Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > systemd system manager kumasulidwa 249

systemd system manager kumasulidwa 249

Pambuyo pa miyezi itatu ya chitukuko, kumasulidwa kwa system manager systemd 249 kumasulidwa. kulumikiza mapulogalamu a BPF ku mautumiki, ndikuyika ogwiritsa ntchito mapu ozindikiritsa m'magawo okwera, gawo lalikulu la makonda atsopano a netiweki ndi mwayi wotsegulira zotengera zimaperekedwa.

Zosintha zazikulu:

  • The Journal protocol imalembedwa ndipo ingagwiritsidwe ntchito kwa makasitomala m'malo mwa protocol ya syslog kuti apereke zolemba zakale. The Journal protocol yakhazikitsidwa kwa nthawi yayitali ndipo imagwiritsidwa ntchito kale m'malaibulale ena a kasitomala, komabe, thandizo lake lovomerezeka langolengezedwa kumene.
  • Userdb ndi nss-systemd amapereka chithandizo chowerengera matanthauzo owonjezera a ogwiritsa ntchito omwe ali mu /etc/userb/, /run/userb/, /run/host/userb/ ndi /usr/lib/userdb/ maupangiri, ofotokozedwa mumtundu wa JSON. Zadziwika kuti izi zipereka njira yowonjezera yopangira ogwiritsa ntchito mudongosolo, ndikuwapatsa kuphatikiza kwathunthu ndi NSS ndi /etc/shadow. Thandizo la JSON pazolemba za ogwiritsa ntchito / gulu lidzalolanso kasamalidwe kazinthu zosiyanasiyana ndi zosintha zina kuti ziphatikizidwe kwa ogwiritsa ntchito omwe pam_systemd ndi systemd-logind amawazindikira.
  • nss-systemd imapereka kaphatikizidwe ka zolembera za ogwiritsa / gulu mu /etc/shadow pogwiritsa ntchito mawu achinsinsi osinthika kuchokera ku systemd-homed.
  • Njira yakhazikitsidwa yomwe imathandizira kukonza zosintha pogwiritsa ntchito magawo a disk omwe amalowa m'malo mwa wina ndi mnzake (gawo limodzi limagwira ntchito, lachiwiri ndi lopuma - zosinthazo zimakopera kugawo lopatula, kenako limakhala logwira). Ngati pali mizu iwiri kapena / usr magawo mu chithunzi cha disk, ndipo udev sanazindikire kukhalapo kwa parameter ya 'root=', kapena akukonza zithunzi za disk zomwe zafotokozedwa kudzera mu "--image" njira mu systemd-nspawn ndi systemd. -Dissect utilities, gawo la boot likhoza kuwerengedwa poyerekezera malemba a GPT (poganiza kuti label ya GPT imatchula chiwerengero cha zomwe zili m'gawolo ndipo systemd idzasankha kugawa ndi kusintha kwaposachedwa).
  • Makonda a BPFProgram awonjezedwa pamafayilo apautumiki, omwe mutha kukonza nawo kutsitsa kwa mapulogalamu a BPF mu kernel ndikuwawongolera ndikumangirira kuzinthu zina zadongosolo.
  • Systemd-fstab-generator ndi systemd-repart imawonjezera kuthekera koyambira kuchokera ku ma disks omwe amangokhala ndi / usr magawo ndipo alibe mizu (gawo la mizu lidzapangidwa ndi systemd-repart pa boot yoyamba).
  • Mu systemd-nspawn, njira ya "--private-user-chown" yasinthidwa ndi "--private-user-ownership" njira, yomwe ingavomereze mfundo za "chown" monga zofanana ndi "-- private-user-chown", "off" kuletsa zoyika zakale, "mapu" kuyika ma ID ogwiritsa ntchito pamafayilo oyikidwa ndi "auto" kusankha "mapu" ngati magwiridwe antchito akupezeka mu kernel (5.12+) kapena bwererani kuyitanira mobwerezabwereza kuti "chown" mwanjira ina. Pogwiritsa ntchito mapu, mutha kuyika mafayilo amtundu wina pagawo lakunja kwa wogwiritsa ntchito wina pamakina apano, zomwe zimapangitsa kuti zikhale zosavuta kugawana mafayilo pakati pa ogwiritsa ntchito osiyanasiyana. Mu systemd-homed portable home directory, mapu amalola ogwiritsa ntchito kusamutsa zolemba zawo zakunyumba kupita ku media zakunja ndikuzigwiritsa ntchito pamakompyuta osiyanasiyana omwe alibe mawonekedwe a ID.
