ProHoster > Blog > nkhani zapaintaneti > systemd system manager kumasulidwa 257

systemd system manager kumasulidwa 257

Pambuyo pa miyezi isanu ndi umodzi yachitukuko, kutulutsidwa kwa woyang'anira dongosolo systemd 257 kunawonetsedwa zosintha zatsopano: zida zatsopano za systemd-sbsign ndi systemd-keyutil, chithandizo cha MPTCP chikatsegulidwa pa socket, chithandizo choyambirira chomanga ndi laibulale ya Musl C, the updatectl chida chothandizira kukhazikitsa zosintha kudzera pa systemd-sysupdate, kuthekera koyambitsa ntchito m'malo osiyana a PID, chitetezo pakuchotsa mwangozi mafayilo mukamagwiritsa ntchito "systemd-tmpfiles -purge".

Zosintha pakutulutsa kwatsopano zikuphatikiza:

  • Pulogalamu yatsopano, systemd-sbsign, yawonjezedwa kuti isayine mafayilo ogwiritsidwa ntchito pa digito mu mtundu wa PE (Portable Executable) womwe ungagwiritsidwe ntchito poyambitsa mu EFI Secure Boot mode. Mainjini ndi opereka omwe amaperekedwa ndi laibulale ya OpenSSL angagwiritsidwe ntchito popanga ma signature. systemd-sbsign ingagwiritsidwe ntchito ngati njira ina m'malo mwa sbsigntool ndi mapulogalamu a pesign mu utility ya ukify popanga zithunzi za kernel (UKIs), zomwe zimaphatikiza UEFI boot loader (UEFI boot stub) ndi chithunzi cha kernel mu fayilo imodzi. Linux ndi malo a initrd system omwe adayikidwa mu memory.
  • Chida chatsopano, systemd-keyutil, chawonjezedwa chomwe chimagwiritsa ntchito makiyi achinsinsi ndi ziphaso za X.509. Mwachitsanzo, systemd-keyutil ingagwiritsidwe ntchito kuyesa kuthekera kokweza makiyi ndi ziphaso zachinsinsi, ndikuchotsa makiyi a anthu onse mumtundu wa PEM.
  • Mu mayunitsi a ".socket" omwe amagwiritsidwa ntchito kuonetsetsa kuti njira yoyendetsera socket ikugwira ntchito (yoyambira njira poyesa kukhazikitsa kulumikizana kwa netiweki), chithandizo chimayikidwa pa MPTCP (Multipath TCP), kuwonjezera kwa protocol ya TCP yokonzekera kugwira ntchito kwa kulumikizana kwa TCP ndi kutumizidwa kwa mapaketi nthawi imodzi m'njira zingapo kudzera mu ma network osiyanasiyana olumikizidwa ku ma network osiyanasiyana. Ma adilesi a IP.
  • Mulinso zosintha zofunika pakumanga pogwiritsa ntchito laibulale yokhazikika ya Musl C.
  • Zigawo zosiyanasiyana za systemd zomwe zimawonetsa zizindikiro za kupita patsogolo (monga systemd-repart, systemd-sysupdate/updatectl, ndi importctl) tsopano zikuthandizira kugwiritsa ntchito ma ANSI sequences kuti ziwonetse kupita patsogolo. Ma stequence oterewa pakadali pano amathandizidwa kokha mu Windows Terminal (akuyembekezeka kuti pakapita nthawi chinthu chofananacho chidzasamutsidwira ku ma emulators a terminal kuti Linux).
  • Kuthekera kwa gawo la systemd-sysupdate kwakulitsidwa, kumagwiritsidwa ntchito kuzindikira, kutsitsa ndikukhazikitsa zosintha pogwiritsa ntchito makina a atomiki osinthira magawo, mafayilo kapena maupangiri (magawo awiri odziyimira pawokha / mafayilo / ndandanda amagwiritsidwa ntchito, imodzi yomwe ili ndi magwiridwe antchito apano. resource, ndipo inayo imayika chotsatira), zosintha, pambuyo pake zigawo/mafayilo/zowongolera zimasinthidwa). M'malo mwake, systemd-sysupdate imagwiritsidwa ntchito kale mu GNOME OS.

