ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siideynta maareeyaha nidaamka systemd 253

Siideynta maareeyaha nidaamka systemd 253

Saddex bilood iyo badh ka dib horumarinta, sii deynta maamulaha nidaamka nidaamka 253 ayaa la soo bandhigay.

Waxaa ka mid ah isbeddelada sii deynta cusub:

  • Xirmada waxaa ku jira utility 'ukify', oo loogu talagalay in lagu dhiso, la xaqiijiyo oo soo saaro saxiixyada sawirada kernel-ka midaysan (UKI, Sawirka Kernel Midaysan), isku darka gacan-qabeeyaha si loogu soo dejiyo kernel-ka UEFI (UEFI boot stub), muuqaal Linux ah iyo a deegaanka nidaamka ku raran initrd xasuusta, loo isticmaalo bilowga hore ee marxaladda ka hor inta aan la rakibin nidaamka file xididka. Utility wuxuu bedelayaa shaqeyntii uu horey u bixiyay amarka 'dracut -uefi' wuxuuna ku buuxinayaa awoodaha si toos ah loogu xisaabiyo dhimista faylalka PE, isku darka gudaha, saxiixida sawirada kernel-ka, abuurista sawirro isku dhafan oo leh sbsign, heuristics si loo go'aamiyo magaca kernel-ka, hubinta sawir leh shaashad firidhsan oo lagu daray siyaasadaha PCR ee saxeexan ee ay soo saartay utility-cabbirka nidaamka.
  • Taageerada lagu daray ee initrd deegaanka oo aan ku xaddidnayn meelaynta xusuusta, taas oo dusha sare laga isticmaalo halkii tmpfs. Deegaannadan oo kale, systemd ma tirtiro dhammaan faylasha ku jira initrd ka dib marka la beddelo nidaamka faylka xididka.
  • Halbeegga "OpenFile" ayaa lagu daray adeegyada furitaanka faylalka aan sharciga ahayn ee nidaamka faylalka (ama ku xidhidhiyaha saldhigyada Unix) iyo u gudbinta sharraxayaasha faylka la xidhiidha habka la bilaabay (tusaale, markaad u baahato inaad habayso gelitaanka faylka adeegga aan mudnayn iyada oo aan la beddelin xuquuqda gelitaanka faylka) .
  • In systemd-cryptenroll, marka la diiwaan gelinayo furayaasha cusub, waxaa suurtogal ah in la furo qaybo qarsoon iyadoo la adeegsanayo FIDO2 tokens (-unlock-fido2-device) adoon u baahnayn furaha sirta ah. Koodhka sirta ee isticmaale-ku-sheegga waxa lagu kaydiyaa milix si loo adkeeyo ogaanshaha xoog-sheegid.
  • Kudaray ReloadLimitIntervalSec iyo ReloadLimitBurst settings, iyo sidoo kale ikhtiyaarada khadka taliska kernel (systemd.reload_limit_interval_sec iyo /systemd.reload_limit_burst) si loo xaddido xoojinta habka asalka ah dib u bilaabo.
  • Unugyada, ikhtiyaarka "MemoryZSwapMax" ayaa la hirgeliyay si loo habeeyo hantida memory.zswap.max, taas oo go'aamisa xajmiga zswap ugu badan.
  • Unugyada, ikhtiyaarka "LogFilterPatterns" ayaa la hirgeliyay, kaas oo kuu ogolaanaya inaad dejiso tibaaxo joogto ah si aad u shaandhayso macluumaadka soo-saarka log (waxaa loo isticmaali karaa in laga saaro wax soo saarka qaarkood ama lagu keydiyo xogta qaarkood).
  • Unugyada baaxadda waxay hadda taageeraan goobta "OOMpolicy" si ay u dejiyaan habdhaqanka marka la isku dayayo in la sii hormariyo marka xasuustu hooseyso (fadhiyada gelitaanka waxaa loo dejiyay OOMpolicy = sii wad si uusan dilaaga OOM si xoog ah u joojin).
  • Nooc cusub oo adeeg ah ayaa la qeexay - "Type=notify-reload", kaas oo kordhiya nooca "Nooca=wargelinta" oo awood u leh inuu sugo signalka dib u bilaabmi si uu u dhamaystiro habaynta (SIGHUP). Adeegyada systemd-networkd.adeegga, systemd-udevd.adeegga iyo systemd-logind ayaa loo wareejiyay nooca cusub.
  • udev waxa ay u isticmaashaa hab cusub oo magac bixin ah oo ah aaladaha shabakada, farqiga u dhaxeeya waxa uu yahay in aaladaha USB ee aan ku xidhnayn baska PCI, ID_NET_NAME_PATH waxa loo dejiyay si loo hubiyo magacyo badan oo la saadaalin karo. Hawlwadeenka '-=' waxa loo hirgaliyay doorsoomayaasha SYMLINK, isaga oo ka tagaya isku xidhka astaanta ah mid aan habaysanayn haddii xeerka lagu darayo hore loo qeexay.
