Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > systemd 245 yomwe ikupezeka ndikukhazikitsa chikwatu chakunyumba

systemd 245 yomwe ikupezeka ndikukhazikitsa chikwatu chakunyumba

Pambuyo pa miyezi itatu ya chitukuko zoperekedwa kutulutsidwa kwa system manager systemd 245. Pakutulutsidwa kwatsopano, zida zatsopano za systemd-homed ndi systemd-repart zikuwonjezedwa, kuthandizira kwamafayilo osunthika amtundu wa JSON akuphatikizidwa, kuthekera kofotokozera malo mu systemd-journald kwaperekedwa, ndipo chithandizo cha "pidfd" chimawonjezedwa. . Zokonzedwanso kwathunthu tsamba la polojekiti, yomwe imasonkhanitsa zolemba zambiri zomwe zilipo ndikupereka chizindikiro chatsopano.

systemd 245 yomwe ikupezeka ndikukhazikitsa chikwatu chakunyumba

waukulu kusintha:

  • Ntchito yowonjezeredwa systemd-homed, yomwe imapereka kasamalidwe ka zolemba zapanyumba zonyamulika, zoperekedwa ngati fayilo yazithunzi zokwera, zomwe zimasungidwa. Systemd-homed imakupatsani mwayi wopanga malo okhazikika a data ya ogwiritsa ntchito omwe amatha kusamutsidwa pakati pa makina osiyanasiyana osadandaula za kulunzanitsa kwa zizindikiritso ndi chinsinsi. Zidziwitso za ogwiritsa ntchito zimamangiriridwa ku chikwatu chakunyumba m'malo mosintha kachitidwe - mbiri yomwe ili m'malo mwake imagwiritsidwa ntchito m'malo mwa / etc/passwd, /etc/group ndi /etc/shadow JSON. Kuti mudziwe zambiri, onani kulengeza komaliza systemd-homed.
  • Wowonjezera systemd-homed companion component "userdb” (β€œsystemd-userb”), yomwe imamasulira maakaunti a UNIX/glibc NSS kukhala marekodi a JSON ndipo imapereka Varlink API yolumikizana pofunsa ndi kubwereza marekodi. Mbiri ya JSON yolumikizidwa ndi chikwatu chakunyumba imatchula magawo ofunikira pa ntchito ya wogwiritsa ntchito, kuphatikiza dzina lolowera, mawu achinsinsi, makiyi a encryption, quotas, ndi zothandizira. Mbiriyo imatha kutsimikiziridwa ndi siginecha ya digito yosungidwa pa chizindikiro chakunja cha Yubikey. Kuti muyang'anire mbiri, ntchito ya "userbctl" ikuperekedwa. Thandizo la mbiri ya JSON lawonjezeredwa kuzinthu zosiyanasiyana za systemd, kuphatikizapo systemd-logind ndi pam-systemd, kulola ogwiritsira ntchito mauthenga osunthika kuti atsimikizire, kulowa, kukhazikitsa zosintha zachilengedwe, kupanga gawo, kuika malire, ndi zina zotero. M'tsogolomu, zikuyembekezeka kuti chimango cha ssd chizitha kupanga mbiri ya JSON yokhala ndi zoikamo za ogwiritsa zosungidwa mu LDAP.
  • Chida chatsopano cha "systemd-repart" chawonjezedwa, chopangidwira kugawa matebulo ogawa ma disk mumtundu wa GPT. Magawo ogawa amatanthauzidwa mu mawonekedwe ofotokozera kudzera mu mafayilo omwe amafotokoza magawo omwe akuyenera kukhalapo kapena omwe angakhalepo. Pa boot iliyonse, tebulo la magawo enieni limafananizidwa ndi mafayilowa, pambuyo pake magawo omwe akusowa amawonjezedwa kapena, ngati wachibale kapena kukula kwathunthu komwe kumatanthauzidwa muzokonda sikukugwirizana, kukula kwa zomwe zilipo zikuwonjezeka. Zosintha zowonjezera zokha ndizololedwa, i.e. kuchotsa ndi kuchepetsa kukula sikungatheke, magawo akhoza kuwonjezeredwa ndi kukulitsidwa.
    Zomwe zimagwiritsidwa ntchito zimapangidwira kuti zikhazikitsidwe kuchokera ku initrd ndipo zimangodziwiratu diski yomwe gawo la mizu lilipo, lomwe silifuna kusinthidwa kowonjezera, kupatula mafayilo omwe ali ndi tanthauzo la zosintha.

    M'malo mwake, systemd-repart ikhoza kukhala yothandiza pazithunzi zamakina ogwiritsira ntchito zomwe zitha kutumizidwa pang'onopang'ono, ndipo boot yoyamba ikatha kukulitsidwa mpaka kukula kwa chida chomwe chilipo kapena kuwonjezeredwa ndi magawo ena (mwachitsanzo, muzu). kugawa kutha kukulitsidwa kuti kuphimba diski yonse kapena boot yoyamba itatha kupanga gawo losinthana kapena / kunyumba). Ntchito ina ingakhale masanjidwe okhala ndi magawo awiri ozungulira - gawo loyamba lokha litha kuperekedwa koyambirira, ndipo lachiwiri lingapangidwe pa boot yoyamba.

  • Tsopano ndizotheka kukhazikitsa machitidwe angapo a systemd-journald, iliyonse yomwe imasunga zipika m'malo ake. Kuphatikiza pa main systemd-journald.service, .service directory imapereka template yopangira zochitika zina zomangika ku malo awo a mayina pogwiritsa ntchito malangizo a "LogNamespace". Malo aliwonse a chipika amatumizidwa ndi njira yosiyana yakumbuyo yokhala ndi zoikamo ndi malire ake. Mbali yomwe yaperekedwayo ingakhale yothandiza pakuwongolera katundu ndi zipika zambiri kapena kukulitsa kudzipatula kwa pulogalamu. Onjezani "--namespace" njira ku journalctl kuti muchepetse funso ku malo otchulidwa okha.
  • Systemd-udevd ndi zigawo zina za systemd zawonjezera chithandizo cha njira yoperekera mayina ena pamanetiweki, kulola kuti mayina angapo agwiritsidwe ntchito nthawi imodzi pa mawonekedwe amodzi. Dzinali likhoza kukhala zilembo za 128 (m'mbuyomu, dzina la mawonekedwe a netiweki linali la zilembo 16). Mwachikhazikitso, systemd-udevd tsopano imapatsa mawonekedwe amtundu uliwonse mayina osiyanasiyana opangidwa ndi ziwembu zothandizidwa. Izi zitha kusinthidwa kudzera mu zochunira zatsopano za AlternativeName ndi AlternativeNamesPolicy mu mafayilo a .link. systemd-nspawn imagwiritsa ntchito kupanga mayina ena omwe ali ndi dzina lachidebe chonse cha maulalo a veth opangidwa kumbali yolandila.
  • sd-event.h API imawonjezera chithandizo cha Linux kernel subsystem "pidfd" kuti athane ndi vuto logwiritsanso ntchito PID (pidfd imalumikizidwa ndi njira inayake ndipo sikusintha, pomwe PID imatha kulumikizidwa ndi njira ina pambuyo pa zomwe zikuchitika pano. yolumikizidwa nayo imatuluka PID iyi). Zigawo zonse za systemd kupatula PID 1 zasinthidwa kuti zigwiritse ntchito pidfds ngati subsystem imathandizidwa ndi kernel yomwe ilipo.
  • systemd-logind imapereka macheke ofikira pakusintha kwa terminal kudzera pa PolicyKit. Mwachikhazikitso, zilolezo zosinthira terminal yogwira zimaperekedwa kwa ogwiritsa ntchito okhawo omwe ayambitsa gawo pa terminal yapafupipafupi kamodzi.
  • Kuti zikhale zosavuta kupanga zithunzi za initrd ndi systemd, wothandizira PID 1 tsopano amazindikira ngati akugwiritsidwa ntchito mu initrd ndipo pamenepa amangowonjezera initrd.target m'malo mwa default.target. Ndi njirayi, zithunzi za initrd ndi main system zimatha kusiyana pokhapokha pakakhala fayilo /etc/initrd-release.
  • Anawonjezera kernel command line parameter - "systemd.cpu_affinity", yofanana ndi CPUAffinity njira mu /etc/systemd/system.conf ndikukulolani kuti mukonze chigoba chogwirizana cha CPU cha PID 1 ndi njira zina.
  • Kutsegulanso kwa database ya SELinux ndikuyambitsanso PID 1 kudzera m'malamulo ngati "systemctl daemon-reload".
  • Makonzedwe a "systemd.show-status=error" awonjezedwa kwa wothandizira PID 1, pamene akhazikitsidwa, mauthenga olakwika okha ndi kuchedwa kwakukulu panthawi yotsegula akuwonetsedwa pa console.
  • systemd-sysusers adawonjezera chithandizo chopanga ogwiritsa ntchito omwe ali ndi dzina loyambirira la gulu lomwe ndi losiyana ndi dzina la ogwiritsa.
  • systemd-growfs imayambitsa chithandizo cha kukula kwa magawo a XFS kudzera pa x-systemd.growfs mount njira mu /etc/fstab, kuwonjezera pa kukulitsa magawo omwe adathandizidwa kale ndi Ext4 ndi Btrfs.
  • Chowonjezera cha x-initrd.attach ku /etc/crypttab kutanthauzira gawo lobisika lomwe latsegulidwa kale pagawo loyamba.
  • systemd-cryptsetup yawonjezera chithandizo (njira pkcs11-uri mu /etc/crypttab) kuti mutsegule magawo obisika pogwiritsa ntchito PKCS#11 smartcards, mwachitsanzo poyika ma partition encryption ku YubiKeys.
  • Zosankha zatsopano zokwera "x-systemd.required-by" ndi "x-systemd.wanted-by" zawonjezedwa ku /etc/fstab kuti akonze momveka bwino mayunitsi omwe amatanthawuza ma mounts omwe amayenera kutchedwa m'malo mwa local-fs.target ndi remote. -fs .target.
  • Njira yatsopano yopangira sandboxing yawonjezedwa - ProtectClock, yomwe imaletsa kulemba ku wotchi yamakina (kufikira kwatsekeredwa pamlingo wa /dev/rtc, mafoni amtundu ndi zilolezo za CAP_SYS_TIME/CAP_WAKE_ALARM).
  • Kufotokozera Partitions Discoverable ndi systemd-gpt-auto-jenereta adawonjezera kuzindikira kwa magawo
    /var ndi /var/tmp.

  • Mu "systemctl list-unit-files", powonetsa mndandanda wa mayunitsi, gawo latsopano lawonekera lomwe likuwonetsa gawo lothandizira lomwe limaperekedwa m'makonzedwe a wopanga amtundu uwu.
  • Chosankha "-with-dependencies" chawonjezeredwa ku "systemctl", ikayikidwa, malamulo monga "systemctl status" ndi "systemctl cat" sichidzawonetsa mayunitsi onse ogwirizana, komanso mayunitsi omwe amadalira.
  • Mu systemd-networkd, kasinthidwe ka qdisc kwawonjezera kuthekera kosintha magawo a TBF (Token Bucket Flter), SFQ (Stochastic Fairness Queuing), CoDel (Controlled-Delay Active Queue Management) ndi FQ (Fair Queue) magawo.
  • systemd-networkd yowonjezera thandizo la zida za netiweki za IFB (Intermediate Functional Block).
  • Systemd-networkd imagwiritsa ntchito MultiPathRoute parameter mu gawo la [Route] kukonza njira zanjira zambiri.
  • Mu systemd-networkd kwa kasitomala wa DHCPv4, njira ya SendDecline yawonjezeredwa, ikatchulidwa, mutalandira yankho la DHCP ndi adiresi, kufufuza kwa adiresi yobwereza kumachitidwa ndipo ngati mkangano wa adiresi wapezeka, adiresi yoperekedwa imakanidwa. Njira ya RouteMTUBytes yawonjezedwanso kwa kasitomala wa DHCPv4, kukulolani kuti mudziwe kukula kwa MTU kwa mayendedwe opangidwa kuchokera ku ma adilesi a IP (lease).
  • Zokonda pa PrefixRoute mu gawo la [Adilesi] la mafayilo a .network zatsitsidwa. Idasinthidwa ndi "AddPrefixRoute", yomwe ili ndi tanthauzo losiyana.
  • Mu mafayilo a .network, kuthandizira kwa mtengo watsopano "_dhcp" wawonjezedwa ku Chipata cha Gateway mu gawo la "[Njira]", ikakhazikitsidwa, njira yokhazikika imasankhidwa kutengera chipata chokonzedwa kudzera pa DHCP.
  • Zokonda zawonekera mu .network mafayilo mu gawo "[RoutingPolicyRule]".
    Wogwiritsa ndi SuppressPrefixLength kuti afotokozere komwe amachokera kutengera ma UID ndi kukula kwachiyambi.

  • Mu networkctl, lamulo la "status" limapereka kuthekera kowonetsa zipika mogwirizana ndi mawonekedwe aliwonse a netiweki.
  • systemd-networkd-wait-online imawonjezera chithandizo pakukhazikitsa nthawi yayitali yodikirira kuti mawonekedwe ayambe kugwira ntchito ndikudikirira kuti mawonekedwe atsike.
  • Yayimitsa kukonza mafayilo a .link ndi .network opanda kanthu kapena ndemanga pagawo "[Match]".
  • M'mafayilo a .link ndi .network, mu gawo la "[Match]", malo a "PermanentMACAddress" awonjezedwa kuti ayang'ane adiresi yokhazikika ya MAC ya zipangizo pakugwiritsa ntchito MAC yopangidwa mwachisawawa.
  • Chigawo cha "[TrafficControlQueueingDiscipline]" mu .network files chasinthidwa kukhala "[NetworkEmulator]", ndipo "NetworkEmulator" prefix yachotsedwa m'maina a zoikamo zogwirizana.
  • systemd-resolved kwa DNS-over-TLS imawonjezera chithandizo pakuwunika kwa SNI.

Source: opennet.ru

Kuwonjezera ndemanga