ProHoster > Blog > internet nhau > systemd system maneja kuburitswa 253

systemd system maneja kuburitswa 253

Mushure memwedzi mitatu nehafu yebudiriro, kuburitswa kweiyo system maneja systemd 253 yakapihwa.

Pakati pekuchinja mukuburitswa kutsva:

  • Iyo pasuru inosanganisira iyo 'ukify' utility, yakagadzirirwa kuvaka, simbisa uye kugadzira masiginecha emifananidzo yakabatana kernel (UKI, Unified Kernel Image), kusanganisa mubato wekurodha kernel kubva kuUEFI (UEFI boot stub), mufananidzo weLinux kernel uye a sisitimu nharaunda yakarodha mundangariro initrd, inoshandiswa kutanga kutanga pachinhanho usati waisa iyo midzi faira system. Iyo yekushandisa inotsiva iyo yakambopihwa neiyo 'dracut -uefi' murairo uye inoizadzisa nehunyanzvi hwekuverenga otomatiki mafirita mumafaira ePE, kubatanidza initrds, kusaina yakamisikidzwa kernel mifananidzo, kugadzira yakasanganiswa mifananidzo ne sbsign, heuristics yekusarudza kernel uname, kutarisa iyo mufananidzo une splash skrini uye uchiwedzera akasainwa PCR marongero anogadzirwa neiyo systemd-measure utility.
  • Yakawedzerwa tsigiro yenzvimbo dzeinitrd isina kuganhurirwa nekuisa ndangariro, umo overlayfs inoshandiswa panzvimbo yetmpfs. Kune nharaunda dzakadai, systemd haibvise mafaera ese muinitrd mushure mekuchinja iyo midzi faira system.
  • Iyo "OpenFile" paramende yakawedzerwa kumasevhisi ekuvhura mafaera asina kupokana mufaira system (kana kubatanidza kune Unix sockets) uye kupfuudza anosanganisirwa faira anotsanangura kune yakatangwa maitiro (semuenzaniso, kana iwe uchida kuronga kuwana faira kune imwe faira. kusarongeka pasina kushandura kodzero dzekuwana kufaira) .
  • Musystemd-cryptenroll, kana uchinyoresa makiyi matsva, zvinokwanisika kuvhura zvikamu zvakavharidzirwa uchishandisa FIDO2 tokens (-unlock-fido2-device) pasina kuda password. Iyo PIN kodhi yakatsanangurwa nemushandisi inochengetwa nemunyu kuomesa kuona.
  • Yakawedzerwa ReloadLimitIntervalSec uye ReloadLimitBurst marongero, pamwe chete nekernel command line sarudzo (systemd.reload_limit_interval_sec uye /systemd.reload_limit_burst) kudzikamisa kusimba kwekumashure maitiro ekutangazve.
  • Pamayuniti, sarudzo ye "MemoryZSwapMax" yakashandiswa kugadzirisa memory.zswap.max pfuma, iyo inosarudza hukuru hwezswap.
  • Kune mayuniti, iyo "LogFilterPatterns" sarudzo yaitwa, iyo inokutendera iwe kuti uise mataurirwo enguva dzose kusefa ruzivo rwekubuda kune irogi (inogona kushandiswa kusabvisa zvimwe zvinobuda kana kuchengetedza imwe data chete).
  • Zvikamu zvino tsigira iyo "OOMPolicy" kuseta maitiro paunenge uchiedza kufungidzira kana ndangariro dzadzikira (maseji ekupinda anoiswa kuOOMPolicy=enderera kuitira kuti muurayi weOOM arege kuvamisa nechisimba).
  • Rudzi rutsva rwesevhisi rwakatsanangurwa - "Type=notify-reload", iyo inowedzera "Type=notify" mhando nekugona kumirira kuti siginecha yekutanga ipedze kugadzirisa (SIGHUP). Iwo masevhisi systemd-networkd.service, systemd-udevd.service uye systemd-logind akaendeswa kune rudzi rutsva.
  • udev inoshandisa chirongwa chitsva chekupa mazita kunetiweki zvishandiso, mutsauko uri wekuti wemidziyo yeUSB isina kusungirirwa kubhazi rePCI, ID_NET_NAME_PATH yave kuiswa kuti ive nechokwadi chekuti mamwe mazita anofungidzirwa. Mushandisi we'-=' washandiswa paSYMLINK zvinosiyana, zvichisiya zviratidzo zvisina kurongwa kana mutemo wekuawedzera wakambotsanangurwa.
