ProHoster > Blog > litaba tsa inthanete > Tsamaiso ea tsamaiso ea systemd e lokolloa 250

Tsamaiso ea tsamaiso ea systemd e lokolloa 250

Ka mor'a likhoeli tse hlano tsa ntshetsopele, ho lokolloa ha tsamaiso ea tsamaiso systemd 250 ho ile ha hlahisoa bokhoni ba ho boloka boitsebiso ka mokhoa o patiloeng, ho kenngoa ts'ebetsong ea likarolo tsa GPT tse fumanoeng ka mokhoa o ikemetseng ho sebelisa signature ea digital, tlhahisoleseding e ntlafetseng mabapi le lisosa tsa ho lieha ha nako. lits'ebeletso tsa ho qala, le likhetho tse ekelitsoeng bakeng sa ho fokotsa phihlello ea lits'ebeletso ho litsamaiso tse itseng tsa faele le likhokahano tsa marang-rang, ts'ehetso bakeng sa ho lekola botšepehi ba karohano ka dm-integrity module e fanoa, 'me tšehetso ea sd-boot auto-update ea eketsoa.

Liphetoho tse kholo:

  • Tšehetso e ekelitsoeng bakeng sa lintlha tse patiloeng le tse netefalitsoeng, tse ka thusang ho boloka ka mokhoa o sireletsehileng lisebelisoa tse hlokolosi tse kang linotlolo tsa SSL le li-password tsa ho kena. Decryption of credentials e etsoa feela ha ho hlokahala le mabapi le ho kenya kapa thepa ea lehae. Lintlha li patiloe ka mokhoa o ikhethileng ho sebelisoa li-algorithms tsa symmetric encryption, senotlolo sa eona se ka fumanehang ho sistimi ea faele, ho chip ea TPM2, kapa ho sebelisa sekema sa motsoako. Ha ts'ebeletso e qala, mangolo a netefatso a hlakisoa ka bo eona 'me a fumaneha ka mokhoa o tloaelehileng oa ts'ebeletso. Ho sebetsa ka lintlha tse patiloeng, sesebelisoa sa 'systemd-creds' se kentsoe, 'me litlhophiso tsa LoadCredentialEncrypted le SetCredentialEncrypted li hlahisitsoe bakeng sa lits'ebeletso.
  • sd-stub, EFI e sebetsang e lumellang EFI firmware ho kenya kernel ea Linux, hona joale e tšehetsa ho qalisa kernel ho sebelisa protocol ea LINUX_EFI_INITRD_MEDIA_GUID EFI. E boetse e kenyellelitsoe ho sd-stub ke bokhoni ba ho paka lintlha le lifaele tsa sysext sebakeng sa polokelo ea cpio le ho fetisetsa boitsebiso bona ho kernel hammoho le initrd (lifaele tse ling li kenngoa ho /.extra/ directory). Karolo ena e u lumella ho sebelisa tikoloho e ke keng ea fetoha ea initrd, e tlatsitsoeng ke li-sysexts le data ea netefatso e patiloeng.
  • Tlhaloso ea Discoverable Partitions e atolositsoe haholo, e fana ka lisebelisoa tsa ho khetholla, ho kenya le ho kenya likarolo tsa tsamaiso ho sebelisa GPT (GUID Partition Tables). Ha ho bapisoa le lintlafatso tse fetileng, tlhaloso e se e ts'ehetsa karohano ea motso le /usr karohano bakeng sa meralo e mengata ea meralo, ho kenyeletsoa liforomo tse sa sebeliseng UEFI.

    Discoverable Partitions e boetse e eketsa ts'ehetso bakeng sa li-partitions tseo botšepehi ba tsona bo netefatsoang ke dm-verity module o sebelisa PKCS#7 digithale tse saenneng, ho nolofalletsa ho etsa litšoantšo tsa disk tse netefalitsoeng ka botlalo. Ts'ehetso ea netefatso e kenyelelitsoe lits'ebetsong tse fapaneng tse tsamaisang litšoantšo tsa disk, ho kenyelletsa systemd-nspawn, systemd-sysext, systemd-dissect, lits'ebeletso tsa RootImage, systemd-tmpfiles, le systemd-sysusers.

