ProHoster > Blog > internet nhau > systemd system maneja kuburitswa 244

systemd system maneja kuburitswa 244

Mushure memwedzi mitatu yekuvandudzwa yakaunzwa system maneja kuburitswa systemd 244.

Shanduko huru:

  • Yakawedzerwa rutsigiro rwecpuset resource controller yakavakirwa pamapoka v2, iyo inopa nzira yekusunga maitiro kune chaiwo maCPU (iyo "AllowedCPUs" marongero) uye NUMA memory node (iyo "AllowedMemoryNodes" kuseta);
  • Yakawedzerwa tsigiro yekurodha marongero kubva kuSystemdOptions EFI shanduko yesystemd kumisikidza, iyo inokutendera iwe kugadzirisa systemd maitiro mumamiriro ezvinhu apo kuchinja kernel mutsara mutsara sarudzo kunonetsa uye iyo gadziriso kubva ku diski inoverengwa kunonoka (semuenzaniso, kana iwe uchida kugadzirisa sarudzo. zvinoenderana neboka revakuru veboka). Kuti uise shanduko muEFI, unogona kushandisa murairo 'bootctl systemd-efi-options';
  • Yakawedzerwa tsigiro kumayuniti ekurodha marongero kubva kuβ€œ{unit_type}.d/” madhairekitori ane chekuita nemhando dzemayuniti (semuenzaniso, β€œservice.d/”), anogona kushandiswa kuwedzera marongero anovhara mafaera ese emhando yakapihwa pa. kamwe;
  • Kumasevhisi emasevhisi, itsva sandbox isolation mode ProtectKernelLogs yakawedzerwa, iyo inokutendera iwe kuramba kupinda kwechirongwa kune kernel log buffer, inowanikwa kuburikidza nesyslog system call (kuti isavhiringike neAPI yezita rimwe chete rakapihwa mu libc). Kana iyo modhi ikamiswa, kupinda kwekushandisa ku/proc/kmsg, /dev/kmsg uye CAP_SYSLOG kuchavharwa;
  • Kune mayuniti, iyo RestartKillSignal yekumisikidza yakatsanangurwa, iyo inokutendera kuti utsanangure zvakare nhamba yechiratidzo chinoshandiswa kumisa hurongwa panguva yekutanga basa (unogona kushandura maitiro ekumisa maitiro padanho rekugadzirira kutangazve);
  • Iwo "systemctl yakachena" murairo wakagadziridzwa kuti ushandiswe ne socket, gomo, uye chinjanisa zvikamu;
  • Padanho rekutanga rekurodha, zvirambidzo pakusimba kwekubuda kwe kernel yemameseji kuburikidza ne printk call zvinovharwa, izvo zvinobvumira mamwe matanda akazara nezve kufambira mberi kwekurodha kuti aunganidzwe panguva iyo gidhi rekuchengetedza risati rabatana (iyo logi. inounganidzwa mu kernel's ring buffer). Kuisa printk miganho kubva kune kernel yekuraira mutsara inotora pamberi uye inobvumidza iwe kudarika systemd maitiro. Zvirongwa zveSystemd zvinoburitsa zvakananga matanda ku/dev/kmsg (izvi zvinongoitwa kutanga muchikamu chebhutsu) shandisa zvirambidzo zvemukati zvakapatsanurwa kudzivirira kubva kune buffer clog;
  • Iwo 'stop -job-mode=triggering' murairo wakawedzerwa kune systemctl utility, iyo inokubvumira kuti umise zvose zvikamu zvakatsanangurwa pamutsara wekuraira uye zvikamu zvose zvinogona kuidana;
  • Unit state information ikozvino inosanganisira ruzivo rwekufona uye kunzi mayunitsi;
  • Zvinogoneka kushandisa "RuntimeMaxSec" kugadzika mu scope units (kare yaishandiswa chete muzvikamu zvebasa). Semuenzaniso, "RuntimeMaxSec" ikozvino inogona kushandiswa kudzikamisa nguva yezvikamu zvePAM kuburikidza nekugadzirwa kweiyo scope unit.
    kune account yemushandisi. Nguva yakatarwa inogonawo kuiswa kuburikidza ne systemd.runtime_max_sec sarudzo mumiganhu ye pam_systemd PAM module;

  • Yakawedzera boka idzva rehurongwa hwekufona "@pkey", paunenge uchidzikamisa midziyo nemasevhisi, zvichiita kuti zvive nyore kuita whitelist system mafoni ane chekuita nekuchengetedza ndangariro;
  • Yakawedzera "w+" mureza kune systemd-tmpfiles yekunyora mufaira append mode;
  • Yakawedzera ruzivo kune systemd-kuongorora zvinobuda nezve kana iyo kernel memory kumisikidza inowirirana nesystemd marongero (semuenzaniso, kana imwe yechitatu-bato chirongwa chachinja kernel paramita);
  • Iyo "-base-time" sarudzo yakawedzerwa kune systemd-kuongorora, kana yatsanangurwa, data rekarenda rinoverengerwa maererano nenguva inotsanangurwa mune iyi sarudzo, uye isingaenderane neyezvino system nguva;
  • "journalctl -update-catalog" inovimbisa kuenderana mukutevedzana kwezvinhu mune zvinobuda (zvinobatsira pakuronga zvinodzokororwa kuvaka);
  • Yakawedzera kugona kutsanangura kukosha kweiyo "WatchdogSec" kuseta inoshandiswa mumasevhisi esystem. Panguva yekubatanidza, kukosha kwepasi kunogona kutariswa kuburikidza ne "-Dservice-watchdog" sarudzo (kana ikaiswa isina chinhu, murindi anozoremara);
  • Yakawedzera kuvaka sarudzo "-Duser-nzira" yekupfuura $ PATH kukosha;
  • Yakawedzerwa "-u" ("--uuid") sarudzo kune systemd-id128 kuburitsa 128-bit zviziviso muUUID (canonical inomiririra yeUUID);
  • Kuvaka ikozvino kunoda kanenge libcryptsetup vhezheni 2.0.1.

Shanduko dzine chekuita netiweki marongero:

  • Systemd-networkd yakawedzera rutsigiro rwekugadzirisazve chinongedzo pane nhunzi, iyo iyo "reload" uye "reconfigure DEVICE ..." mirairo yakawedzerwa kune networkctl kurodha zvigadziriso uye kugadzirisa zvakare zvishandiso;
  • systemd-networkd yamira kugadzira nzira dzekugara dzepanzvimbo IPv4 link ine intranet kero 169.254.0.0/16 (Link-yemunharaunda) Pakutanga, kugadzira otomatiki nzira dzemanongedzo akadaro kwakakonzera maitiro asingatarisirwe uye matambudziko enzira mune dzimwe nguva. Kudzosa maitiro ekare, shandisa iyo "DefaultRouteOnDevice=hongu" kuseta. Saizvozvo, kupihwa kwenzvimbo IPv6 kero kunomiswa kana yemuno IPv6 routing isina kugoneswa kune chinongedzo;
  • Mu systemd-networkd, kana uchibatanidza kune wireless network mune ad-hoc mode, iyo default configuration inoshandiswa ne-link-local addressing (link-local);
  • Yakawedzerwa parameters RxBufferSiz uye TxBufferSize kugadzirisa saizi yekugamuchira uye kutumira mabhafa eiyo network interface;
  • systemd-networkd inoshandisa kushambadza kweimwe IPv6 nzira, inodzorwa kuburikidza neRoute uye LifetimeSec sarudzo mu[IPv6RoutePrefix] chikamu;
  • systemd-networkd yakawedzera kugona kugadzirisa "inotevera hop" nzira uchishandisa "Gateway" uye "Id" sarudzo mu[NextHop]" chikamu;
  • systemd-networkd uye networkctl yeDHCP inopa on-the-fly updating ye IP address bindings (leases), inoshandiswa ne 'networkctl renew' murairo;
  • systemd-networkd inova nechokwadi chekuti DHCP kumisikidzwa inogadzikiswa panotangazve (shandisa iyo KeepConfiguration sarudzo kuchengetedza marongero). Iko kukosha kwakasarudzika kweiyo SendRelease kuseta yakashandurwa kuita "yechokwadi";
  • Mutengi weDHCPv4 anovimbisa kuti OPTION_INFORMATION_REFRESH_TIME sarudzo yakakosha inotumirwa neseva yashandiswa. Kuti ukumbire sarudzo dzakanangana kubva kuseva, iyo "RequestOptions" paramende inokurudzirwa, uye kutumira sarudzo kune sevha - "SendOption". Kugadzirisa rudzi rwe IP sevhisi nemutengi weDHCP, iyo "IPServiceType" parameter yakawedzerwa;
  • Kutsiva rondedzero yeSIP (Session Initiation Protocol) maseva eDHCPv4 maseva, iyo "EmitSIP" uye "SIP" paramita yawedzerwa. Padivi remutengi, kugamuchira SIP paramita kubva kuseva kunogona kugoneswa uchishandisa "UseSIP = hongu" kuseta;
  • Yakawedzera "PrefixDelegationHint" parameter kune DHCPv6 mutengi kukumbira prefix yekero;
  • .network mafaira anopa tsigiro yekugadzira mawaya network neSSID neBSSID, semuenzaniso kusungira kune zita rekuwana nzvimbo uye kero yeMAC. Iyo SSID uye BSSID kukosha inoratidzwa mune networkctl inobuda kune isina waya nzvimbo. Pamusoro pezvo, kugona kufananidza neasina waya network mhando yakawedzerwa (WLANInterfaceType parameter);
  • systemd-networkd yakawedzera kugona kugadzirisa mitsara yekudzora traffic uchishandisa mitsva yeParent paramita,
    NetworkEmulatorDelaySec, NetworkEmulatorDelayJitterSec,
    NetworkEmulatorPacketLimit uye NetworkEmulatorLossRate,
    NetworkEmulatorDuplicateRate muchikamu che[TrafficControlQueueingDiscipline]";

