ProHoster > Blog > internet nhau > systemd system maneja kuburitswa 249

systemd system maneja kuburitswa 249

Mushure memwedzi mitatu yekuvandudzwa, kuburitswa kwehurongwa hwemaneja systemd 249. Kuburitswa kutsva kunopa kugona kutsanangura vashandisi / mapoka muJSON fomati, inodzikamisa Journal protocol, inorerutsa sangano rekurodha zvinoteedzana disk partitions, inowedzera kugona batanidza zvirongwa zveBPF kumasevhisi, uye zvinoshandisa zviziviso zvemepu vashandisi muzvikamu zvakaiswa, chikamu chikuru chezvirongwa zvitsva zvetiweki uye mikana yekuvhura midziyo inopihwa.

Shanduko huru:

  • Iyo Journal protocol yakanyorwa uye inogona kushandiswa muvatengi panzvimbo ye syslog protocol yekuendeswa kwenzvimbo kwemarekodhi. Iyo Journal protocol yakaitwa kwenguva yakareba uye yakatoshandiswa mune mamwe maraibhurari evatengi, zvisinei, tsigiro yayo yepamutemo ichangobva kuziviswa.
  • Userdb uye nss-systemd inopa rubatsiro rwekuverenga mamwe matsanangudzo emushandisi ari mu /etc/userb/, /run/userb/, /run/host/userb/ uye /usr/lib/userb/ madhairekitori, anotsanangurwa muJSON fomati. Zvinocherechedzwa kuti iyi ficha ichapa imwe nzira yekugadzira vashandisi muhurongwa, ichipa iyo yakazara kubatanidzwa neNSS uye /etc/shadow. Rutsigiro rweJSON rwemashandisirwo emushandisi/boka runobvumirawo akasiyana siyana manejimendi uye mamwe marongero kuti abatanidzwe kune vashandisi iyo pam_systemd uye systemd-logind inoziva.
  • nss-systemd inopa synthesis yevashandisi / boka rekupinda mukati /etc/mumvuri uchishandisa hashed passwords kubva systemd-homed.
  • Imwe nzira yakaitwa iyo inorerutsa kurongeka kwezvigadziriso uchishandisa disk partitions inotsiva imwe neimwe (imwe chikamu chiri kushanda, uye chechipiri chasara - iyo inogadziridza inokopwa kune yakasarudzika partition, mushure meiyo inoshanda). Kana paine maviri midzi kana / usr partitions mudhisiki mufananidzo, uye udev haina kuona kuvapo kweiyo 'mudzi =' parameter, kana iri kugadzirisa disk mifananidzo inotsanangurwa kuburikidza ne "--image" sarudzo mu systemd-nspawn uye systemd. -dissect utilities, iyo boot partition inogona kuverengerwa nekuenzanisa mavara eGPT (uchifunga kuti GPT label inotaura nhamba yevhezheni yezviri mukati uye systemd ichasarudza kupatsanurwa neazvino shanduko).
  • Iyo BPFProgram yekumisikidza yakawedzerwa kune mafaera esevhisi, ayo iwe aunogona kuronga nawo kurodha kweBPF zvirongwa mu kernel uye wozvibata nekuzvisunga kune chaiyo systemd masevhisi.
  • Systemd-fstab-jenareta uye systemd-repart inowedzera kugona kubhutsu kubva kumadhisiki anongove ne / usr partition uye isina midzi partition (iyo midzi yekuparadzanisa ichagadzirwa nesystemd-repart panguva yekutanga boot).
  • Musystemd-nspawn, iyo "--yakavanzika-mushandisi-chown" sarudzo yakatsiviwa neinonyanya generic "--yakavanzika-mushandisi-muridzi" sarudzo, iyo inogona kugamuchira "chown" kukosha seyakaenzana ne "-- private-user-chown", "off" kudzima kuseta kwekare, "mepu" kumepu maID ID pamafaira akaiswa uye "otomatiki" kusarudza "mepu" kana mashandiro anodiwa aripo mukernel (5.12+) kana dzokera kumashure. kune inodzokororwa kufona kuti "chown" neimwe nzira. Uchishandisa mepu, unogona mepu mafaera emumwe mushandisi pane yakamisikidzwa yekunze kune mumwe mushandisi pane yazvino system, zvichiita kuti zvive nyore kugovera mafaera pakati pevashandisi vakasiyana. Mune iyo systemd-homed inotakurika dhairekitori repamba, mepu inobvumira vashandisi kutamisa madhairekitori epamba kune ekunze midhiya uye voashandisa pamakomputa akasiyana asina akafanana mushandisi ID.
