Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > systemd system manager kumasulidwa 248

systemd system manager kumasulidwa 248

Pambuyo pa miyezi inayi yachitukuko, kumasulidwa kwa woyang'anira dongosolo systemd 248 kumasulidwa. zizindikiro, kuthamanga mayunitsi mu malo akutali ozindikiritsa a IPC, protocol ya B.A.T.M.A.N kwa maukonde maukonde, nftables backend kwa systemd-spawn. Systemd-oomd yakhazikika.

Zosintha zazikulu:

  • Lingaliro la zithunzi za System Extension lakhazikitsidwa, lomwe lingagwiritsidwe ntchito kukulitsa utsogoleri wa / usr/ ndi / opt/ maupangiri, ndikuwonjezera mafayilo owonjezera pa nthawi yothamanga, ngakhale zolemba zomwe zafotokozedwazo zimayikidwa powerenga-pokha. Chithunzi chowonjezera chadongosolo chikayikidwa, zomwe zili mkati mwake zimakutidwa pa /usr/ ndi /opt/ hierarchy pogwiritsa ntchito OverlayFS.

    Chida chatsopano, systemd-sysext, chaperekedwa kuti chilumikize, kudulira, kuwona ndikusintha zithunzi zamakina owonjezera. Kuti mugwirizane ndi zithunzi zomwe zaikidwa kale panthawi ya boot, ntchito ya systemd-sysext.service yawonjezedwa. Adawonjezedwa "SYSEXT_LEVEL=" parameter ku fayilo ya os-release kuti muwone mulingo wazowonjezera zothandizidwa.

