Mushure memwedzi mitatu yekuvandudzwa system maneja kuburitswa . Mukuburitswa kutsva, zvinhu zvitsva systemd-homed uye systemd-repart zvinowedzerwa, rutsigiro rweanotakurika mushandisi profiles muJSON fomati inosanganisirwa, kugona kutsanangura nzvimbo dzemazita mu systemd-journald kunopihwa, uye rutsigiro rwe "pidfd" mashandiro anowedzerwa. . Yakagadziridzwa zvachose , iyo inounganidza akawanda ezvinyorwa zviripo uye inopa chiratidzo chitsva.
chikuru :
- Yakawedzerwa sevhisi , iyo inopa manejimendi anotakurika madhairekitori epamba, akaunzwa muchimiro cheakakwikwidzwa mufananidzo faira, iyo data iyo yakavharidzirwa. Systemd-homed inokutendera iwe kuti ugadzire inozvimiririra nharaunda yevashandisi data inogona kutamiswa pakati peasiyana masisitimu pasina kunetseka nezve identifier kuwiriranisa uye kuvanzika. Zviziviso zvemushandisi zvakasungirirwa kudhairekitori repamba pane masisitimu ehurongwa - chimiro chiri mufomati chinoshandiswa panzvimbo ye /etc/passwd, /etc/group uye /etc/shadow. . Kuti uwane rumwe ruzivo, ona systemd-homed.
- Yakawedzera systemd-homed shamwari chikamu "” (“systemd-userb”), inoshandura maakaundi eUNIX/glibc NSS kuita marekodhi eJSON uye inopa Varlink API yakabatana yekubvunza uye kudzokorodza marekodhi. Iyo JSON mbiri ine chekuita nedhairekitori repamba inotsanangura maparamita anodiwa pabasa remushandisi, kusanganisira zita rekushandisa, password hashi, makiyi ekunyorera, quotas, uye zviwanikwa. Iyo mbiri inogona kusimbiswa nedhijitari siginecha yakachengetwa pane yekunze Yubikey tokeni. Kugadzirisa maprofile, iyo "userdbctl" yekushandisa inokurudzirwa. Tsigiro yeJSON profiles yakawedzerwa kune akasiyana-siyana systemd zvikamu, zvinosanganisira systemd-logind uye pam-systemd, inobvumira vashandisi veanotakurika madhairekitori kuti vatende, kupinda mukati, kuseta nharaunda zvinosiyana, kugadzira chikamu, kuseta miganhu, nezvimwe. Mune ramangwana, zvinotarisirwa kuti ssd framework ichakwanisa kuburitsa maJSON profiles ane mushandisi marongero akachengetwa muLDAP.
- Добавлена новая утилита «systemd-repart», предназначенная для переразбивки таблиц дисковых разделов в формате GPT. Структура разделов определяется в декларативной форме через файлы, описывающие какие разделы должны или могут существовать. При каждой загрузке фактическая таблица разделов сравнивается с этими файлами, после чего добавляются недостающие разделы или, если определённый в настройках относительный или абсолютный размер не совпадает, увеличивается размер существующих. Допускаются только инкрементальные изменения, т.е. удаление и сокращение размера невозможно, разделы могут быть только добавлены и увеличены.
Izvo zvinoshandiswa zvakagadzirirwa kutangwa kubva kune initrd uye zvinongoona dhisiki pane iyo midzi yekuparadzanisa iripo, iyo isingade yakawedzera gadziriso, kunze kwemafaira ane tsananguro yekuchinja.Mukuita, systemd-repart inogona kubatsira kune inoshanda sisitimu mifananidzo inogona kutanga kutumirwa mune shoma fomu, uye mushure mekutanga bhutsu inogona kuwedzerwa kusvika kuhukuru hweiyo iripo block mudziyo kana kuwedzeredzwa nekuwedzera partitions (semuenzaniso, mudzi. partition inogona kuwedzerwa kuvhara dhisiki rese kana mushure mekutanga bhutsu kugadzira swap partition kana / kumba). Kumwe kushandiswa kungave zvigadziriso zvine zvikamu zviviri zvinotenderera - chikamu chekutanga chete chinogona kupihwa pekutanga, uye chechipiri chaizogadzirwa pabhutsu yekutanga.
- Izvozvi zvinogoneka kuvhura akati wandei esystemd-journald, imwe neimwe inochengeta matanda munzvimbo yayo yezita. Kuwedzera kune main systemd-journald.service, iyo .service directory inopa template yekugadzira mamwe mamiriro akasungwa kune mazita enzvimbo yavo vachishandisa "LogNamespace" kuraira. Imwe neimwe nzvimbo yezita regi inoshumirwa neyakasarudzika kumashure maitiro ane yayo seti yezvigadziro uye miganhu. Iyo yakarongwa ficha inogona kubatsira pakuyera kuyera nehukuru hukuru hwematanda kana kukwidziridza kusarudzika kwekushandisa. Yakawedzerwa "--namespace" sarudzo kujenalictl kudzikamisa mubvunzo kune yakataurwa nzvimbo yezita chete.
- Systemd-udevd nemamwe masystemd akawedzera tsigiro yemuchina wekugovera mamwe mazita kunetiweki interfaces, zvichibvumira mazita akawanda kushandiswa panguva imwe chete kune imwe interface. Iro zita rinogona kusvika kune 128 mavara (kare, iyo network network zita raingogumira kune gumi nematanhatu mavara). Nekutadza, systemd-udevd ikozvino inopa yega yega network interface ese akasiyana mazita anogadzirwa neanotsigirwa mazita zvirongwa. Maitiro aya anogona kuchinjwa kuburikidza neAlternativeName neAlternativeNamesPolicy marongero mu.link mafaera. systemd-nspawn inoshandisa chizvarwa chemamwe mazita ane zita rakazara remudziyo weveth links dzakagadzirwa padivi rekugamuchira.
- Iyo sd-chiitiko.h API inowedzera tsigiro yeLinux kernel subsystem "pidfd" kubata mamiriro ekushandisa zvakare PID (pidfd inosanganisirwa neimwe nzira uye haishanduke, nepo PID inogona kubatanidzwa neimwe nzira mushure mekuita kwazvino. yakabatana nayo inobuda iyi PID). Zvese systemd zvikamu kunze kwePID 1 zvakashandurwa kuti zvishandise pidfds kana iyo subsystem ichitsigirwa neikozvino kernel.
- systemd-logind inopa cheki yekuwana yeiyo chaiyo terminal shanduko mashandiro kuburikidza nePolicyKit. Nekumisikidza, mvumo yekushandura iyo inoshanda terminal inopihwa chete kune vashandisi vakatanga chikamu pane yemuno chaiyo terminal kamwechete.
- Kuita kuti zvive nyore kugadzira mifananidzo yeinitrd ine systemd, PID 1 handler iye zvino anoona kana initrd iri kushandiswa uye munyaya iyi inotakura initrd.target panzvimbo ye default.target. Neiyi nzira, iyo initrd uye main system mifananidzo inogona kusiyana chete pamberi peiyo /etc/initrd-release faira.
- Yakawedzera mutsva kernel command line parameter - "systemd.cpu_affinity", yakaenzana neCPUAffinity sarudzo mu /etc/systemd/system.conf uye inokubvumira kugadzirisa CPU affinity mask yePID 1 uye mamwe maitiro.
- Yakagonesa kurodha zvakare kweSELinux dhatabhesi pamwe nekutangazve PID 1 kuburikidza nemirairo se "systemctl daemon-reload".
- Iyo "systemd.show-status=error" yekumisikidza yakawedzerwa kune PID 1 mugadziri, kana yaiswa, chete mhosho meseji uye kunonoka kukuru panguva yekurodha kunoratidzwa pane console.
- systemd-sysusers yakawedzera rutsigiro rwekugadzira vashandisi vane zita rekutanga reboka rakasiyana nezita remushandisi.
- systemd-growfs inosuma tsigiro yeXFS partition yekuwedzera kuburikidza ne x-systemd.growfs gomo sarudzo mu /etc/fstab, mukuwedzera kune yaimbotsigirwa partition yekuwedzera neExt4 uye Btrfs.
- Yakawedzera x-initrd.attach sarudzo ku /etc/crypttab kutsanangura iyo encrypted partition yakatovhurwa padanho rekutanga.
- systemd-cryptsetup yakawedzera tsigiro (sarudzo pkcs11-uri mu /etc/crypttab) yekuvhura zvikamu zvakavharidzirwa uchishandisa PKCS#11 smartcards, semuenzaniso wekubatanidza partition encryption kuYubiKeys.
- Zvitsva zvekukwira zvingasarudzwa "x-systemd.required-by" uye "x-systemd.wanted-by" zvawedzerwa ku /etc/fstab kunyatsogadzirisa zvikamu zvinotsanangura ma mount operations anodaidzwa panzvimbo ye local-fs.target uye kure. -fs .target.
- Iyo nyowani sevhisi sandboxing sarudzo yawedzerwa - DziviriroClock, iyo inomisa kunyora kune system wachi (kuwanika kwakavharwa padanho re/dev/rtc, system mafoni uye CAP_SYS_TIME/CAP_WAKE_ALARM mvumo).
- To specification uye systemd-gpt-auto-jenareta yakawedzera kuona kwekuparadzanisa
/var uye /var/tmp. - Mu "systemctl list-unit-files", pakuratidza rondedzero yemayuniti, koramu itsva yakaonekwa inoratidza iyo inogonesa nyika inopihwa mumagadzirirwo emugadziri emhando iyi yeyuniti.
- Sarudzo "-ne-dependencies" yakawedzerwa ku "systemctl", kana yaiswa, mirairo se "systemctl status" uye "systemctl cat" haizoratidzi chete zvikamu zvose zvinoenderana, asiwo zvikamu zvavanovimba nazvo.
- Musystemd-networkd, iyo qdisc kumisikidzwa yakawedzera kugona kugadzirisa iyo TBF (Token Bucket Filter), SFQ (Stochastic Fairness Queuing), CoDel (Kudzora-Kunonoka Active Queue Management) uye FQ (Fair Queue) paramita.
- systemd-networkd yakawedzera rutsigiro rweIFB network zvishandiso ().
- Systemd-networkd inoshandisa iyo MultiPathRoute parameter muchikamu che[Route] kugadzirisa nzira dzakawanda.
- Mu systemd-networkd yeDHCPv4 mutengi, iyo SendDecline sarudzo yakawedzerwa, kana yatsanangurwa, mushure mekugamuchira mhinduro yeDHCP nekero, kudzokororwa kwekero kunoitwa uye kana kukakavara kwekero kwaonekwa, kero yakapihwa inorambwa. Iyo nzira yeRouteMTUBytes yakawedzerwa kune mutengi weDHCPv4, ichikubvumidza kuti uone saizi yeMTU yenzira dzakagadzirwa kubva IP kero bindings (lease).
- Setting yePrefixRoute mu[Kero] chikamu che.network mafaira yarambwa. Yakatsiviwa ne “AddPrefixRoute” marongero, ane chirevo chakapesana.
- Mu .network mafaira, tsigiro yehutsva hutsva "_dhcp" yakawedzerwa kuGadhi rekugadzirisa muchikamu che[Route], kana yaiswa, nzira yakamira inosarudzwa zvichienderana negedhi rakagadzirirwa kuburikidza neDHCP.
- Zvirongwa zvaonekwa mu.network mafaira mu[RoutingPolicyRule]” chikamu
Mushandisi uye SuppressPrefixLength kutsanangura kwainobva nzira yakavakirwa paUID siyana uye prefix saizi. - Mu networkctl, iyo "status" yekuraira inopa kugona kuratidza matanda zvine chekuita kune yega yega network.
- systemd-networkd-wait-online inowedzera tsigiro yekuseta iyo yakanyanya nguva yekumirira kuti interface ishande uye kumirira kuti interface iende pasi.
- Yakamira kugadzirisa .link uye .network mafaira ane chinhu chisina chinhu kana chakataurwa kunze "[Match]" chikamu.
- Mune .link uye .network mafaira, mu "[Match]" chikamu, "PermanentMACAddress" marongero akawedzerwa kuti atarise inogara MAC kero yezvishandiso muchiitiko chekushandisa yakagadzirwa zvisina tsarukano MAC.
- "Chikamu che "[TrafficControlQueueingDiscipline]" mu.network mafaira chapiwa zita rekuti "[NetworkEmulator]", uye "NetworkEmulator" prefix yakabviswa pamazita ezvirongwa zvakabatana.
- systemd-yakagadziriswa yeDNS-pamusoro-TLS inowedzera rutsigiro rwekutarisa SNI.
Source: opennet.ru