  • Musystemd-nspawn, iyo "-yakavanzika-mushandisi" sarudzo ikozvino inogona kushandisa kukosha kwe "identity" kuratidza zvakananga maID emushandisi paunenge uchigadzira zita remushandisi, kureva. UID 0 uye UID 1 mumudziyo inozoratidzwa muUID 0 uye UID 1 padivi rekugamuchira, kuderedza kurwisa mavector (mudziyo unongogamuchira maitiro ekuita munzvimbo yayo yezita).
  • Iyo "--bind-user" sarudzo yakawedzerwa kune systemd-nspawn kuendesa mushandisi account iripo munzvimbo inotambira kumudziyo (dhairekitori repamba rakaiswa mumudziyo, mushandisi/boka rekupinda rinowedzerwa, uye UID mepu. inoitwa pakati pemudziyo nenzvimbo yekutambira).
  • Yakawedzerwa rutsigiro rwekukumbira kuseta mapassword kune systemd-bvunza-password uye systemd-sysusers (passwd.hashed-password. uye passwd.plaintext-password. ) uchishandisa mashandiro akaunzwa musystemd 247 kuendesa zvakachengeteka data rakavanzika uchishandisa epakati mafaera mune imwe dhairekitori. Nekutadza, zvitupa zvinogamuchirwa kubva mukuita nePID1, iyo inovagamuchira, semuenzaniso, kubva kune mudziyo maneja maneja, iyo inobvumidza iwe kugadzirisa password yemushandisi pane yekutanga boot.
  • systemd-firstboot inowedzera tsigiro yekushandisa yakachengeteka yekuchinjisa data data meshini kubvunza akasiyana masisitimu ma paramita, ayo anogona kushandiswa kutanga masisitimu ehurongwa paunotanga kubhowa mufananidzo wemudziyo usina zvigadziriso zvinodiwa mu /etc dhairekitori.
  • Iyo PID 1 maitiro anovimbisa kuti zvese zita reyuniti uye tsananguro zvinoratidzwa panguva yebhutsu. Unogona kushandura zvinobuda kuburikidza ne “StatusUnitFormat=combined” parameter mu system.conf kana kernel command line sarudzo “systemd.status-unit-format=combined”
  • Iyo "--image" sarudzo yakawedzerwa kune systemd-muchina-id-setup uye systemd-repart zvinoshandiswa kuendesa faira ine muchina id kudhisiki mufananidzo kana kuwedzera saizi yemufananidzo wedhisiki.
  • A MakeDirectories parameter yakawedzerwa kune iyo partition yekumisikidza faira inoshandiswa nesystemd-repart utility, iyo inogona kushandiswa kugadzira zvisina tsarukano madhairekitori muyakagadzirwa faira system isati yaratidzwa mutafura yekugovera (semuenzaniso, kugadzira madhairekitori enzvimbo dzekukwira mukati. iyo midzi yekuparadzanisa kuitira kuti iwe ugone kusimudza chikamu mukuverenga-chete modhi). Kuti udzore mireza yeGPT muzvikamu zvakagadzirwa, iwo anowirirana Mireza, ReadOnly uye NoAuto paramita akawedzerwa. Iyo CopyBlocks paramende ine kukosha kwe "otomatiki" kuti uzvisarudzire yazvino boot partition sesosi kana uchikopa zvidhinha (semuenzaniso, kana iwe uchida kuendesa yako wega midzi yekugovera kune mitsva midhiya).
  • GPT inoshandisa "grow-file-system" mureza, iyo yakafanana ne x-systemd.growfs gomo sarudzo uye inopa otomatiki kuwedzera kwehukuru hweFS kusvika kumiganhu yebhuroka mudziyo kana saizi yeFS iri diki pane kupatsanurwa. Mureza unoshanda kune Ext3, XFS uye Btrfs faira masisitimu, uye inogona kuiswa kune inongoonekwa zvikamu. Mureza unogoneswa nekusarudzika kune zvinonyorwa zvikamu zvinogadzirwa otomatiki kuburikidza nesystemd-repart. Iyo GrowFileSystem sarudzo yakawedzerwa kugadzirisa mureza mu systemd-repart.
  • Iyo /etc/os-release faira inopa rutsigiro rweIMAGE_VERSION uye IMAGE_ID madhizaini kuti aone vhezheni uye ID yemifananidzo yakagadziridzwa atomu. Iwo % M uye % A anotsanangurwa anotsanangurwa kutsiva akatarwa kukosha mumirairo yakasiyana.