  • Kwa mayunitsi, makonzedwe a ExtensionImages akhazikitsidwa, omwe angagwiritsidwe ntchito kulumikiza zithunzi zowonjezera zamakina ku FS namespace hierarchy ya mautumiki odzipatula.
  • Wowonjezera /etc/veritytab fayilo yosinthira kuti musinthe kutsimikizika kwa data pamlingo wa block pogwiritsa ntchito dm-verity module. Mafayilo amafanana ndi /etc/crypttab - "section_name device_for_data device_for_hashes check_hash_root options." Yowonjezera systemd.verity.root_options kernel command line njira yokonza dm-verity behaviour pa root device.
  • systemd-cryptsetup imawonjezera kuthekera kochotsa PKCS#11 token URI ndi kiyi yobisidwa kuchokera pamutu wa metadata wa LUKS2 mumtundu wa JSON, zomwe zimalola zambiri zakutsegula chipangizo chobisidwa kuti chiphatikizidwe mu chipangizocho chokha osaphatikiza mafayilo akunja.
  • systemd-cryptsetup imapereka chithandizo chotsegula magawo obisika a LUKS2 pogwiritsa ntchito tchipisi ta TPM2 ndi ma tokeni a FIDO2, kuwonjezera pa ma tokeni a PKCS#11 omwe adathandizidwa kale. Kutsegula libfido2 kumachitika kudzera pa dlopen (), i.e. kupezeka kumawunikiridwa pa ntchentche, osati ngati kudalira kolimba.
  • Zosankha zatsopano "no-write-workqueue" ndi "no-read-workqueue" zawonjezedwa ku /etc/crypttab for systemd-cryptsetup kuti athe kukonza synchronous I/O yokhudzana ndi kubisa ndi kubisa.
  • Dongosolo la systemd-repart lawonjezera kuthekera koyambitsa magawo osungidwa pogwiritsa ntchito tchipisi ta TPM2, mwachitsanzo, kupanga gawo lobisika / var pa boot yoyamba.
  • Dongosolo la systemd-cryptenroll lawonjezeredwa kuti limangire zizindikiro za TPM2, FIDO2 ndi PKCS#11 ku magawo a LUKS, komanso kumasula ndikuwona zizindikiro, kumanga makiyi osungira ndikuyika mawu achinsinsi kuti mufike.
  • Anawonjezera parameter ya PrivateIPC, yomwe imakulolani kuti musinthe fayilo ya unit kuti muyendetse njira mu malo akutali a IPC okhala ndi zozindikiritsa zawo zosiyana ndi mzere wa mauthenga. Kuti mulumikize chigawo ku malo ozindikiritsa a IPC omwe adapangidwa kale, njira ya IPCNamespacePath ikuperekedwa.
  • Zowonjezera ExecPaths ndi NoExecPaths zoikamo kuti mulole mbendera ya noexec igwiritsidwe ntchito kumadera ena a fayilo.
  • systemd-networkd imawonjezera chithandizo cha protocol ya B.A.T.M.A.N. ("Better Approach To Mobile Adhoc Networking"), yomwe imakupatsani mwayi wopanga maukonde okhazikika, node iliyonse yomwe imalumikizidwa kudzera m'malo oyandikana nawo. Pakusintha, gawo la [BatmanAdvanced] mu .netdev, gawo la BatmanAdvanced mu mafayilo a .network, ndi mtundu wa chipangizo chatsopano "batadv" akuperekedwa.
  • Kukhazikitsa njira yoyankhira koyambirira kwa kukumbukira kochepa mu systemd-oomd system kwakhazikika. Anawonjezera njira ya DefaultMemoryPressureDurationSec kukonza nthawi yodikirira kuti chida chitulutsidwe chisanakhudze gawo. Systemd-oomd imagwiritsa ntchito kernel subsystem ya PSI (Pressure Stall Information) ndikukulolani kuti muwone kuyambika kwa kuchedwa chifukwa cha kusowa kwazinthu ndikusankha kusiya njira zogwiritsa ntchito kwambiri panthawi yomwe dongosololi silinafike povuta ndipo silikuvuta. Yambani kudula mwachangu posungira ndikusintha deta mu magawo osinthana.
  • Wowonjezera kernel command line parameter "root = tmpfs", yomwe imakulolani kuyika magawo a mizu muzosungirako zosakhalitsa zomwe zili mu RAM pogwiritsa ntchito Tmpfs.
  • Gawo la /etc/crypttab lomwe limatchula fayilo lofunikira tsopano litha kuloza ku mitundu ya socket AF_UNIX ndi SOCK_STREAM. Pankhaniyi, fungulo liyenera kuperekedwa polumikizana ndi socket, yomwe, mwachitsanzo, ingagwiritsidwe ntchito kupanga mautumiki omwe amatulutsa makiyi.
  • Dzina lolowera kumbuyo lomwe lingagwiritsidwe ntchito ndi woyang'anira dongosolo ndi systemd-hostnamed tsopano litha kukhazikitsidwa m'njira ziwiri: kudzera pa DEFAULT_HOSTNAME parameter mu os-release komanso kudzera mu $SYSTEMD_DEFAULT_HOSTNAME kusintha kwa chilengedwe. systemd-hostnamed imagwiranso ntchito "localhost" mu dzina la alendo ndikuwonjezera kuthekera kotumiza dzina la alendo komanso katundu wa "HardwareVendor" ndi "HardwareModel" kudzera pa DBus.
  • Chotchinga chokhala ndi zosintha zowoneka bwino tsopano chikhoza kukonzedwa kudzera mu njira yatsopano ya ManagerEnvironment mu system.conf kapena user.conf, osati kudzera pamzere wamalamulo a kernel ndi zosintha zamafayilo a unit.
  • Panthawi yophatikizira, ndizotheka kugwiritsa ntchito foni ya fexecve() kuti muyambitse njira m'malo mwa execve() kuti muchepetse kuchedwa pakati pa kuyang'ana zachitetezo ndikuchigwiritsa ntchito.
  • Kwa mafayilo amayunitsi, machitidwe atsopano a ConditionSecurity=tpm2 ndi ConditionCPUFeature awonjezedwa kuti ayang'ane kukhalapo kwa zida za TPM2 ndi kuthekera kwa CPU payekha (mwachitsanzo, ConditionCPUFeature=rdrand angagwiritsidwe ntchito kuwunika ngati purosesa imathandizira ntchito ya RDRAND).
  • Kwa ma maso omwe alipo, matebulo opangira makina opangira ma seccomp akhazikitsidwa.
  • Yawonjezera kuthekera kosintha mabind mounts m'malo omwe alipo kale a ntchito, osayambitsanso ntchito. Kulowetsa kumachitidwa ndi malamulo 'systemctl bind …' ndi 'systemctl mount-image …'.
  • Thandizo lowonjezera lofotokozera njira mu fomu "truncate:" ku StandardOutput ndi StandardError zoikamo kuti zichotsedwe musanagwiritse ntchito.
  • Anawonjezera kuthekera kokhazikitsa kulumikizana ndi gawo la wogwiritsa ntchito muchotengera chapafupi ndi sd-bus. Mwachitsanzo "systemctl -user -M lennart@ start qux".
  • Magawo otsatirawa akugwiritsidwa ntchito mu mafayilo a systemd.link mu gawo la [Link]:
    • Zachiwerewere - zimakulolani kuti musinthe chipangizocho kuti mukhale "wotayirira" kuti mugwiritse ntchito mapaketi onse a netiweki, kuphatikizapo omwe sanatumizidwe ku dongosolo lamakono;
    • TransmitQueues and ReceiveQueues pokhazikitsa chiwerengero cha mizere ya TX ndi RX;
    • TransmitQueueLength kukhazikitsa kukula kwa mzere wa TX; GenericSegmentOffloadMaxBytes ndi GenericSegmentOffloadMaxSegment poika malire ogwiritsira ntchito ukadaulo wa GRO (Generic Receive Offload).
  • Zokonda zatsopano zawonjezedwa pamafayilo a systemd.network:
    • [Network] RouteTable kusankha tebulo lanjira;
    • [RoutingPolicyRule] Lembani mtundu wa njira ("blackhole, "unreachable", "prohibit");
    • [IPv6AcceptRA] RouteDenyList ndi RouteAllowList pamndandanda wazotsatsa zololedwa ndi zoletsedwa;
    • [DHCPv6] UseAdres kunyalanyaza adilesi yoperekedwa ndi DHCP;
    • [DHCPv6PrefixDelegation] ManageTemporaryAddress;
    • ActivationPolicy kutanthauzira ndondomeko yokhudzana ndi mawonekedwe a mawonekedwe (nthawi zonse khalani ndi chikhalidwe cha UP kapena PASI, kapena kulola wogwiritsa ntchito kusintha zigawo ndi lamulo la "ip link set dev").
  • Zowonjezera [VLAN] Protocol, IngressQOSMaps, EgressQOSMaps, ndi [MACVLAN] Zosankha za BroadcastMulticastQueueLength ku mafayilo a systemd.netdev kuti mukonze kukonza paketi ya VLAN.
  • Imayimitsa kuyika /dev/ chikwatu mumayendedwe a noexec chifukwa imayambitsa mkangano mukamagwiritsa ntchito mbendera yomwe ingagwiritsidwe ntchito ndi /dev/sgx mafayilo. Kuti mubweze machitidwe akale, mutha kugwiritsa ntchito NoExecPaths=/dev setting.
  • Zilolezo za fayilo /dev/vsock zasinthidwa kukhala 0o666, ndipo mafayilo /dev/vhost-vsock ndi /dev/vhost-net asunthidwa ku gulu la kvm.
  • Dongosolo la ID ya Hardware lakulitsidwa ndi zowerengera zala za USB zomwe zimathandizira kugona.
  • systemd-resolved thandizo lowonjezera popereka mayankho ku mafunso a DNSSEC kudzera pa stub resolution. Makasitomala am'deralo amatha kudzitsimikizira okha DNSSEC, pomwe makasitomala akunja amasinthidwa osasinthika ku seva ya makolo a DNS.
  • Anawonjezera CacheFromLocalhost njira ya solved.conf, ikakhazikitsidwa, systemd-resolved idzagwiritsa ntchito caching ngakhale kuyitana kwa seva ya DNS pa 127.0.0.1 (mwachisawawa, caching ya zopempha zotere zimayimitsidwa kuti tipewe kusungitsa kawiri).
  • systemd-resolved imawonjezera chithandizo cha RFC-5001 NSIDs mu DNS solver yakomweko, kulola makasitomala kusiyanitsa pakati pa kuyanjana ndi womasulira wakomweko ndi seva ina ya DNS.
  • The solvectl utility imagwiritsa ntchito kuthekera kowonetsa zambiri za komwe kumachokera deta (cache yakomweko, pempho la netiweki, kuyankha kwa processor yakomweko) komanso kugwiritsa ntchito encryption potumiza deta. Zosankha --cache, --synthesize, --network, --zone, --trust-anchor, ndi --validate zimaperekedwa kuti ziwongolere kutsimikiza kwa dzina.
  • systemd-nspawn imawonjezera chithandizo chokonzekera chowotcha moto pogwiritsa ntchito nftables kuwonjezera pa chithandizo cha iptables chomwe chilipo. Kukhazikitsa kwa IPMasquerade mu systemd-networkd kwawonjezera kuthekera kogwiritsa ntchito nftables-based backend.
  • systemd-localed yowonjezera chithandizo choyimbira locale-gen kuti apange malo omwe akusowa.
  • Zosankha --pager/-no-pager/-json= zawonjezedwa kuzinthu zosiyanasiyana zothandizira / kuletsa mawonekedwe a paging ndi zotuluka mu mtundu wa JSON. Anawonjezera kuthekera koyika kuchuluka kwa mitundu yomwe imagwiritsidwa ntchito mu terminal kudzera pa SYSTEMD_COLORS zosintha zachilengedwe ("16" kapena "256").
  • Zomanga zomwe zili ndi zolemba zosiyana (zogawanika / ndi / usr) ndi chithandizo cha cgroup v1 chachotsedwa.
  • Nthambi yayikulu ku Git idasinthidwanso kuchokera ku 'master' kupita ku 'main'.

Source: opennet.ru

Kuwonjezera ndemanga