  • Mu systemd-nspawn, njira ya "-private-user" tsopano ikhoza kugwiritsa ntchito mtengo wa "identity" kuwonetsa mwachindunji ma ID pokhazikitsa malo ogwiritsira ntchito, mwachitsanzo. UID 0 ndi UID 1 mu chidebecho zidzawonetsedwa mu UID 0 ndi UID 1 kumbali ya wolandirayo, kuti muchepetse ma vectors owukira (chidebecho chidzangolandira luso lachidziwitso m'malo ake).
  • Njira ya "-bind-user" yawonjezedwa ku systemd-spawn kuti itumize akaunti ya wogwiritsa ntchito yomwe ilipo pamalo omwe alandirirako ku chidebe (cholembera chakunyumba chimayikidwa mu chidebe, cholowera / gulu chikuwonjezeredwa, ndi mapu a UID. imachitidwa pakati pa chidebe ndi malo okhalamo).
  • systemd-ask-password ndi systemd-sysusers awonjezera chithandizo chofunsira mawu achinsinsi (passwd.hashed-password. ndi passwd.plaintext-password.) pogwiritsa ntchito makina omwe adayambitsidwa mu systemd 247 kuti asamutse deta yodziwika bwino mafayilo apakatikati mu chikwatu chosiyana. Mwachikhazikitso, zidziwitso zimalandiridwa kuchokera ku ndondomekoyi ndi PID1, yomwe imawalandira, mwachitsanzo, kuchokera kwa woyang'anira chidebe, chomwe chimakulolani kuti musinthe mawu achinsinsi pa boot yoyamba.
  • systemd-firstboot imawonjezera chithandizo chogwiritsa ntchito kusamutsa kotetezedwa kwa makina a data kuti mufufuze magawo osiyanasiyana adongosolo, omwe angagwiritsidwe ntchito poyambitsa zoikamo mukamayamba kuyambitsa chithunzi cha chidebe chomwe chilibe zoikamo zofunika mu / etc.
  • Njira ya PID 1 imatsimikizira kuti dzina la unit ndi kufotokozera zikuwonetsedwa panthawi ya boot. Mutha kusintha zotuluka kudzera pa "StatusUnitFormat=combined" parameter mu system.conf kapena kernel command line kusankha "systemd.status-unit-format=combined"
  • Njira ya "--image" yawonjezedwa ku systemd-machine-id-setup ndi systemd-repart utility kusamutsa fayilo yokhala ndi id yamakina ku chithunzi cha disk kapena kukulitsa kukula kwa chithunzi cha disk.
  • Magawo a MakeDirectories awonjezedwa ku fayilo yosinthira magawo omwe amagwiritsidwa ntchito ndi systemd-repart utility, yomwe ingagwiritsidwe ntchito kupanga zolembera mosagwirizana ndi fayilo yomwe idapangidwa isanawonetsedwe patebulo logawa (mwachitsanzo, kupanga maupangiri a malo okwera kugawa mizu kuti mutha kuyikapo gawolo munjira yowerengera yokha). Kuti muwongolere mbendera za GPT m'magawo opangidwa, ma paramita ofananira nawo a Flags, ReadOnly ndi NoAuto awonjezedwa. The CopyBlocks parameter ili ndi mtengo wa "auto" kuti musankhe nokha gawo la boot ngati gwero pamene mukukopera midadada (mwachitsanzo, pamene mukufunikira kusamutsa magawo anu a mizu kuzinthu zatsopano).
  • GPT imagwiritsa ntchito mbendera ya "grow-file-system", yomwe ili yofanana ndi x-systemd.growfs mount njira ndipo imapereka kuwonjezereka kwachindunji kwa kukula kwa FS kumalire a chipangizo chotchinga ngati kukula kwa FS kuli kochepa kusiyana ndi kugawa. Mbendera imagwira ntchito pamafayilo a Ext3, XFS ndi Btrfs, ndipo itha kugwiritsidwa ntchito pamagawo omwe angodziwika. Mbendera imayatsidwa mwachisawawa pamagawo olembedwa omwe amapangidwa okha kudzera pa systemd-repart. Njira ya GrowFileSystem yawonjezedwa kuti ikonze mbendera mu systemd-repart.
  • Fayilo ya /etc/os-release imapereka chithandizo pamitundu yatsopano ya IMAGE_VERSION ndi IMAGE_ID kuti mudziwe mtundu ndi ID ya zithunzi zosinthidwa ndi atomiki. Zolemba za %M ndi % A zimaperekedwa kuti zilowe m'malo mwa malamulo osiyanasiyana.
  • "--extension" parameter yawonjezedwa ku portablectl kuti mutsegule zithunzi zowonjezera zamakina (mwachitsanzo, kudzera mwa iwo mutha kugawa zithunzi ndi mautumiki owonjezera ophatikizidwa mugawo la mizu).
  • Dongosolo la systemd-coredump limapereka kutulutsa kwa chidziwitso cha ELF build-id popanga kutaya kwapakati, komwe kumatha kukhala kothandiza kudziwa kuti ndi phukusi liti lomwe likulephera ngati chidziwitso chokhudza dzina ndi mtundu wa deb kapena rpm phukusi lamangidwa. mu fayilo ya ELF.
  • Zida zatsopano za zida za FireWire (IEEE 1394) zawonjezedwa ku udev.
  • Mu udev, zosintha zitatu zawonjezedwa ku "net_id" mawonekedwe osankhidwa amtundu wa netiweki omwe amasemphana ndi mayendedwe am'mbuyo: zilembo zolakwika m'mayina a mawonekedwe tsopano zasinthidwa ndi "_"; PCI hotplug mayina kagawo ka s390 machitidwe amakonzedwa mu mawonekedwe hexadecimal; Kugwiritsa ntchito zida za 65535 zomangidwa mu PCI zimaloledwa (zinambala zakale pamwamba pa 16383 zidatsekedwa).
  • systemd-resolved imawonjezera dera la "home.arpa" pamndandanda wa NTA (Negative Trust Anchors), zomwe zimalimbikitsidwa pamanetiweki apanyumba, koma osagwiritsidwa ntchito mu DNSSEC.
  • CPUAffinity parameter imapereka kusanthula kwa zofotokozera za "%".
  • ManageForeignRoutingPolicyRules parameter yawonjezedwa ku mafayilo a .network, omwe angagwiritsidwe ntchito kuchotsa systemd-networkd pokonza ndondomeko za njira za anthu ena.
  • RequiredFamilyForOnline parameter yawonjezedwa ku mafayilo a ".network" kuti mudziwe kupezeka kwa IPv4 kapena IPv6 adilesi monga chizindikiro chakuti mawonekedwe a netiweki ali "pa intaneti". Networkctl imapereka chiwonetsero cha "paintaneti" pa ulalo uliwonse.
  • Anawonjezera OutgoingInterface parameter ku mafailo a .network kutanthauzira malo otuluka mukamakonza milatho yamanetiweki.
  • Gulu lamagulu lawonjezeredwa ku mafayilo a ".network", kukulolani kuti mukonze gulu la Multipath la zolemba mu gawo la "[NextHop]".
  • Zosankha zowonjezera "-4" ndi "-6" ku systemd-network-wait-online kuti muchepetse kulumikizana kudikirira ku IPv4 kapena IPv6 kokha.
  • Gawo la RelayTarget lawonjezeredwa ku zoikamo za seva ya DHCP, zomwe zimasinthira seva ku DHCP Ralay mode. Pakusintha kowonjezera kwa DHCP relay, zosankha za RelayAgentCircuitId ndi RelayAgentRemoteId zimaperekedwa.
  • ServerAddress parameter yawonjezedwa ku seva ya DHCP, kukulolani kuti muyike momveka bwino adilesi ya IP ya seva (kupanda kutero adilesi imasankhidwa yokha).
  • Seva ya DHCP imagwiritsa ntchito gawo la [DHCPServerStaticLease], lomwe limakupatsani mwayi wokonza zomangira maadiresi osasintha (DHCP leases), kutchula ma IP okhazikika kumaadiresi a MAC ndi mosemphanitsa.
  • Zokonda za RestrictAddressFamilies zimathandizira mtengo wa "palibe", zomwe zikutanthauza kuti ntchitoyo sikhala ndi mwayi wopeza socket zabanja lililonse la adilesi.
  • M'mafayilo a ".network" mu zigawo za [Address], [DHCPv6PrefixDelegation] ndi [IPv6Prefix], chithandizo cha RouteMetric setting chimakhazikitsidwa, chomwe chimakulolani kuti mutchule metric ya njira yoyamba yopangidwira ku adiresi yotchulidwa.
  • nss-myhostname ndi systemd-resolved imapereka kaphatikizidwe ka ma DNS maadiresi okhala ndi ma adilesi omwe ali ndi dzina lapadera "_outbound", pomwe IP yakomweko nthawi zonse imaperekedwa, yosankhidwa motsatira njira zosasinthika zomwe zimagwiritsidwa ntchito polumikizana ndi kutuluka.
  • Mumafayilo a .network, muchigawo cha "[DHCPv4]", zosintha zokhazikika za RoutesToNTP zawonjezedwa, zomwe zimafuna kuwonjezera njira ina kudzera pa netiweki yamakono kuti mulowetse adilesi ya seva ya NTP yopezedwa pa mawonekedwewa pogwiritsa ntchito DHCP (yofanana ndi DNS , zoikamo zimakulolani kutsimikizira kuti magalimoto opita ku seva ya NTP adzayendetsedwa kudzera mu mawonekedwe omwe adilesiyi idalandiridwa).
  • Makonda owonjezera a SocketBindAllow ndi SocketBindDeny kuti muwongolere mwayi wofikira kumasoketi omwe ali ndi ntchito yomwe ilipo.
