ProHoster > Blog > talafou initaneti > Systemd system manager fa'amalolo 248

Systemd system manager fa'amalolo 248

A maeʻa le fa masina o le atinaʻe, o loʻo tuʻuina atu le tuʻuina atu o le pule o le systemd 248. O le faʻasalalauga fou e tuʻuina atu ai le lagolago mo ata mo le faʻalauteleina o faʻatonuga o le polokalama, o le /etc/veritytab configuration file, le systemd-cryptenroll utility, tatala LUKS2 faʻaaoga TPM2 chips ma FIDO2 faʻailoga, taʻavale iunite i se vaʻa faʻamaonia IPC, BATMAN protocol mo fesoʻotaʻiga mata, nftables backend mo systemd-nspawn. Systemd-oomd ua faʻamautuina.

Suiga autu:

  • O le manatu o ata Fa'aopoopo Fa'atonu ua fa'atinoina, lea e mafai ona fa'aoga e fa'alautele ai le fa'auluuluga o le /usr/ ma /opt/ directories, ma fa'aopoopo faila fa'aopoopo i le taimi fa'agasolo, e tusa lava pe fa'apipi'i na'o le faitau tusi fa'atonu. A faʻapipiʻi se ata faʻaopoopoina o le polokalama, o mea o loʻo i totonu o loʻo ufiufi ile /usr/ ma /opt/ hierarchy e faʻaaoga ai le OverlayFS.

    O se faʻaoga fou, systemd-sysext, ua tuʻuina atu e faʻafesoʻotaʻi, motusia, vaʻai ma faʻafouina ata o faʻaopoopoga o polokalama. Ina ia otometi ona faʻafesoʻotaʻi ata ua uma ona faʻapipiʻiina i le taimi o le taʻavale, ua faʻaopoopoina le auaunaga systemd-sysext.service. Fa'aopoopoina le "SYSEXT_LEVEL=" parakalafa i le os-release faila e iloa ai le maualuga o fa'aopoopoga o lo'o lagolagoina.