    Kuphatikiza pa ndondomeko ya systemd-sysupdate, ntchito ya dzina lomwelo yawonjezedwa yomwe imalola kuti D-Bus igwiritsidwe ntchito kuyang'anira zosintha zamakina ndi wogwiritsa ntchito wopanda mwayi. Kuti muyendetse ntchito, chida chatsopano cha updatectl chikuphatikizidwanso. Onjezani mbendera ya "-offline" ku systemd-sysupdate kuti mulepheretse kutsitsa metadata pa netiweki ndikugwiritsa ntchito mitundu yomwe idatsitsidwa kale pamakina akomweko. Thandizo lowonjezera pazotulutsa mumtundu wa JSON pamalamulo onse.

  • Katundu watsopano wa "PrivatePIDs" wakhazikitsidwa pazantchito, momwe mungakonzekere kukhazikitsidwa kwa njira ndi PID 1 (init process) mumalo ozindikiritsa njira (PID namespace). M'malo omwe adapangidwa kuti akhazikitse, njira zokha zochokera kumalo opangira dzina zidzawonekera.
  • Kuwonjezedwa kwa machesi osakhudzidwa ndi milandu ku malamulo a udev (monga 'ATTR{foo}==i»abcd»'). Pogwiritsa ntchito udev, ndizotheka kupatsa ogwiritsa ntchito am'deralo opanda mwayi mwayi wopeza ("uaccess") ku chipangizo cha / dev/udmabuf, chomwe chili chofunikira pogwira ntchito ndi makamera a IPMI kudzera pa libcamera. udev imapereka kuzindikira kwamitundu yosiyanasiyana ya crypto wallet yokhala ndi mawonekedwe a USB ndikuyika ID_HARDWARE_WALLET katundu kwa iwo, zomwe zimakulolani kuti mugwiritse ntchito "uaccess" mode kwa iwo kuti apeze ogwiritsa ntchito opanda mwayi.
  • Magawo atsopano RELEASE_TYPE, EXPERIMENT ndi EXPERIMENT_URL awonjezedwa ku fayilo /etc/os-release. "RELEASE_TYPE" ikhoza kutenga "zoyeserera", "chitukuko", "stable" ndi "lts" kuti zisiyanitse mitundu yokhazikika kuchokera ku chitukuko ndi zoyeserera. Ma parameter a EXPERIMENT ndi EXPERIMENT_URL amapangidwa kuti afotokoze zoyambira zakuyeserera.
  • The run0 utility, yopangidwa ngati m'malo mwa pulogalamu ya sudo, yawonjezera njira ya "--shell-prompt-prefix", yomwe imatchula chingwe choyambirira cha chipolopolo cholamula. Mwachikhazikitso, emoji "🦸" imawonetsedwa ngati choyambirira kuti iwonetse gawo lokwezeka.
  • Mu systemd-tmpfiles, kuti mupewe kuchotsa mafayilo olakwika mwangozi, njira ya "--purge" tsopano ikugwira ntchito pazokonda mu tmpfiles.d/ zomwe zili ndi mbendera ya "$" yokhazikitsidwa bwino. Ntchito ya "--purge" ikufunikanso kutchula fayilo imodzi kuchokera ku tmpfiles.d/ directory. Pazingwe zokhala ndi mtundu wa 'L', mbendera ya '?'
  • Mu woyang'anira ntchito ndi zina zothandizira, ndondomeko yotsatila ndondomeko ikupitiriza kusinthidwa kuti igwiritse ntchito PIDFD m'malo mwa PID. PIDFD imagwirizanitsidwa ndi ndondomeko yeniyeni ndipo sisintha, pamene PID ikhoza kugwirizanitsidwa ndi ndondomeko ina pambuyo pa ndondomeko yomwe ikukhudzana ndi PIDyo.
  • Kwa mautumiki, ndizotheka kufotokozera mtengo wa "debug" mu "RestartMode" parameter, momwe ntchito yomwe yalephera idzayambitsidwenso ndi njira yowonongeka (yosintha chilengedwe DEBUG_INVOCATION=1 yakhazikitsidwa), ndipo mtengo wa LogLevelMax udzakhala adakwezedwa kwakanthawi mpaka pamlingo wowongolera.