  • Nidaamkad-boot-ka, gudbinta abuurka koronto-dhaliyeyaasha nambarada random-ka ee kernel-ka iyo dhabarka saxanka ayaa dib loo habeeyey. Taageerada lagu daray ee ku shubista kernel-ka kaliya maaha ESP (Nidaamka Qaybta EFI), tusaale ahaan, firmware-ka ama si toos ah QEMU. Falanqaynta cabbirrada SMBIOS ayaa la bixiyaa si loo go'aamiyo bilowga jawiga abuurista. Qaab cusub oo 'if-ammaan' ah ayaa la hirgeliyay kaas oo shahaadada UEFI Secure Boot laga soo raro ESP kaliya haddii loo arko inay badbaado tahay (wuxuu ku shaqeeyaa mashiinka farsamada).
  • Utility bootctl wuxuu fuliyaa soo saarista calaamadaha nidaamka dhammaan nidaamyada EFI, marka laga reebo jawiga abuurista. Waxaa lagu daray 'kernel-identify' iyo 'kernel-inspect' amarrada si loo muujiyo nooca sawirka kernel iyo macluumaadka ku saabsan xulashada khadka taliska iyo nooca kernel, 'unlink' si meesha looga saaro faylka la xiriira nooca koowaad ee diiwaannada boot, 'nadiifin' si meesha looga saaro dhammaan faylal ka yimid buugga "geli-token" ee ESP iyo XBOOTLDR, oo aan la xidhiidhin nooca koowaad ee diiwaannada boot. Habaynta doorsoomiyaha KERNEL_INSTALL_CONF_ROOT waa la bixiyay.
  • Amarka 'systemctl list-dependencies' wuxuu hadda taageeraa habaynta '--type' iyo'--state', iyo 'systemctl kexec' amarka wuxuu ku darayaa taageerada deegaanka ee ku saleysan Xen hypervisor.
  • Faylasha shabakadda ee qaybta [DHCPv4], taageerada SocketPriority iyo QuickAck, RouteMetric=high|dhexdhexaad| doorashooyin hoose ayaa hadda lagu daray.
  • Nidaamka dib-u-celinta ayaa lagu daray xulashooyinka "- ku jiraan-qayb-qayb", "--exclude-partitions" iyo "--defer-partitions" si loo shaandheeyo qaybaha nooca UUID, kaas oo, tusaale ahaan, kuu ogolaanaya inaad dhisto sawiro ay hal qayb ka mid tahay. lagu dhisay oo ku salaysan waxa ku jira qayb kale. Waxa kale oo lagu daray ikhtiyaarka "--sector-size" si loo qeexo xajmiga qaybta loo isticmaalo marka la abuurayo qaybta. Taageero lagu daray fayl-abuurka erofs. Dejinta yaraynta waxay fulisaa habaynta qiimaha "ugu fiican" si loo doorto cabbirka sawirka ugu yar ee suurtogalka ah.
  • systemd-journal-remote waxa u ogolaanaya isticmaalka MaxUse, KeepFree, MaxFileSize iyo MaxFiles settings si loo xaddido isticmaalka booska diskka.
  • systemd-cryptsetup wuxuu ku darayaa taageerada u dirida codsiyada firfircoonida calaamadaha FIDO2 si loo go'aamiyo joogitaankooda kahor intaan la xaqiijin.
  • Qiyaaso cusub tpm2-measure-bank iyo tpm2-measure-pcr ayaa lagu daray crypttab.
  • systemd-gpt-auto-generator wuxuu hirgeliyaa rakibida qaybaha ESP iyo XBOOTLDR ee qaababka "noexec, nosuid, nodev", sidoo kale wuxuu ku daraa xisaabinta nooca rootfstype iyo rootflags ee loo maro khadka taliska kernel.
  • systemd-resolved waxa ay siisaa awooda lagu habeeyo cabirada xalinta iyada oo la qeexayo server-ka, domainka, network.dns iyo network.search_domains ee khadka taliska kernel-ka.
  • Amarka "systemd-analyze plot" hadda waxa uu awood u leeyahay in uu ku soo saaro qaabka JSON marka la tilmaamayo calanka "-json". Ikhtiyaarada cusub "--table" iyo "-no-legend" ayaa sidoo kale lagu daray si loo xakameeyo wax soo saarka.
  • 2023, waxaan qorsheyneynaa inaan joojino taageerada kooxaha v1 iyo kala qaybsanaanta kala sareynta hagaha (halka / usr si gooni ah loogu rakibay xididka, ama / bin iyo / usr / bin, / lib iyo / usr / lib waa la kala saaray).

Source: opennet.ru

Add a comment