  • systemd-yakagadziriswa inopa kusimbiswa kweiyo IP kero muzvitupa paunenge uchivaka neGnuTLS.

udev inoenderana shanduko:

  • Systemd-udevd yabvisa iyo 30 yechipiri nguva yekumanikidza kumanikidza vanobata bata kuti vamise. Systemd-udevd ikozvino inomirira kupedzwa kwevabati izvo masekonzi makumi matatu akange asina kukwana kupedzisa mashandiro kazhinji mukuisa kwakakura (somuenzaniso, nguva yekumira inogona kukanganisa kutanga kwemutyairi panguva yekuchinja kwakaiswa partition yemudzi faira system). Paunenge uchishandisa systemd, nguva yekupera iyo systemd-udevd ichamirira isati yabuda inogona kusetwa kuburikidza neTimeoutStopSec kuseta mu systemd-udevd.service. Paunenge uchimhanya usina systemd, nguva yekubuda inodzorwa neudev.event_timeout parameter;
  • Yakawedzera fido_id chirongwa cheudev, icho chinozivisa FIDO CTAP1 tokens
    ("U2F")/CTAP2 yakavakirwa padheta pamusoro pekushandisa kwavo kwekare uye inoratidza inodiwa nharaunda chinja (chirongwa chinokubvumira kuti uite pasina ekunze machena mazita eese anozivikanwa tokeni akashandiswa kare);

  • Yakamisikidzwa otomatiki chizvarwa cheudev autosuspend mitemo yezvishandiso kubva kune chena rondedzero inotengeswa kubva kuChromium OS (iyo shanduko inobvumidza iwe kuwedzera mashandisiro emagetsi ekuchengetedza mamodhi kune mamwe maturusi);
  • Iyo nyowani "CONST{kiyi} = kukosha" kuisirwa kwawedzerwa kune udev kubvumidza mappings esystem anogara achikosha pasina kumhanya akasiyana cheki macheki. Parizvino chete "arch" uye "virt" makiyi anotsigirwa;
  • Yakagonesa CDROM kuti ivhure mune isiri-yakasarudzika modhi paunenge uchiita chikumbiro chemodhi dzinotsigirwa (shanduko inogadzirisa matambudziko nemapurogiramu ekuwana CDROM uye inoderedza njodzi yekuvhiringwa kwemadhisiki ekunyora zvirongwa zvisingashandisi yakasarudzika nzira yekuwana).

Source: opennet.ru

Voeg