  • Wothandizira PID 1 ali ndi mphamvu yokweza malamulo a IPE (Integrity Policy Enforcement) LSM module, yomwe imatanthawuza ndondomeko ya kukhulupirika kwa dongosolo lonse (lomwe ntchito zimaloledwa ndi momwe zigawozo ziyenera kutsimikiziridwa).
  • Chosankha cha "DeferReactivation" chawonjezeredwa ku mafayilo a ".timer", omwe amakulolani kudumpha kuyambitsanso nthawi yotsatira ngati ntchitoyo siinamalize kuchitidwa kuyambira pamene inatsegulidwa komaliza.
  • Mu fayilo ya PrivateUsers unit parameter, ndizotheka kufotokozera mtengo wa "identity" kuti athe kupanga mapu a ID popanga malo ogwiritsira ntchito.
  • Thandizo lowonjezera la mtengo "wotsekedwa" ku parameter ya fayilo ya PrivateTmp, yomwe idzagwiritse ntchito maulendo osiyana a tmpfs pa /tmp/ ndi /var/tmp/.
  • Thandizo la "zachinsinsi" ndi "okhwima" modes awonjezedwa ku ProtectControlGroups unit file parameter, ikakhazikitsidwa, malo atsopano a gulu amapangidwira ntchito ndipo cgroupfs imayikidwa. Pamene njira "yokhwima" yakhazikitsidwa, cgroupfs imayikidwa mumayendedwe owerengera okha.
  • Magawo a StateDirectory, RuntimeDirectory, CacheDirectory, LogsDirectory ndi ConfigurationDirectory amapereka kuthekera kogwiritsa ntchito mbendera ya ':ro' kuti aletse mwayi wopezeka m'madawunilodi ogwirizana nawo kuti muwerenge-pokha.
  • Thandizo lowonjezera la mtengo wa "firmware" ku "systemd.machine_id" kernel command line parameter, momwe chizindikiritso cha makina (ID ya makina) chidzawerengedwa potengera UUID kuchokera ku SMBIOS/DeviceTree.
  • Thandizo lowonjezera la ma call a mseal(), listmount(), ndi statmount() omwe ayambitsidwa mu ma kernel releases aposachedwa. Linux.
  • Zogwiritsa ntchito solvectl, timedatectl ndi systemd-inhibit tsopano zimathandizira chilolezo chogwiritsa ntchito Polkit.
  • Anawonjezera kuthekera kogwiritsa ntchito mbendera ya "--now" mu lamulo la "reenable" ku systemctl utility.
  • Chowonjezera "--json" chowonjezera pa systemd-mount utility chotulutsa mumtundu wa JSON (mwachitsanzo, zikafotokozedwa pamodzi ndi "-list-devices", mndandanda wazida utuluka mumtundu wa JSON).
  • Zowonjezera "-l" ndi "--full" ku "localectl" zofunikira kuti mulepheretse kudula mizere yayitali panthawi yotulutsa.
  • Chosankha cha HibernateOnACPower chawonjezeredwa ku sleep.conf, chomwe chimakulolani kuti muchedwe kusintha kuti mugone mpaka chipangizocho chitachotsedwa ku gwero lamagetsi.
  • Mu ma systemd-sysusers, chithandizo cha "!" modifier chawonjezedwa ku mizere ya "u", yomwe mutha kupanga nawo maakaunti otsekedwa kwathunthu (m'mbuyomu, kukhazikitsa mawu achinsinsi olakwika kunkagwiritsidwa ntchito kuletsa wosuta, omwe, mwachitsanzo, sizinapangitse kutsekereza pakutsimikizika kwachinsinsi mu SSH).
  • Systemd-coredump imawonjezera njira ya "EnterNamespace" yomwe imalola mwayi wofikira pamalo okwera pamakina aliwonse osweka kuti mupeze zizindikiro zawo zosokoneza. M'malo mwake, njirayi ikhoza kukhala yothandiza pakukonza mafayilo oyambira kuchokera kuzinthu zomwe zikuyenda muzotengera zakutali.