  • Iyo "--extension" parameter yakawedzerwa kune inotakurikactl yekushandisa kuti ivhure inotakurika system yekuwedzera mifananidzo (semuenzaniso, kuburikidza navo unogona kugovera mifananidzo nemamwe masevhisi akabatanidzwa muchikamu chemidzi).
  • Iyo systemd-coredump utility inobvisa ELF yekuvaka-id ruzivo kana ichigadzira yakadzika kurasira maitiro, ayo anogona kubatsira pakuona kuti ndeipi package inotadza kuita ndeye kana ruzivo nezve zita uye vhezheni yedeb kana rpm mapakeji akavakwa muELF. mafaira.
  • Iyo itsva hardware base yeFireWire (IEEE 1394) zvishandiso yakawedzerwa kune udev.
  • Muudev, shanduko nhatu dzakawedzerwa kune "net_id" network yekusarudza zita chirongwa chinotyora kuenderana kumashure: mavara asina kururama mumazita ekubatanidza atsiviwa ne "_"; PCI hotplug slot mazita e s390 masisitimu anogadziriswa mune hexadecimal fomu; Iko kushandiswa kweanosvika 65535 yakavakirwa-mukati PCI zvishandiso zvinobvumidzwa (kare nhamba dziri pamusoro pe16383 dzakavharwa).
  • systemd-resolved inowedzera "home.arpa" domain kune iyo NTA (Negative Trust Anchors) runyorwa, iyo inokurudzirwa kune emuno network network, asi isingashandiswe muDNSSEC.
  • Iyo CPUAffinity parameter inopa parsing ye "%" specifiers.
  • A ManageForeignRoutingPolicyRules parameter yawedzerwa ku .network mafaira, ayo anogona kushandiswa kusabatanidza systemd-networkd kubva pakugadziridza mitemo yechitatu-party routing.
  • The RequiredFamilyForOnline parameter yakawedzerwa kune ".network" mafaira kuti uone kuvapo kweIPv4 kana IPv6 kero sechiratidzo chokuti network interface iri mu "online" state. Networkctl inopa chiratidziro che "online" chimiro chese chinongedzo.
  • Yakawedzerwa OutgoingInterface parameter ku .network mafaira kutsanangura zvinobuda kunze kana uchigadzira mabhiriji etiweki.
  • A Group parameter yakawedzerwa ku ".network" mafaira, zvichiita kuti iwe ugadzire Multipath boka rezvinyorwa mu[NextHop]" chikamu.
  • Yakawedzerwa sarudzo "-4" uye "-6" kune systemd-network-kumirira-online kudzikamisa kubatana kunomirira IPv4 kana IPv6 chete.
  • A RelayTarget parameter yakawedzerwa kune iyo DHCP server marongero, iyo inoshandura sevha kuenda kuDHCP Ralay modhi. Kuti uwedzere kugadziridzwa kweDHCP relay, iyo RelayAgentCircuitId uye RelayAgentRemoteId sarudzo dzinopihwa.
  • Iyo ServerAddress parameter yakawedzerwa kune server yeDHCP, ichikutendera kuti uise zvakajeka sevha IP kero (zvikasadaro kero inosarudzwa otomatiki).
  • Sevha yeDHCP inoshandisa [DHCPServerStaticLease] chikamu, icho chinokutendera kuti ugadzirise static kero bindings (DHCP leases), uchitsanangura yakatarwa IP bindings kumakero eMAC uye zvichipesana.
  • Iyo RestrictAddressFamilies marongero anotsigira kukosha kwe "hapana", zvinoreva kuti sevhisi haizowana zvigadziko zvechero mhuri yekero.
  • Muchikamu che ".network" mu[Kero], [DHCPv6PrefixDelegation] uye [IPv6Prefix], tsigiro yeRouteMetric setting inoitwa, iyo inokubvumira kuti utaure metric yeprefix yenzira yakagadzirwa nokuda kwekero yakatarwa.
  • nss-myhostname uye systemd-yakagadziriswa inopa synthesis yeDNS marekodhi ane kero yevatenzi vane zita rakakosha "_outbound", iyo iyo IP yemuno inogara ichiburitswa, inosarudzwa maererano neyakagadzika nzira dzinoshandiswa painobuda.
  • Mu .network mafaera, muchikamu che[DHCPv4]”, pakaiswa marongero eRoutesToNTP anogara aripo, izvo zvinoda kuwedzera imwe nzira kuburikidza netiweki interface iripo kuti uwane kero yeNTP server yakawanikwa pachishandiswa DHCP (yakafanana neDNS. , marongero anobvumidza iwe kuvimbisa kuti traffic kune NTP server ichafambiswa kuburikidza neiyo interface yakagamuchirwa iyi kero).
  • Yakawedzera SocketBindAllow uye SocketBindDeny marongero ekudzora kupinda kune zvigadziko zvakasungwa kune yazvino sevhisi.
  • Kune mafaira emayuniti, mamiriro ekugadzirisa anonzi ConditionFirmware akaiswa, izvo zvinokubvumira kuti ugadzire cheki dzinoongorora mabasa e firmware, zvakadai sekushanda paUEFI uye device.tree systems, pamwe nekutarisa kuenderana nemamwe maitiro emuti-muti.
  • Yakaita iyo ConditionOSRelease sarudzo yekutarisa minda mu /etc/os-release faira. Pakutsanangura mamiriro ekutarisa maitiro emunda, vashandisi "=", "! =", "<", "<=", ">=", ">" vanogamuchirwa.
  • Mune iyo hostnamectl utility, mirairo senge "get-xyz" uye "set-xyz" inosunungurwa kubva kune "tora" uye "set" prefixes, semuenzaniso, pachinzvimbo che "hostnamectl get-hostname" uye "hostnamectl "set-hostname" unogona kushandisa murairo "hostnamectl hostname" ", kugoverwa kwehuwandu hunotsanangurwa nekutsanangura imwe nharo ("hostnamectl hostname value"). Tsigiro yemirairo yekare yakachengetwa kuti ive nechokwadi chekuenderana.
  • Iyo systemd-detect-virt utility uye iyo ConditionVirtualization yekumisikidza inova nechokwadi chekuzivikanwa chaiko kweAmazon EC2 nharaunda.
  • Iyo LogLevelMax yekumisikidza mumafaira emayuniti ikozvino haishande chete kulogi mameseji anogadzirwa nesevhisi, asiwo kuPID 1 maitiro mameseji anotaura nezvesevhisi.
  • Inopa kugona kusanganisa SBAT (UEFI Yakachengeteka Boot Advanced Targeting) data mu systemd-boot EFI PE mafaera.
  • /etc/crypttab inoshandisa sarudzo nyowani "isina musoro" uye "password-echo" - yekutanga inokutendera kuti usvetuke zvese zvinongedzo zvine chekuita nekukurudzira kwepassword uye maPIN kubva kumushandisi, uye yechipiri inobvumidza iwe kugadzirisa nzira yekuratidzira password. (kusaratidza chinhu, ratidza chimiro nehunhu uye ratidza asterisks). Iyo "--echo" sarudzo yakawedzerwa kune systemd-bvunza-password nekuda kwezvinangwa zvakafanana.
  • systemd-cryptenroll, systemd-cryptsetup, uye systemd-homed yakawedzera rutsigiro rwekuvhura encrypted LUKS2 partitions uchishandisa FIDO2 tokens. Yakawedzera sarudzo nyowani "--fido2-ine-mushandisi-huvepo", "--fido2-ine-mushandisi-kusimbisa" uye "-fido2-ine-mutengi-pini" kudzora mushandisi kuvepo kwemuviri kutariswa, kuongorora uye kukosha kwekupinda. PIN code.
  • Yakawedzerwa "--mushandisi", "--system", "--merge" uye "--file" sarudzo kune systemd-journal-gatewayd, yakafanana nesarudzo yejenalictl.
  • Pamusoro pekutsamira kwakananga pakati pemayuniti anotsanangurwa kuburikidza neOnFailure uye Slice paramita, tsigiro yeyakasiyana-siyana inotsamira OnFailureOf uye SliceOf yakawedzerwa, iyo inogona kubatsira, semuenzaniso, pakuona ese mayuniti akasanganisirwa muchidimbu.
  • Yakawedzera mhando nyowani dzekutsamira pakati pemayuniti: OnSuccess uye OnSuccessOf (zvakapesana neOnFailure, zvinodaidzwa pakupedzwa kwakabudirira); PropagatesStopTo uye StopPropagatedFrom (inobvumidza iwe kuparadzira chiitiko chekumira kweyuniti kune chimwe chikamu); Kutsigira uye KutsigiraBy (imwe nzira yeKutangazve).
  • Iyo systemd-bvunza-password utility ikozvino ine "--emoji" sarudzo yekudzora kutaridzika kwechiratidzo chekuvhara (🔐) mumutsara wekuisa password.
  • Akawedzera zvinyorwa pane systemd source muti chimiro.
  • Kune mayunitsi, MemoryAvailable pfuma yakawedzerwa, inoratidza kuti yakawanda sei ndangariro iyo unit yasara isati yasvika pamuganhu wakatemerwa kuburikidza neMemoryMax, MemoryHigh kana MemoryAvailable parameters.

Source: opennet.ru

Voeg