  • Musystemd-boot, iyo yekufambisa yembeu yepseudo-random nhamba jenareta mukernel uye ye disk backend yakagadziridzwa. Yakawedzerwa rutsigiro rwekurodha kernel kwete chete kubva kuESP (EFI System Partition), semuenzaniso, kubva kune firmware kana yakananga QEMU. Parsing yeSMBIOS paramita inopihwa kuti itarise kutanga munzvimbo ye virtualization. Iyo nyowani 'kana-yakachengeteka' modhi yakaitwa umo chitupa cheUEFI Chengetedza Boot chinotakurwa kubva kuESP chete kana ichinzi yakachengeteka (inomhanya mumuchina chaiwo).
  • Iyo bootctl utility inoshandisa chizvarwa che system tokens pane ese EFI masisitimu, kunze kweiyo virtualization nharaunda. Yakawedzerwa 'kernel-identify' uye 'kernel-inspect' mirairo kuratidza kernel mufananidzo rudzi uye ruzivo nezve yekuraira mutsara sarudzo uye kernel vhezheni, 'unlink' kubvisa iyo faira ine chekuita nemhando yekutanga yeboot rekodhi, 'kuchenesa' kubvisa zvese. mafaera kubva ku "entry-token" dhairekitori muESP neXBOOTLDR, isingabatanidzwe nemhando yekutanga yemarekodhi ebhutsu. Kugadziriswa kweiyo KERNEL_INSTALL_CONF_ROOT kusiyanisa kwapihwa.
  • Iyo 'systemctl list-dependencies' command ikozvino inotsigira kugadziriswa kweiyo '--type' uye '--state' sarudzo, uye iyo 'systemctl kexec' murairo unowedzera tsigiro yenharaunda yakavakirwa paXen hypervisor.
  • Mu .network mafaera muchikamu che[DHCPv4], tsigiro yeSocketPriority uye QuickAck, RouteMetric=high|medium|yakaderera sarudzo ikozvino yawedzerwa.
  • Systemd-repart yakawedzera sarudzo "--include-partitions", "--exclude-partitions" uye "--defer-partitions" kusefa zvikamu neUUID mhando, iyo, semuenzaniso, inobvumidza iwe kuvaka mifananidzo mune imwe chikamu chiri. yakavakwa zvichibva pane zviri mune imwe partition . Yakawedzerawo sarudzo "--sector-size" kutsanangura saizi yechikamu chinoshandiswa pakugadzira chikamu. Yakawedzera rutsigiro rweerofs faira rekugadzira. Iyo Minimize kuseta inoshandisa kugadzirisa kweiyo "yakanakisa" kukosha kuti usarudze hudiki hunogoneka saizi yemufananidzo.
  • systemd-journal-remote inobvumira kushandiswa kweMaxUse, KeepFree, MaxFileSize uye MaxFiles marongero kudzikamisa dhisiki nzvimbo yekushandisa.
  • systemd-cryptsetup inowedzera tsigiro yekutumira zvikumbiro zvinobatika kune FIDO2 tokens kuona kuvepo kwavo kusati kwasimbiswa.
  • Mitsva mitsva tpm2-measure-bank uye tpm2-measure-pcr yakawedzerwa kune crypttab.
  • systemd-gpt-auto-jenareta inoshandisa kukwira kweESP uye XBOOTLDR zvikamu mu "noexec, nosuid, nodev" modhi, uye inowedzera accounting yeiyo rootfstype uye rootflags paramita yakapfuura nemutsetse wekernel wekuraira.
  • systemd-resolved inopa kugona kugadzirisa zvigadziriso parameters nekudoma nameserver, domain, network.dns uye network.search_domains sarudzo pamutsara wekuraira kernel.
  • Iyo "systemd-analyze plot" yekuraira ikozvino ine kugona kuburitsa muJSON fomati kana uchitsanangura iyo "-json" mureza. Sarudzo nyowani "--tafura" uye "-no-legend" dzakawedzerwawo kudzora kubuda.
  • Muna 2023, isu tinoronga kugumisa rutsigiro rwemapoka v1 uye kupatsanura dhairekitori hierarchies (apo / usr yakamisikidzwa zvakasiyana kubva pamudzi, kana / bin uye / usr / bin, / lib uye / usr / lib zvakaparadzaniswa).

Source: opennet.ru

Voeg