  • systemd-logind imaphatikizapo kukonza kaphatikizidwe ka Ctrl-Alt-Shift-Esc kutumiza chizindikiro cha org.freedesktop.login1.SecureAttentionKey ku zigawo za chilengedwe cha ogwiritsa ntchito ndi pempho la kusonyeza kukambirana kotetezedwa. Inakhazikitsa "DesignatedMaintenanceTime" kuti mukonzeretu ntchito kuti imalize panthawi yake. Pofananiza ndi chithandizo cha zida za DRM ndi evdev, thandizo lawonjezeredwa pakukonza mwayi kwa ogwiritsa ntchito opanda mwayi kuti abise zida (owongolera masewera ndi zokometsera).
  • systemd-machined tsopano ikuthandiza kulowa kwa makasitomala opanda mwayi. makina enieni ndi zotengera. Kupeza magwiridwe antchito a systemd-machined kumaperekedwa kudzera mu Varlink API, kuwonjezera pa D-Bus.
  • Gawo latsopano "[IPv6AddressLabel]" yawonjezedwa ku fayilo ya networkd.conf kuti mukonze zilembo ndi ma prefixes a IPv6 adilesi
  • Chowonjezera "--stdin" ku lamulo la 'networkctl edit' kuti mupeze zomwe zili mufayilo kuchokera pamtsinje wamba. Thandizo lowonjezera pakusintha ndi kuwonetsa mafayilo a .netdev pofotokoza mawonekedwe a netiweki ku malamulo a 'networkctl edit' ndi 'networkctl cat'. Njira yowonjezera "--no-ask-password" kuti muyimitse chilolezo chogwiritsa ntchito.
  • Onjezani njira ya "-certificate-source" ku ukify, bootctl, systemd-keyutil, systemd-measure, systemd-repart, ndi systemd-sbsign utilities kuti mutse chiphaso cha X.509 kudzera pa OpenSSL m'malo motsitsa mwachindunji kuchokera pa wapamwamba.
  • systemd-boot imawonjezera kuthekera kogwiritsa ntchito mabatani a voliyumu kuti musunthe mmwamba ndi pansi kudzera pa boot menyu, yomwe ingakhale yothandiza pazida monga mafoni a m'manja. Thandizo loyika UEFI Secure Boot database mumtundu wa ESL(db/dbx/…) wa systemd-boot wawonjezedwa ku bootctl utility.
  • Chowonjezera cha "-list-invocation" ku journalctl kuwonetsa mndandanda wamayimbidwe amtundu ndi "--invocation" njira ("-I") kuwonetsa zipika zomwe zimalumikizidwa ndi kuyimba kwapadera kokha.
  • systemd-nspawn imawonjezera chithandizo chakugwiritsa ntchito molakwika FUSE (Filesystem mu Userspace) m'mitsuko. Mukamagwiritsa ntchito njira ya "-bind-user", makiyi a SSH a wogwiritsa ntchito omwe amafunikira kuti apeze kudzera pa SSH amatumizidwa ku chidebecho.
  • libsystemd yawonjezera mawonekedwe atsopano "sd-json" omwe amagwiritsa ntchito mtundu wa JSON, komanso mawonekedwe "sd-varlink" omwe amagwiritsa ntchito IPC Varlink.
  • Mtundu wovomerezeka wa kernel wasinthidwa kuti utulutse 5.4, yomwe idapangidwa mu 2019. Chaka chamawa akukonzekera kusiya kuthandizira ma maso akale ndikuyika kumasulidwa kwa 5.4 ngati mtundu wocheperako wothandizidwa.
  • Thandizo lamagulu v1 latsitsidwa ndipo limayimitsidwa mwachisawawa (kuti muthe, muyenera kutchula SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 pamzere wamalamulo a kernel kuwonjezera pakuyiyambitsa muzokonda za systemd). Kutulutsidwa kotsatira kwa systemd 258 ikukonzekera kuchotsa kwathunthu magulu okhudzana ndi v1. Mtundu wa Systemd 258 wakonzedwanso kuti uchotse chithandizo chazolemba zautumiki wa System V.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster