ProHoster > Blog > internet nhau > systemd system maneja kuburitswa 257

systemd system maneja kuburitswa 257

Mushure memwedzi mitanhatu yebudiriro, kuburitswa kwemaneja systemd 257 kwakaunzwa: zvitsva zvinoshandiswa systemd-sbsign uye systemd-keyutil, rutsigiro rweMPTCP kana yaitwa pamusoro pesokisi, yekutanga rutsigiro rwekuvaka neMusl C raibhurari. updatectl utility yekugadzirisa kuisirwa kwezvigadziriso kuburikidza nesystemd-sysupdate, kugona kuvhura masevhisi munzvimbo dzakasiyana dzePID mazita, dziviriro pakudzimwa kwemafaira netsaona kana uchishandisa "systemd-tmpfiles -purge".

Pakati pekuchinja mukuburitswa kutsva:

  • Добавлена новая утилита systemd-sbsign для заверения цифровой подписью исполняемых файлов в формате PE (Portable Executable), предназначенных для использования при загрузке в режиме EFI Secure Boot. Для формирования подписи могут использоваться движки и провайдеры, предоставляемые библиотекой OpenSSL. Systemd-sbsign может применяться в качестве альтернативы приложениям sbsigntool и pesign в утилите ukify при формировании универсальных образов ядра UKI (Unified Kernel Image), объединяющих в одном файле загрузчик для UEFI (UEFI boot stub), образ ядра Linux uye nharaunda ye initrd system yakaiswa mundangariro.
  • Chishandiso chitsva, systemd-keyutil, chawedzerwa chinoshandisa mashandiro akasiyana-siyana pamakiyi ega uye zvitupa zveX.509. Semuenzaniso, systemd-keyutil inogona kushandiswa kuyedza kugona kurodha makiyi ega uye zvitupa, uye kubvisa makiyi eruzhinji kubva kwavari muPEM fomati.
  • Mu ".socket" units dzinoshandiswa kuona kuti socket activation mechanism inoshanda sei (kutanga maitiro ekuedza kugadzira network connection), rutsigiro rwunoiswa paMPTCP (Multipath TCP), kuwedzera kweTCP protocol yekuronga mashandiro eTCP connection nekuendeswa kwemapaketi panguva imwe chete munzira dzakasiyana-siyana kuburikidza ne network interfaces dzakasiyana dzakasungirirwa kune dzakasiyana. Kero dze IP.
  • Inosanganisira shanduko dzinodiwa kuvaka uchishandisa yakajairwa Musl C raibhurari.
  • В различные компоненты systemd, выводящие индикаторы прогресса выполнения операций (например, systemd-repart, systemd-sysupdate/updatectl и importctl), добавлена возможность использования ANSI-последовательностей для анимирования отображения прогресса. Подобные последовательности пока поддерживаются только в Windows Terminal (предполагается, что со временем подобная возможность будет перенесена и в эмуляторы терминалов для Linux).
  • Kugona kweiyo systemd-sysupdate chikamu kwakawedzerwa, kushandiswa kuona otomatiki, kurodha nekuisa zvigadziriso uchishandisa atomu nzira yekutsiva zvikamu, mafaera kana madhairekitori (aviri akazvimirira mapartitions/mafaira/dhairekitori anoshandiswa, imwe yacho ine basa razvino. resource, uye imwe inoisa inotevera) inogadziridza, mushure mezvo zvikamu / mafaera / madhairekitori anochinjika). Mukuita, systemd-sysupdate yakatoshandiswa muGNOME OS.

    Pamusoro peiyo systemd-sysupdate maitiro, sevhisi yezita rimwe chete yakawedzerwa iyo inobvumira D-Bhazi kuti ishandiswe kugadzirisa sisitimu inogadziridzwa nemushandisi asina rombo. Kuti utore sevhisi, itsva updatectl utility inosanganisirwawo. Yakawedzera "-offline" mureza kune systemd-sysupdate kudzima kudhawunirodha metadata panetiweki uye shandisa chete shanduro dzakatodhaunirodha kune yemuno system. Yakawedzerwa rutsigiro rwekubuda muJSON fomati yemirairo yese.

  • Chivakwa chitsva "PrivatePIDs" chakaitwa kumasevhisi, chaunogona kuronga kuvhurwa kwemaitiro nePID 1 (init process) mune yakaparadzana process identifier space (PID namespace). Munzvimbo yakasikirwa maitiro akatangwa, maitiro chete kubva kune namespace akagadzirirwa ayo anozoonekwa.
  • Yakawedzera tsigiro yekesi-isinganzwe machisi kumitemo yeudev (semuenzaniso 'ATTR{foo}==i»abcd»'). Uchishandisa udev, zvinogoneka kupa vashandisi venzvimbo vasina mukana wekuwana ("uaccess") kune /dev/udmabuf mudziyo, inodiwa pakushanda neIPMI kamera kuburikidza ne libcamera. udev inopa kucherechedzwa kweakasiyana hardware crypto wallet ane USB interface uye kuseta iyo ID_HARDWARE_WALLET chivakwa kwavari, izvo zvinokutendera kuti uise iyo "uaccess" modhi kwavari kuti vawane nevashandisi vasina rombo.
  • Minda mitsva RELEASE_TYPE, EXPERIMENT uye EXPERIMENT_URL yawedzerwa ku /etc/os-release file. "RELEASE_TYPE" inogona kutora kukosha "kuyedza", "budiriro", "yakagadzika" uye "lts" kuparadzanisa shanduro dzakagadzikana kubva mukusimudzira uye kuyedza kuvaka. Iyo EXPERIMENT uye EXPERIMENT_URL maparamita anoitirwa kutsanangura musimboti wechiyedzo chivakwa.
  • The run0 utility, yakagadziridzwa sechinotsiva sudo chirongwa, yakawedzera iyo "--shell-prompt-prefix" sarudzo, iyo inotsanangudza tambo yekutanga yekuraira shell prompt. Nekumisikidza, iyo emoji "🦸" inoratidzwa senge prefix kuratidza nekuona chikamu chakakwirira.
  • Musystemd-tmpfiles, kudzivirira kudzima mafaira asiri iwo netsaona, sarudzo ye "--purge" inongoshanda kumaseting ari mutmpfiles.d/ ane "$" mureza akaiswa pachena. Iko "--purge" kushanda zvakare ikozvino kunoda kutsanangura kamwechete faira kubva ku tmpfiles.d/ directory. Kune tambo dzine 'L' mhando, iyo '?'
  • Mune maneja wesevhisi uye zvine hukama zvinoshandiswa, iyo nzira yekutevera kodhi inoramba ichishandurwa kuti ishandise PIDFD pachinzvimbo chePID. A PIDFD inosanganiswa neimwe nzira uye haishanduki, nepo PID inogona kubatanidzwa neimwe nzira mushure mekuita kwazvino kunobatanidzwa neiyo PID inoguma.
  • Kune masevhisi, zvinogoneka kutsanangura kukosha kwe "debug" mu "RestartMode" parameter, umo iyo yakakundikana sevhisi ichatangwa patsva nedebug modhi yakagoneswa (iyo nharaunda inoshanduka DEBUG_INVOCATION=1 yakaiswa), uye iyo LogLevelMax kukosha ichave. yakasimudzwa kwenguva pfupi kusvika padanho rekugadzirisa.
  • Iyo PID 1 inobata inokwanisa kurodha mitemo yeIPE (Integrity Policy Enforcement) LSM module, iyo inotsanangura mutemo wekutendeseka wehurongwa hwese (iyo mashandiro anotenderwa uye kuti chokwadi chezvikamu chinofanira kusimbiswa sei).
  • Iyo "DeferReactivation" sarudzo yakawedzerwa kune ".timer" unit mafaira, iyo inokubvumira kuti usvetuke inotevera timer activation kana sevhisi isati yapedza kuurayiwa kwayo kubva pakuita kwekupedzisira.
  • MuPrivateUsers unit file parameter, zvave kuita kutsanangura kukosha kwe "identity" kugonesa mepu yemaID evashandisi paunenge uchigadzira zita remushandisi.
  • Yakawedzerwa tsigiro yeiyo "yakabviswa" kukosha kune PrivateTmp unit faira parameter, iyo inoshandisa yakaparadzana tmpfs zviitiko zveiyo /tmp/ uye /var/tmp/ madhairekitori.
  • Tsigiro ye "yakavanzika" uye "yakasimba" modhi yakawedzerwa kune ProtectControlGroups unit faira parameter, kana yaiswa, itsva cgroup namespace inogadzirwa sevhisi uye cgroupfs inoiswa. Kana iyo "yakasimba" sarudzo yaiswa, cgroupfs inoiswa mukuverenga-chete modhi.
  • Iyo StateDirectory, RuntimeDirectory, CacheDirectory, LogsDirectory uye ConfigurationDirectory paramita inopa kugona kushandisa iyo ':ro' mureza kurambidza kupinda kune anoenderana madhairekitori ekuverenga-chete modhi.
  • Yakawedzerwa tsigiro ye "firmware" kukosha kune "systemd.machine_id" kernel command line parameter, umo iyo system identifier (ID yemuchina) ichaverengerwa zvichienderana neUUID kubva kuSMBIOS/DeviceTree.
  • Добавлена поддержка системных вызовов mseal(), listmount() и statmount(), появившихся в недавних выпусках ядра Linux.
  • Iyo solvectl, timedatectl uye systemd-inhibit zvishandiso zvino zvinotsigira mvumo inopindirana uchishandisa Polkit.
  • Yakawedzera kugona kushandisa iyo "--zvino" mureza mune "reenable" kuraira kune systemctl utility.
  • Yakawedzerwa "--json" sarudzo kune systemd-mount utility yekubuda muJSON fomati (semuenzaniso, kana yatsanangurwa pamwe ne "-list-devices", runyoro rwemidziyo ichabuda muJSON fomati).
  • Yakawedzera "-l" uye "--full" sarudzo kune "localectl" zvinoshandiswa kudzima kudimburira kwemitsara mirefu panguva yekubuda.
  • Iyo HibernateOnACPower sarudzo yakawedzerwa kune sleep.conf, iyo inokutendera kuti unonoke kuchinjika kuhope mode kusvikira mudziyo wabviswa kubva kune yakamira simba sosi.
  • Mune systemd-sysusers, tsigiro ye "!" modifier yakawedzerwa kune "u" mitsara, iyo iwe yaunogona kugadzira yakakiyiwa zvachose maakaundi emushandisi (kare, kuseta password isiriyo yaishandiswa kuvharira mushandisi, iyo, semuenzaniso, haina kutungamira kuvharira panguva yekusimbisa kiyi muSSH).
  • Systemd-coredump inowedzera iyo "EnterNamespace" sarudzo inobvumira kupinda kunzvimbo yekukwira yenzvimbo chero ipi zvayo yakaputsika kuti vawane zviratidzo zvekugadzirisa. Mukuita, iyo sarudzo inogona kubatsira pakuronga kumashure kwemafaira epakati kubva kune maapplication ari kushanda mumidziyo yakasarudzika.
  • systemd-logind inosanganisira kugadziriswa kweCtrl-Alt-Shift-Esc musanganiswa kutumira iyo org.freedesktop.login1.SecureAttentionKey chiratidzo kune zvikamu zvemamiriro emushandisi nechikumbiro chekuratidza dialog yakachengeteka yekupinda. Yaita iyo "DesignatedMaintenanceTime" kuseta kuti uronge otomatiki basa kuti ripedze panguva yakatarwa. Nekufananidza nerutsigiro rweDRM uye evdev zvishandiso, rutsigiro rwakawedzerwa pakugadzirisa kuwana kwevashandisi vasina rombo rakanaka kuvanza zvishandiso (madhizaini emitambo uye mafaro).
  • systemd-machined ikozvino inotsigira ma login evatengi vasina ropafadzo. michina chaiyo uye midziyo. Kuwana mashandiro esystemd-machined kunopihwa kuburikidza neVarlink API, kuwedzera kuD-Bus.
  • Chikamu chitsva "[IPv6AddressLabel]" chawedzerwa kune networkd.conf configuration file kugadzirisa mavara uye prefixes yeIPv6 kero.
  • Yakawedzerwa "--stdin" sarudzo ku 'networkctl edit' kuraira kuti uwane zviri mukati mefaira kubva kune yakajairwa rwizi. Yakawedzera rutsigiro rwekugadzirisa uye kuratidza .netdev mafaera nekutsanangura network interface kune 'networkctl edit' uye 'networkctl katsi' mirairo. Yakawedzerwa sarudzo "--hapana-kubvunza-password" kudzima mvumo inopindirana.
  • Yakawedzera "--certificate-source" sarudzo kune ukify, bootctl, systemd-keyutil, systemd-measure, systemd-repart, uye systemd-sbsign utilities kurodha chitupa che X.509 kuburikidza nemupi weOpenSSL pane kurodha kubva ku file.
  • systemd-boot inowedzera kukwanisa kushandisa mabhatani evhoriyamu kukwira nekudzika kuburikidza nebhutsu menyu, iyo inogona kubatsira pamidziyo yakaita sema smartphones. Tsigiro yekuisa iyo UEFI Yakachengeteka Boot dhatabhesi muESL(db/dbx/…) fomati yesystemd-boot yawedzerwa kune iyo bootctl utility.
  • Yakawedzerwa "-list-invocation" sarudzo kujournalctl kuratidza runyoro rwemayuniti mafoni uye "--invocation" sarudzo ("-I") kuratidza matanda anobatanidzwa chete nechaicho runhare.
  • systemd-nspawn inowedzera rutsigiro rwekushandisa zvisina tsarukano kweFUSE (Filesystem muUserspace) mumidziyo. Paunenge uchishandisa "--bind-user" sarudzo, SSH yevashandisi makiyi anodiwa kuti uwane kuburikidza neSSH anoendeswa kumudziyo.
  • libsystemd yakawedzera itsva programming interface "sd-json" inoshandisa iyo JSON fomati, pamwe ne "sd-varlink" interface inoshandisa IPC Varlink.
  • Iyo yakakurudzirwa base kernel vhezheni yakakwidziridzwa kuburitsa 5.4, yakaumbwa muna 2019. Gore rinouya vanoronga kumisa kutsigira kernels dzakakura uye kumaka iyo 5.4 kuburitswa seyakanyanya kutsigirwa vhezheni.
  • Tsigiro yezvikwata v1 yakadzimwa uye yakadzimwa nekusarudzika (kuigonesa, unofanira kudoma SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 pamutsara wekernel command mukuwedzera pakuigonesa musystemd marongero). Iyo inotevera kuburitswa kwesystemd 258 inoronga kubvisa zvachose iwo cgroups v1 yakabatana kodhi. Systemd vhezheni 258 zvakare yakatemerwa kubvisa rutsigiro rweSystem V sevhisi zvinyorwa.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster