, na-enye gị ohere ịtọ adreesị IP nkesa nke ọma (ma ọ bụghị ya, a na-ahọrọ adreesị na-akpaghị aka).
  • Ihe nkesa DHCP na-arụ ọrụ ngalaba [DHCPServerStaticLease], nke na-enye gị ohere ịhazi njikọ adreesị static (DHCP leases), na-akọwapụta njikọ IP na adreesị MAC na ọzọ.
  • Ntọala RestrictAddressFamilies na-akwado uru “enweghị”, nke pụtara na ọrụ ahụ agaghị enwe ohere ịnweta oghere nke ezinụlọ adreesị ọ bụla.
  • Na faịlụ ".network" na [Adreesị], [DHCPv6PrefixDelegation] na [IPv6Prefix] ngalaba, a na-emejuputa nkwado maka ntọala RouteMetric, nke na-enye gị ohere ịkọwapụta metric maka prefix ụzọ emepụtara maka adreesị akọwapụtara.
  • nss-myhostname na systemd-resolved na-enye njikọ nke ndekọ DNS na adreesị maka ndị ọbịa nwere aha pụrụ iche "_outbound", nke a na-enye IP mpaghara mgbe niile, nke a na-ahọrọ dịka ụzọ ndabara eji eme njikọ ọpụpụ.
  • Na faịlụ netwọkụ .net, na ngalaba “[DHCPv4]” agbakwunyela ntọala RoutesToNTP na-arụ ọrụ ndabara, nke chọrọ ịgbakwụnye ụzọ dị iche site na ntanetị netwọkụ dị ugbu a iji nweta adreesị sava NTP enwetara maka interface a site na iji DHCP (dị ka DNS). , ntọala ahụ na-enye gị ohere ikwe nkwa na a ga-ebufe okporo ụzọ na sava NTP site na interface nke enwetara adreesị a).
  • agbakwunyere SocketBindAllow na SocketBindDeny ntọala iji jikwaa ịnweta sọket ejikọtara na ọrụ ugbu a.
  • Maka faịlụ otu, etinyere ọnọdụ ọnọdụ akpọrọ ConditionFirmware, nke na-enye gị ohere ịmepụta ndenye ego na-enyocha ọrụ firmware, dị ka ọrụ na UEFI na sistemu osisi. osisi, yana ịlele ndakọrịta na ụfọdụ ikike osisi-osisi.
  • Tinyere ọnọdụ OS Release nhọrọ iji lelee mpaghara na faịlụ /etc/os-release. Mgbe a na-akọwa ọnọdụ maka ịlele uru ubi, ndị ọrụ "=", "!=", "<", "<=", ">=", ">" na-anabata.
  • Na hostnamectl utility, iwu dị ka "get-xyz" na "set-xyz" na-anapụta na "nweta" na "set" prefixes, dịka ọmụmaatụ, kama "hostnamectl get-hostname" na "hostnamectl" set-hostname " ị nwere ike iji iwu "hostnamectl hostname" ", ọrụ nke uru nke a na-ekpebi site na ịkọwa arụmụka agbakwunyere ("hostnamectl hostname value"). Edobere nkwado maka iwu ochie iji hụ na ndakọrịta.
  • Utility systemd-detect-virt na ọnọdụ ọnọdụ ngbanwe na-eme ka amata gburugburu Amazon EC2 ziri ezi.
  • Ntọala LogLevelMax dị na faịlụ otu ugbu a na-emetụta ọ bụghị naanị na ozi ndekọ nke ọrụ ahụ butere, kamakwa na ozi nhazi PID 1 na-ekwu maka ọrụ ahụ.
  • Enyere ikike ịgụnye data SBAT (UEFI Secure Boot Advanced Targeting) na faịlụ EFI PE sistemu-boot.
  • /etc/crypttab na-emejuputa nhọrọ ọhụrụ "enweghị isi" na "paswọọdụ-echo" - nke mbụ na-enye gị ohere ịwụpụ ọrụ niile metụtara mkparịta ụka na-akpali maka okwuntughe na PIN site na onye ọrụ, nke abụọ na-enye gị ohere ịhazi usoro maka igosipụta ntinye paswọọdụ. (gosi ihe ọ bụla, gosi agwa site na agwa yana akara akara ngosi). Agbakwunyela nhọrọ “-echo” na systemd-ask-password maka ebumnuche yiri ya.
  • systemd-cryptenroll, systemd-cryptsetup, na systemd-homed agbasawanyela nkwado maka imeghe akụkụ LUKS2 ezoro ezo site na iji akara FIDO2. Agbakwunyere nhọrọ ọhụrụ "--fido2-with-user-presence", "--fido2-with-user-verification" na "-fido2-with-client-pin" iji chịkwaa nkwenye ọnụnọ anụ ahụ nke onye ọrụ, nkwenye na mkpa ịbanye. koodu PIN.
  • Agbakwunyere nhọrọ “--user”, “-system”, “-merge” na “-file” na sistemu-journal-gatewayd, yiri nhọrọ journalctl.
  • Na mgbakwunye na ndabere ozugbo n'etiti nkeji akọwapụtara site na OnFailure na Slice parameters, agbakwunyere nkwado maka ndabere na-agbanwe agbanwe OnFailureOf na SliceOf, nke nwere ike ịba uru, dịka ọmụmaatụ, maka ịchọpụta nkeji niile etinyere na iberi.
  • Agbakwunyere ụdị ndabere ọhụrụ n'etiti nkeji: OnSuccess na OnSuccessOf (nke na-abụghị nke OnFailure, nke a na-akpọ na mmecha nke ọma); PropagatesStopTo na StopPropagatedFrom (na-enye gị ohere ịgbasa mmemme nkwụsị otu na nkeji ọzọ); Akwado na nkwadoBy (ọzọ maka Malitegharịa ekwentị).
  • Utility systemd-ask-password nwere ugbu a nhọrọ “--emoji” iji jikwaa ọdịdị akara mkpọchi (🔐) na ahịrị ntinye okwuntughe.
  • agbakwunyere akwụkwọ na nhazi osisi isi mmalite.
  • Maka nkeji, agbakwunyere ihe onwunwe MemoryAvailable, na-egosi ole ebe nchekwa akụkụ ahụ hapụrụ tupu ya eruo oke edobere site na MemoryMax, MemoryHigh ma ọ bụ MemoryAvailable parameters.

isi: opennet.ru

Tinye a comment