  • Kwa mafayilo amtundu, kukhazikitsidwa kovomerezeka kotchedwa ConditionFirmware kwakhazikitsidwa, komwe kumakupatsani mwayi wopanga macheke omwe amayesa ntchito za firmware, monga kugwira ntchito pa UEFI ndi machitidwe a device.tree, komanso kuyang'ana kuyenderana ndi kuthekera kwamitengo yazida.
  • Inakhazikitsa njira ya ConditionOSRelease kuti muyang'ane minda mu /etc/os-release file. Pofotokoza mikhalidwe yowonera mayendedwe amunda, ogwiritsira ntchito "=", "! =", "=", ">" ndi ovomerezeka.
  • M'gulu la hostnamectl, malamulo monga "get-xyz" ndi "set-xyz" amamasulidwa ku "get" ndi "set" prefixes, mwachitsanzo, m'malo mwa "hostnamectl get-hostname" ndi "hostnamectl" set-hostname " mutha kugwiritsa ntchito lamulo la "hostnamectl hostname" ", kugawa kwa mtengo komwe kumatsimikiziridwa pofotokoza mkangano wowonjezera ("hostnamectl hostname value"). Thandizo la malamulo akale lasungidwa kuti zitsimikizire kuti zimagwirizana.
  • Dongosolo la systemd-detect-virt ndi mawonekedwe a ConditionVirtualization amatsimikizira kuzindikirika kolondola kwa malo a Amazon EC2.
  • Kuyika kwa LogLevelMax m'mafayilo a unit tsopano sikukugwiranso ntchito polemba mauthenga opangidwa ndi utumiki, komanso ku mauthenga a PID 1 omwe amatchula za utumiki.
  • Zinapereka kuthekera kophatikiza data ya SBAT (UEFI Secure Boot Advanced Targeting) mumafayilo a systemd-boot EFI PE.
  • / etc/crypttab imagwiritsa ntchito zosankha zatsopano "zopanda mutu" ndi "password-echo" - yoyamba imakupatsani mwayi kuti mudumphe zochitika zonse zomwe zimagwirizanitsidwa ndi kulimbikitsana kwa mawu achinsinsi ndi ma PIN kuchokera kwa wogwiritsa ntchito, ndipo yachiwiri imakupatsani mwayi wokonza njira yowonetsera mawu achinsinsi. (osawonetsa kalikonse, onetsani mawonekedwe ndi mawonekedwe ndikuwonetsa nyenyezi). Njira ya "--echo" yawonjezedwa ku systemd-ask-password pazolinga zofanana.
  • systemd-cryptenroll, systemd-cryptsetup, ndi systemd-homed awonjezera chithandizo chotsegula magawo obisika a LUKS2 pogwiritsa ntchito ma tokeni a FIDO2. Zosankha zatsopano "--fido2-ndi-user-presence", "--fido2-ndi-user-verification" ndi "-fido2-with-client-pin" kuti muwongolere kutsimikizira kupezeka kwa wogwiritsa ntchito, kutsimikizira komanso kufunikira kolowa. PIN kodi.
  • Onjezani "--user", "--system", "--merge" ndi "--file" zosankha ku systemd-journal-gatewayd, zofanana ndi zosankha za journalctl.
  • Kuphatikiza pa kudalirana kwachindunji pakati pa mayunitsi otchulidwa kudzera mu magawo a OnFailure ndi Gawo, kuthandizira pazodalira zosagwirizana ndi OnFailureOf ndi SliceOf zawonjezedwa, zomwe zingakhale zothandiza, mwachitsanzo, pozindikira mayunitsi onse ophatikizidwa mugawo.
  • Anawonjezera mitundu yatsopano yodalirana pakati pa mayunitsi: OnSuccess ndi OnSuccessOf (zosiyana ndi OnFailure, zomwe zimatchedwa kumaliza bwino); PropagatesStopTo ndi StopPropagatedFrom (kukulolani kuti mufalitse chochitika cha kuyimitsidwa kwa unit kugawo lina); Upholds ndi UpheldBy (njira ina yoyambiranso).
  • Dongosolo la systemd-ask-password tsopano lili ndi njira ya "--emoji" yowongolera mawonekedwe a chizindikiro cha loko (πŸ”) pamzere wolowetsa mawu achinsinsi.
  • Zolemba zowonjezera pa systemd source tree structure.
  • Kwa mayunitsi, katundu wa MemoryAvailable wawonjezedwa, zomwe zikuwonetsa kuchuluka kwa kukumbukira komwe gawoli latsala lisanafikire malire omwe adayikidwa kudzera pazigawo za MemoryMax, MemoryHigh kapena MemoryAvailable.

Source: opennet.ru

Kuwonjezera ndemanga