  • Mo iunite, o le ExtensionImages faʻatulagaina ua faʻatinoina, lea e mafai ona faʻaogaina e fesoʻotaʻi ai ata faʻalauteleina o faʻaoga i le FS namespace hierarchy o auaunaga tuʻufua taʻitoʻatasi.
  • Faʻaopoopo /etc/veritytab configuration file e faʻapipiʻi ai faʻamaoniga faʻamatalaga i le poloka poloka e faʻaaoga ai le dm-verity module. O le faila faila e tutusa ma /etc/crypttab - "section_name device_for_data device_for_hashes check_hash_root options." Fa'aopoopo le systemd.verity.root_options kernel command line filifiliga e fa'atulaga amio dm-verity mo le masini a'a.
  • systemd-cryptsetup faʻaopoopo le malosi e aveese ai le PKCS #11 faʻailoga URI ma faʻailoga ki mai le LUKS2 metadata header i le JSON format, faʻatagaina faʻamatalaga e uiga i le tatalaina o se masini faʻailoga e tuʻufaʻatasia i totonu o le masini lava ia e aunoa ma le aofia ai o faila i fafo.
  • systemd-cryptsetup e maua ai le lagolago mo le tatalaina o LUKS2 faʻailoga faʻailoga e faʻaaoga ai TPM2 meataalo ma FIDO2 faʻailoga, faʻaopoopo i faʻailoga PKCS # 11 na lagolagoina muamua. O le utaina o le libfido2 e faia e ala i le dlopen(), i.e. avanoa e siaki i luga o le lele, nai lo le avea o se faʻalagolago faʻalagolago.
  • O filifiliga fou "leai-tusi-faigaluega" ma le "leai-faitau-galuega" ua faaopoopo i /etc/crypttab mo systemd-cryptsetup ina ia mafai ai ona faʻagasolo faʻatasi o le I / O e fesoʻotaʻi ma faʻailoga ma le decryption.
  • O le faʻaogaina o le systemd-repart ua faʻaopoopoina le mafai ona faʻagaoioia vaega faʻailoga e faʻaaoga ai tupe meataalo TPM2, mo se faʻataʻitaʻiga, e fai ai se faʻailoga faʻailoga / var i luga o le seevae muamua.
  • O le systemd-cryptenroll utility ua faʻaopoopoina e fusifusia ai TPM2, FIDO2 ma PKCS # 11 faʻailoga i vaega LUKS, faʻapea foʻi ma le tatalaina ma vaʻai faʻailoga, nonoa ki faʻaagaga ma seti se upu faʻamaonia mo le avanoa.
  • Faʻaopoopo le PrivateIPC parameter, lea e mafai ai e oe ona faʻapipiʻi le faila faila e faʻatautaia ai faʻagasologa i totonu ole avanoa IPC faʻatasi ma a latou lava faʻamatalaga eseese ma faʻasologa o feʻau. Ina ia faʻafesoʻotaʻi se iunite i se avanoa faʻamaonia IPC ua uma ona faia, o le IPCNamespacePath filifiliga ua faʻatulagaina.
  • Fa'aopoopo ExecPaths ma NoExecPaths faatulagaga e fa'ataga ai le fu'a noexec e fa'aoga i vaega patino o le faila faila.
  • systemd-networkd faʻaopoopo le lagolago mo le BATMAN (Better Approach To Mobile Adhoc Networking) mesh protocol, lea e faʻatagaina ai le fausiaina o fesoʻotaʻiga faʻapitoa lea e fesoʻotaʻi ai node taʻitasi e ala i nodes tuaoi. Mo le fa'atulagaina, o le vaega [BatmanAdvanced] i le .netdev, le BatmanAdvanced parakalafa i .network files, ma se ituaiga masini fou "batadv" ua fuafuaina.
  • O le faʻatinoga o le vave tali atu mo le maualalo o le manatua i le systemd-oomd system ua faʻamautuina. Fa'aopoopo le DefaultMemoryPressureDurationSec filifiliga e fa'atulaga ai le taimi fa'atali mo se puna'oa e fa'amatu'u a'o le'i a'afia se iunite. Systemd-oomd faʻaaogaina le PSI (Pressure Stall Information) kernel subsystem ma faʻatagaina oe e iloa le amataga o le tuai ona o le le lava o punaoa ma filifili faʻamutaina faʻagasologa o punaoa i se tulaga e leʻi i ai le faiga i se tulaga ogaoga ma e leai. amata ona tipi fa'amalosi le fa'aoga ma tu'u fa'amaumauga i le vaeluaga.
  • Faʻaopoopo le kernel laina laina laina "aʻa = tmpfs", lea e mafai ai ona e faʻapipiʻi le aʻa vaega i le teuina le tumau i le RAM e faʻaaoga ai Tmpfs.
  • O le /etc/crypttab parameter o loʻo faʻamaonia ai le faila autu e mafai nei ona faʻasino i ituaiga socket AF_UNIX ma SOCK_STREAM. I lenei tulaga, e tatau ona tuʻuina atu le ki pe a faʻafesoʻotaʻi i le socket, lea, mo se faʻataʻitaʻiga, e mafai ona faʻaaogaina e fatu ai auaunaga e tuʻuina atu ai ki.
  • Ole igoa ole igoa ole backback mo le fa'aogaina e le systemd manager ma systemd-hostnamed e mafai nei ona seti i ni auala se lua: e ala ile DEFAULT_HOSTNAME parameter ile os-release ma ala i le $SYSTEMD_DEFAULT_HOSTNAME fesuiaiga o le siosiomaga. systemd-hostnamed e faʻaaogaina foʻi le "localhost" i le igoa talimalo ma faʻaopoopo le gafatia e faʻatau atu le igoa talimalo faʻapea foʻi ma le "HardwareVendor" ma le "HardwareModel" meatotino e ala i DBus.
  • O le poloka o loʻo faʻaalia suiga o le siosiomaga e mafai nei ona faʻapipiʻiina e ala i le filifiliga fou ManagerEnvironment i le system.conf poʻo le user.conf, ma e le gata i le laina o le kernel ma le seti faila faila.
  • I le taimi faʻapipiʻi, e mafai ona faʻaogaina le fexecve() system call e amata ai faiga nai lo le execve() e faʻaitiitia ai le tuai i le va o le siakiina o le saogalemu ma le faʻaaogaina.
  • Mo faila faila, ua faʻaopoopoina le faʻaogaina o le ConditionSecurity=tpm2 ma le ConditionCPUFeature e siaki ai le i ai o masini TPM2 ma gafatia CPU taʻitasi (mo se faʻataʻitaʻiga, ConditionCPUFeature=rdrand e mafai ona faʻaoga e siaki pe lagolagoina e le processor le gaioiga RDRAND).
  • Mo fatu o lo'o avanoa, ua fa'atinoina le fa'atupuina otometi o laulau vala'au mo filiga seccom.
  • Ua fa'aopoopoina le tomai e sui ai fa'amaufa'ailoga fou i totonu o fa'aupuga o lo'o iai nei, e aunoa ma le toe amataina o auaunaga. Suiga e faia i le poloaiga 'systemctl bind ...' ma le 'systemctl mount-image …'.
  • Faʻaopoopo le lagolago mo le faʻamalamalamaina o auala i le StandardOutput ma StandardError faʻatulagaina i le fomu "truncate: » mo le fa'amamaina a'o le'i fa'aogaina.
  • Faʻaopoopo le mafai e faʻatuina se fesoʻotaʻiga i se faʻasalalauga faʻapitoa a le tagata faʻaoga i totonu o se pusa faʻapitonuʻu i sd-bus. Mo se faʻataʻitaʻiga "systemctl -user -M lennart@ start quux".
  • O fa'asologa nei o lo'o fa'atinoina i faila systemd.link i le vaega [So'o]:
    • Promiscuous - faʻatagaina oe e fesuiaʻi le masini i le "fesoʻotaʻiga" mode e faʻagasolo uma ai pusa fesoʻotaʻiga, e aofia ai mea e le o faʻasino i le faiga o loʻo iai nei;
    • TransmitQueues ma ReceiveQueues mo le setiina o numera o laina TX ma RX;
    • TransmitQueueLength e seti ai le tele o le laina TX; GenericSegmentOffloadMaxBytes ma GenericSegmentOffloadMaxSegment mo le setiina o tapulaʻa mo le faʻaogaina o tekinolosi GRO (Generic Receive Offload).
  • Ua faaopoopo tulaga fou i faila systemd.network:
    • [Network] RouteTable e filifili ai se laulau ta'avale;
    • [RoutingPolicyRule] Ituaiga mo le ituaiga auala ("blackhole, "le mafai ona maua", "fa'asa");
    • [IPv6AcceptRA] RouteDenyList ma RouteAllowList mo lisi o faʻasalalauga faʻatagaina ma faʻafitia;
    • [DHCPv6] Fa'aoga Addres e le amana'ia ai le tuatusi na tu'uina mai e le DHCP;
    • [DHCPv6PrefixDelegation] ManageTemporaryAddress;
    • ActivationPolicy e faʻamalamalamaina le faiga faʻavae e uiga i gaioiga faʻaoga (faʻaauau pea UP poʻo lalo setete, pe faʻatagaina le tagata faʻaoga e sui setete ma le "ip link set dev" poloaiga).
  • Faaopoopoina [VLAN] Polokalama, IngressQOSMaps, EgressQOSMaps, ma [MACVLAN] FaasalalaugaMulticastQueueLength filifiliga i faila systemd.netdev e fetuutuunai VLAN packet taulimaina.
  • Taofi le faʻapipiʻiina o le / dev / directory i le noexec mode ona e mafua ai se feteʻenaʻiga pe a faʻaaogaina le fuʻa faʻaogaina ma / dev / sgx faila. Ina ia toe faʻafoʻi le amio tuai, e mafai ona e faʻaogaina le NoExecPaths=/dev seti.
  • O fa'atagaga faila / dev/vsock ua suia i le 0o666, ma o le /dev/vhost-vsock ma le /dev/vhost-net faila ua ave i le vaega kvm.
  • Ua fa'alauteleina le fa'amaumauga ID hardware i le USB fingerprint readers e lagolagoina sa'o le moe.
  • systemd-resolved lagolago faʻaopoopo mo le tuʻuina atu o tali i fesili DNSSEC e ala i se faʻamautu faʻamau. E mafai e tagata fa'apitonu'u ona fa'atino le fa'amaoniga DNSSEC ia i latou lava, a'o fa'atau mai fafo e suitulaga e le suia i le matua DNS server.
  • Faʻaopoopo le CacheFromLocalhost filifiliga i le resolved.conf, pe a seti, systemd-resolved o le a faʻaogaina le faʻaogaina e oʻo lava i valaʻau i le DNS server i le 127.0.0.1 (e ala i le le mafai, caching o ia talosaga e le mafai ona aloese mai le faʻaluaina o le faʻaoga).
  • systemd-resolved faaopoopo le lagolago mo RFC-5001 NSIDs i le DNS resolver i le lotoifale, e mafai ai e tagata faʻatau ona vaʻavaʻai i le va o fegalegaleaiga ma le tagata faʻalotoifale ma le isi DNS server.
  • O le solvectl aoga e faʻaaogaina ai le mafai ona faʻaalia faʻamatalaga e uiga i le puna o faʻamaumauga (cache i le lotoifale, talosaga fesoʻotaʻiga, tali atu i le lotoifale) ma le faʻaogaina o faʻamatalaga pe a lafoina faʻamatalaga. O filifiliga --cache, --synthesize, --network, --zone, --trust-anchor, ma --validate o loʻo tuʻuina atu e pulea ai le faʻagasologa o igoa.
  • systemd-nspawn faʻaopoopo le lagolago mo le faʻatulagaina o se pa puipui e faʻaaoga ai nftables faʻaopoopo i le iptables lagolago o loʻo iai. O le seti IPMasquerade i le systemd-networkd ua faʻaopoopoina le gafatia e faʻaoga ai se backend-based nftables.
  • systemd-localed faʻaopoopo lagolago mo le valaʻau locale-gen e faʻatupu ai nofoaga o loʻo misi.
  • Filifiliga --pager/-no-pager/-json= ua fa'aopoopoina i fa'aoga eseese e mafai ai/fa'agata ai le fa'aogaina o le paging mode ma le gaosiga i le JSON format. Faʻaopoopo le mafai e seti le numera o lanu o loʻo faʻaaogaina i totonu o le laina e ala i le SYSTEMD_COLORS environment variable ("16" poʻo "256").
  • O le fausiaina o lo'o iai fa'asologa o fa'atonuga eseese (vaelua / ma / usr) ma le cgroup v1 lagolago ua fa'agata.
  • Le matai lala i Git ua toe faaigoa mai le 'matai' i le 'autu'.

puna: opennet.ru

Faaopoopo i ai se faamatalaga