Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > systemd system manager kumasulidwa 250

systemd system manager kumasulidwa 250

Pambuyo pa miyezi isanu yachitukuko, kutulutsidwa kwa woyang'anira dongosolo systemd 250 kunaperekedwa Kutulutsidwa kwatsopano kunayambitsa kuthekera kosunga zidziwitso mu mawonekedwe obisika, kutsimikizira kutsimikizika kwa magawo odziwikiratu a GPT pogwiritsa ntchito siginecha ya digito, kuwongolera zambiri pazomwe zimayambitsa kuchedwa. kuyambira mautumiki, ndi njira zowonjezera zochepetsera mwayi wopezera ntchito ku machitidwe ena a mafayilo ndi ma intaneti, chithandizo cha kugawanika kwa umphumphu pogwiritsa ntchito dm-integrity module chimaperekedwa, ndipo chithandizo cha sd-boot auto-update chikuwonjezeredwa.

Zosintha zazikulu:

  • Thandizo lowonjezera la zidziwitso zobisidwa ndi zotsimikizika, zomwe zitha kukhala zothandiza posungira zinthu zodziwika bwino monga makiyi a SSL ndi mawu achinsinsi. Decryption wa ziyeneretso ikuchitika kokha ngati n'koyenera ndi mogwirizana ndi m'deralo unsembe kapena zipangizo. Deta imasungidwa mwachinsinsi pogwiritsa ntchito ma symmetric encryption algorithms, kiyi yomwe imatha kupezeka mu fayilo, mu TPM2 chip, kapena kugwiritsa ntchito chiwembu chophatikiza. Utumiki ukayamba, zidziwitsozo zimasinthidwa zokha ndipo zimapezeka kuutumiki mwanjira yake yanthawi zonse. Kuti mugwire ntchito ndi zidziwitso zobisidwa, zida za 'systemd-creds' zawonjezedwa, ndipo zosintha za LoadCredentialEncrypted ndi SetCredentialEncrypted zaperekedwa kuti zizigwiritsidwa ntchito.
  • sd-stub, EFI executable yomwe imalola EFI firmware kukweza kernel ya Linux, tsopano imathandizira kutsegula kernel pogwiritsa ntchito protocol ya LINUX_EFI_INITRD_MEDIA_GUID EFI. Zomwe zimawonjezeredwa ku sd-stub ndikutha kuyika zidziwitso ndi mafayilo a sysext mu cpio archive ndikusamutsa zosungidwa izi ku kernel pamodzi ndi initrd (mafayilo owonjezera amayikidwa mu /.extra/ directory). Izi zimakupatsani mwayi wogwiritsa ntchito malo otsimikizika osasinthika a initrd, ophatikizidwa ndi ma sysexts ndi data yotsimikizika yobisika.
  • Kufotokozera kwa Discoverable Partitions kwakulitsidwa kwambiri, kupereka zida zozindikirira, kuyika ndi kuyambitsa magawo adongosolo pogwiritsa ntchito GPT (GUID Partition Tables). Poyerekeza ndi zomwe zatulutsidwa m'mbuyomu, mawonekedwewo tsopano amathandizira magawo a mizu ndi / usr magawo azomangamanga ambiri, kuphatikiza nsanja zomwe sizigwiritsa ntchito UEFI.

    Discoverable Partitions imawonjezeranso kuthandizira magawo omwe kukhulupirika kwawo kumatsimikiziridwa ndi gawo la dm-verity pogwiritsa ntchito siginecha ya digito ya PKCS#7, kupangitsa kuti zikhale zosavuta kupanga zithunzi zotsimikizika za disk. Thandizo lotsimikizira limaphatikizidwa muzinthu zosiyanasiyana zomwe zimagwiritsa ntchito zithunzi za disk, kuphatikizapo systemd-nspawn, systemd-sysext, systemd-dissect, RootImage services, systemd-tmpfiles, ndi systemd-sysusers.

  • Kwa mayunitsi omwe amatenga nthawi yayitali kuti ayambe kapena kuyimitsa, kuphatikiza pakuwonetsa chowongolera chowongolera, ndizotheka kuwonetsa zidziwitso zomwe zimakupatsani mwayi womvetsetsa zomwe zikuchitika ndi ntchitoyo pakadali pano komanso ntchito yomwe woyang'anira dongosolo ali. panopa akuyembekezera kumaliza.
  • Anawonjezera DefaultOOMScoreAdjust parameter ku /etc/systemd/system.conf ndi /etc/systemd/user.conf, zomwe zimakulolani kuti musinthe malire a OOM-killer kwa kukumbukira kochepa, komwe kumagwiritsidwa ntchito kuzinthu zomwe systemd imayambira pa dongosolo ndi ogwiritsa ntchito. Mwachikhazikitso, kulemera kwa mautumiki a machitidwe ndi apamwamba kuposa ntchito za ogwiritsa ntchito, i.e. Pakakhala kukumbukira kosakwanira, mwayi wothetsa ntchito za ogwiritsa ntchito ndi wapamwamba kuposa wa machitidwe.
  • Onjezani zoikamo za RestrictFileSystems, zomwe zimakupatsani mwayi woletsa mwayi wopezeka pamitundu ina yamafayilo. Kuti muwone mitundu yamafayilo omwe alipo, mutha kugwiritsa ntchito lamulo la "systemd-analyze filesystems". Mwa fanizo, njira ya RestrictNetworkInterfaces yakhazikitsidwa, yomwe imakulolani kuti muchepetse mwayi wopezeka pa intaneti zina. Kukhazikitsaku kumatengera gawo la BPF LSM, lomwe limaletsa mwayi wamagulu azinthu kuzinthu za kernel.
  • Onjezani fayilo yatsopano / etc/integritytab configuration file ndi systemd-integritysetup utility yomwe imakonza gawo la dm-integrity kuti liwongolere kukhulupirika kwa deta pa gawo la gawo, mwachitsanzo, kutsimikizira kusasinthika kwa deta yosungidwa (Authenticated Encryption, imatsimikizira kuti chipika cha deta chilipo. sichinasinthidwe m'njira yozungulira). Mawonekedwe a fayilo /etc/integritytab ndi ofanana ndi /etc/crypttab ndi /etc/veritytab mafayilo, kupatula kuti dm-integrity imagwiritsidwa ntchito m'malo mwa dm-crypt ndi dm-verity.
  • Fayilo yatsopano ya unit systemd-boot-update.service yawonjezedwa, ikatsegulidwa ndipo sd-boot bootloader imayikidwa, systemd idzasintha zokha za sd-boot bootloader, kusunga code bootloader nthawi zonse. sd-boot yokhayo idamangidwa mwachisawawa ndi chithandizo cha SBAT (UEFI Secure Boot Advanced Targeting), yomwe imathetsa mavuto ndi kuchotsedwa kwa satifiketi ya UEFI Secure Boot. Kuphatikiza apo, sd-boot imapereka mwayi wowunikira zoikamo za Microsoft Windows kuti mupange bwino mayina a magawo a boot ndi Windows ndikuwonetsa mtundu wa Windows.

    sd-boot imaperekanso kuthekera kofotokozera mtundu wamtundu panthawi yomanga. Panthawi yoyambira, onjezerani chithandizo chosinthira mawonekedwe a skrini ndikukanikiza "r" kiyi. Anawonjezera hotkey "f" kupita ku mawonekedwe a firmware. Adawonjezera mawonekedwe kuti ayambitse dongosolo lolingana ndi zomwe zasankhidwa poyambira komaliza. Adawonjezera kuthekera kokweza madalaivala a EFI omwe ali mu /EFI/systemd/drivers/ directory mu gawo la ESP (EFI System Partition).

  • Fayilo yatsopano ya unit factory-reset.target ikuphatikizidwa, yomwe imakonzedwa mu systemd-logind mofanana ndi kuyambiranso, poweroff, kuyimitsa ntchito ndi hibernate, ndipo imagwiritsidwa ntchito popanga ogwira ntchito kuti akonzenso fakitale.
  • Ndondomeko yokhazikitsidwa ndi systemd tsopano imapanga socket yowonjezera yomvetsera ku 127.0.0.54 kuwonjezera pa 127.0.0.53. Zopempha zomwe zikufika pa 127.0.0.54 zimatumizidwa ku seva ya DNS yakumtunda ndipo sizisinthidwa kwanuko.
  • Zinapereka kuthekera kopanga systemd-importd and systemd-resolved ndi laibulale ya OpenSSL m'malo mwa libgcrypt.
  • Anawonjezera chithandizo choyambirira cha zomangamanga za LoongArch zomwe zimagwiritsidwa ntchito mu ma processor a Loongson.
  • systemd-gpt-auto-jenereta imapereka kuthekera kosintha magawo osinthika osinthidwa osungidwa ndi kachitidwe kakang'ono ka LUKS2.
  • Khodi yoyika zithunzi ya GPT yomwe imagwiritsidwa ntchito mu systemd-nspawn, systemd-dissect, ndi zida zofananira zimagwiritsa ntchito luso lotha kujambula zithunzi zamamangidwe ena, kulola kuti systemd-nspawn igwiritsidwe ntchito kuyendetsa zithunzi pa emulators a zomanga zina.
  • Mukayang'ana zithunzi za disk, systemd-dissect tsopano ikuwonetsa zambiri za cholinga cha magawowo, monga kuyenerera kwa booting kudzera UEFI kapena kuthamanga mu chidebe.
  • Gawo la "SYSEXT_SCOPE" lawonjezedwa ku mafayilo a system-extension.d/, kukulolani kuti muwonetse kukula kwa chithunzi chadongosolo - "initrd", "system" kapena "portable".
  • Gawo la "PORTABLE_PREFIXES" lawonjezedwa ku fayilo ya os-release, yomwe ingagwiritsidwe ntchito pazithunzi zonyamulika kuti mudziwe zoyambira zamafayilo zothandizidwa.
  • systemd-logind imayambitsa zoikamo zatsopano HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress ndi HandleHibernateKeyLongPress, zomwe zingagwiritsidwe ntchito kudziwa zomwe zimachitika makiyi ena akasungidwa kwa masekondi opitilira 5 (mwachitsanzo, kukanikiza makiyi a Suspend kuti akhazikitsidwe mwachangu , ndipo ikaigwira, idzagona).
  • Kwa mayunitsi, zoikamo za StartupAllowedCPUs ndi StartupAllowedMemoryNodes zimakhazikitsidwa, zomwe zimasiyana ndi zosintha zofananira popanda chiyambi cha Startup chifukwa zimangogwiritsidwa ntchito poyambira ndi kutseka, zomwe zimakulolani kuyika zoletsa zina pa boot.
  • Wowonjezera [Condition|Assert][Memory|CPU|IO]Macheke a Pressure omwe amalola kuti kutsegulira kwa unit kuduludwe kapena kulephereka ngati makina a PSI azindikira kukumbukira, CPU, ndi I/O pakompyuta.
  • Malire osasinthika a innode awonjezeka kwa gawo la / dev kuchokera ku 64k kupita ku 1M, ndi gawo la /tmp kuchokera ku 400k kufika ku 1M.
  • Kukonzekera kwa ExecSearchPath kwaperekedwa kwa mautumiki, zomwe zimapangitsa kuti zitheke kusintha njira yosaka mafayilo omwe angathe kuchitika omwe ayambitsidwa kudzera muzokonda monga ExecStart.
  • Onjezani zoikamo za RuntimeRandomizedExtraSec, zomwe zimakupatsani mwayi woyambitsa zopatuka mwachisawawa mu RuntimeMaxSec timeout, zomwe zimachepetsa nthawi yogwiritsira ntchito unit.
  • Ma syntax a RuntimeDirectory, StateDirectory, CacheDirectory ndi LogsDirectory zosintha zawonjezedwa, momwemo pofotokoza mtengo wowonjezera wolekanitsidwa ndi colon, mutha kupanga tsopano ulalo wophiphiritsa ku bukhu loperekedwa kuti mukonzekere mwayi wopezeka m'njira zingapo.
  • Pazithandizo, zokonda za TTYRows ndi TTYColumns zimaperekedwa kuti zikhazikitse kuchuluka kwa mizere ndi mizati mu chipangizo cha TTY.
  • Onjezani zoikamo za ExitType, zomwe zimakupatsani mwayi wosintha malingaliro kuti mudziwe kutha kwa ntchito. Mwachikhazikitso, systemd imangoyang'anira kufa kwa njira yayikulu, koma ngati ExitType=cgroup yakhazikitsidwa, woyang'anira dongosolo amadikirira kuti ntchito yomaliza mugulu ithe.
  • Kukhazikitsa kwa systemd-cryptsetup kwa TPM2/FIDO2/PKCS11 kuthandizira tsopano kwamangidwanso ngati pulogalamu yowonjezera ya cryptsetup, kulola kuti lamulo lanthawi zonse la cryptsetup ligwiritsidwe ntchito kutsegula magawo obisika.
  • Chogwirizira cha TPM2 mu systemd-cryptsetup/systemd-cryptsetup chimawonjezera kuthandizira makiyi oyambira a RSA kuphatikiza makiyi a ECC kuti azitha kuyanjana ndi tchipisi tosakhala a ECC.
  • Chosankha cha nthawi-token-timeout chawonjezeredwa ku /etc/crypttab, zomwe zimakulolani kufotokozera nthawi yochuluka yodikirira PKCS#11/FIDO2 kugwirizana kwa tokeni, pambuyo pake mudzafunsidwa kuti mulowetse mawu achinsinsi kapena chinsinsi chochira.
  • systemd-timesyncd imagwiritsa ntchito makonda a SaveIntervalSec, omwe amakulolani kuti musunge nthawi yomwe ilipo pa disk, mwachitsanzo, kukhazikitsa wotchi ya monotonic pamakina opanda RTC.
  • Zosankha zawonjezedwa pazogwiritsa ntchito systemd-analyze: "--image" ndi "--root" poyang'ana mafayilo amagawo mkati mwa chithunzi chomwe chaperekedwa kapena chikwatu cha mizu, "-recursive-errors" poganizira magawo omwe amadalira pakalakwitsa. wapezeka, "--offline" poyang'ana padera mafayilo amayunitsi osungidwa ku disk, "-json" kuti atuluke mumtundu wa JSON, "-chete" kuletsa mauthenga osafunika, "-profile" kuti agwirizane ndi mbiri yonyamula. Chowonjezeranso ndi inspect-elf command pakugawa mafayilo amtundu wa ELF komanso kuthekera koyang'ana mafayilo amayunitsi ndi dzina lagawo lopatsidwa, mosasamala kanthu kuti dzinali likufanana ndi dzina lafayilo.
  • systemd-networkd yakulitsa chithandizo cha basi ya Controller Area Network (CAN). Makonda owonjezera kuti muwongolere mitundu ya CAN: Loopback, OneShot, PresumeAck ndi ClassicDataLengthCode. Added TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment2 ndi DataSyncJumpWidth options ku gawo la [CAnetwork.CANwork] la mawonekedwe a bit.
  • Systemd-networkd yawonjezera njira ya Label kwa kasitomala wa DHCPv4, yomwe imakupatsani mwayi wokonza ma adilesi omwe amagwiritsidwa ntchito pokonza ma adilesi a IPv4.
  • systemd-udevd ya "ethtool" imagwiritsa ntchito zida zapadera za "max" zomwe zimayika kukula kwa buffer pamtengo wokwanira wothandizidwa ndi zida.
  • Mu mafayilo a .link a systemd-udevd tsopano mutha kukonza magawo osiyanasiyana ophatikizira ma adapter a netiweki ndi kulumikiza othandizira ma hardware (kutsitsa).
  • systemd-networkd imapereka mafayilo atsopano a .network mwachisawawa: 80-container-vb.network kutanthauzira maulalo a netiweki opangidwa poyendetsa systemd-nspawn ndi "--network-bridge" kapena "--network-zone" zosankha; 80-6rd-tunnel.network kutanthauzira ma tunnel omwe amapangidwa okha polandira yankho la DHCP ndi njira ya 6RD.
  • Systemd-networkd ndi systemd-udevd awonjezera thandizo la kutumiza kwa IP pa malo ochezera a InfiniBand, pomwe gawo la "[IPoIB]" lawonjezedwa ku mafayilo a systemd.netdev, ndikukonza mtengo wa "ipoib" wakhazikitsidwa mu Mtundu. kukhazikitsa.
  • systemd-networkd imapereka kasinthidwe kanjira ka ma adilesi omwe atchulidwa mugawo la AllowedIPs, lomwe lingathe kukhazikitsidwa kudzera mu magawo a RouteTable ndi RouteMetric mu [WireGuard] ndi [WireGuardPeer] magawo.
  • systemd-networkd imapereka ma adilesi osasintha a MAC a batadv ndi mlatho. Kuti mulepheretse izi, mutha kutchula MACAddress=palibe mu mafayilo a .netdev.
  • Kukonzekera kwa WakeOnLanPassword kwawonjezeredwa ku .link mafayilo mu gawo la "[Link]" kuti mudziwe mawu achinsinsi pamene WoL ikugwira ntchito mu "SecureOn".
  • Added AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Wash, SplitGSO ndi UseRawPacketSize zokonda pa "chigawo cha "[CAKE]" cha .network owona kuti afotokoze magawo a CAKE (Common Applications management) makina Osungidwa .
  • Yawonjezera zoikamo za IgnoreCarrierLoss ku gawo la "[Network]" la mafayilo a .network, zomwe zimakupatsani mwayi wodziwa kuti mudikire nthawi yayitali bwanji musanayankhe kutayika kwa chizindikiro chonyamula katundu.
  • Systemd-nspawn, homectl, machinectl ndi systemd-run zakulitsa mawu a parameter ya "--setenv" - ngati dzina losinthika latchulidwa (popanda "="), mtengowo udzatengedwa kuchokera kumitundu yofananira Mwachitsanzo, potchula "--setenv=FOO" mtengowo udzatengedwa kuchokera ku $FOO chilengedwe chosinthika ndikugwiritsidwa ntchito pakusintha kwachilengedwe kwa dzina lomwelo lomwe layikidwa mu chidebe).
  • systemd-nspawn yawonjezera njira ya "--suppress-sync" kuti muyimitse mafoni a sync()/fsync()/fdatasync() popanga chidebe (chothandiza ngati liwiro ndilofunika kwambiri ndikusunga zinthu zakale ngati zitalephera. osafunikira, chifukwa amatha kupangidwanso nthawi iliyonse).
  • Dongosolo latsopano la hwdb lawonjezedwa, lomwe limaphatikizapo mitundu yosiyanasiyana yowunikira ma sign (multimeters, analyzers protocol, oscilloscopes, etc.). Zambiri zamakamera mu hwdb zakulitsidwa ndi gawo lokhala ndi chidziwitso chamtundu wa kamera (yokhazikika kapena ya infrared) ndi ma lens (kutsogolo kapena kumbuyo).
  • Kuthandizira kutulutsa mayina osasintha a netiweki pazida zam'tsogolo zomwe zimagwiritsidwa ntchito ku Xen.
  • Kusanthula kwamafayilo oyambira ndi systemd-coredump utility yotengera malaibulale a libdw/libelf tsopano ikuchitika mwanjira ina, yodzipatula ku malo a sandbox.
  • systemd-importd yawonjezera thandizo pazosintha zachilengedwe $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA, $SYSTEMD_IMPORT_SYNC, yomwe mutha kuyimitsa kutulutsa kwa magawo a Btrfs, komanso kukonza ma quotas ndi kulunzanitsa kwa disk.
  • Mu systemd-journald, pamafayilo omwe amathandizira kukopera-pa-kulemba, mawonekedwe a COW amayatsidwanso m'manyuzipepala osungidwa, kuwalola kuti apanikizidwe pogwiritsa ntchito Btrfs.
  • systemd-journald imagwiritsa ntchito kubwereza kwa magawo ofanana mu uthenga umodzi, zomwe zimachitika panthawiyi musanayike uthengawo m'magazini.
  • Onjezani "--show" njira yoletsa kuletsa kuti muwonetse kutsekedwa komwe kunakonzedwa.

Source: opennet.ru

Kuwonjezera ndemanga