  • Bakeng sa li-unit tse nkang nako e telele ho qala kapa ho emisa, ntle le ho bonts'a sebaka sa tsoelo-pele sa animated, hoa khoneha ho bonts'a tlhahisoleseling ea boemo bo u lumellang ho utloisisa se etsahalang ka ts'ebeletso ka nako eo le hore na ke ts'ebeletso efe eo mookameli oa sistimi e leng eona. ha joale e emetse ho phethoa.
  • E kentse parameter ea DefaultOOMScoreAdjust ho /etc/systemd/system.conf le /etc/systemd/user.conf, e leng se u lumellang hore u lokise moeli oa OOM-killer bakeng sa mohopolo o tlaase, o sebetsang lits'ebetsong tse qalang tsamaiso le basebelisi. Ka nako e sa lekanyetsoang, boima ba lits'ebeletso tsa tsamaiso bo phahame ho feta ba lits'ebeletso tsa basebelisi, i.e. Ha ho na le mohopolo o sa lekaneng, monyetla oa ho felisoa ha lits'ebeletso tsa basebelisi o phahame ho feta oa sistimi.
  • E kentse tlhophiso ea RestrictFileSystems, e u lumellang ho thibela phihlello ea lits'ebeletso ho mefuta e itseng ea litsamaiso tsa lifaele. Ho sheba mefuta e fumanehang ea litsamaiso tsa lifaele, o ka sebelisa taelo ea "systemd-analyze filesystems". Ka papiso, khetho ea RestrictNetworkInterfaces e kentsoe ts'ebetsong, e u lumellang ho thibela phihlello ea marang-rang a itseng. Ts'ebetsong e ipapisitse le mojule oa BPF LSM, o thibelang phihlello ea sehlopha sa lits'ebetso ho lintho tsa kernel.
  • E kentse faele e ncha ea /etc/integritytab le sesebelisoa sa systemd-integritysetup se hlophisang dm-integrity module ho laola botšepehi ba data boemong ba lekala, mohlala, ho netefatsa ho se fetohe ha data e patiloeng (Authenticated Encryption, e netefatsa hore data block e na le ha ea fetoloa ka mokhoa o pota-potileng) . Sebopeho sa faele ea /etc/integritytab se tšoana le lifaele tsa /etc/crypttab le /etc/veritytab, ntle le hore dm-integrity e sebelisoa sebakeng sa dm-crypt le dm-verity.
  • Ho ekelitsoe file e ncha ea unit file systemd-boot-update.service, ha e butsoe 'me sd-boot bootloader e kenngoa, systemd e tla ntlafatsa ka bo eona phetolelo ea sd-boot bootloader, ho boloka khoutu ea bootloader e ntse e le teng kamehla. sd-boot ka boeona e se e hahiloe ka ho sa feleng ka ts'ehetso ea mochini oa SBAT (UEFI Secure Boot Advanced Targeting), o rarollang mathata ka ho hlakoloa ha setifikeiti bakeng sa UEFI Secure Boot. Ntle le moo, sd-boot e fana ka bokhoni ba ho hlophisa litlhophiso tsa boot tsa Microsoft Windows ho hlahisa mabitso a likarolo tsa boot ka Windows le ho bonts'a mofuta oa Windows.

    sd-boot e boetse e fana ka bokhoni ba ho hlalosa moralo oa mebala ka nako ea kaho. Nakong ea ts'ebetso ea boot, tšehetso e eketsehileng bakeng sa ho fetola qeto ea skrine ka ho tobetsa konopo ea "r". E kentse hotkey "f" ho ea ho sebopeho sa firmware. E kentse mokhoa oa ho qalisa sistimi ka bo eona e tsamaellanang le ntho ea menyu e khethiloeng nakong ea boot ea ho qetela. E ekelitse bokhoni ba ho kenya bakhanni ba EFI ka bo eona ba fumanehang ho /EFI/systemd/drivers/ directory ho karolo ea ESP (EFI System Partition).

  • Ho kenyellelitsoe file e ncha ea unit file-reset.target, e sebetsoang ho systemd-logind ka tsela e ts'oanang le ea ho qala bocha, poweroff, suspend and hibernate operations, 'me e sebelisoa ho bopa ba sebetsang bakeng sa ho etsa reset ea feme.
  • Ts'ebetso e rarollotsoeng ea systemd joale e theha sokete e eketsehileng ea ho mamela ho 127.0.0.54 ho phaella ho 127.0.0.53. Likopo tse fihlang ho 127.0.0.54 li lula li fetisetsoa ho seva sa DNS se holimo mme ha se sebetsoe sebakeng sa heno.
  • E fane ka bokhoni ba ho haha ​​​​systemd-importd le systemd-resolved ka laeborari ea OpenSSL ho fapana le libgcrypt.
  • E kenyellelitse tšehetso ea pele bakeng sa meralo ea LoongArch e sebelisoang ho li-processor tsa Loongson.
  • systemd-gpt-auto-jenereithara e fana ka bokhoni ba ho hlophisa likaroloana tse hlalositsoeng tsa sistimi tse kentsoeng ke sistimi e nyane ea LUKS2.
  • Khoutu ea phallo ea litšoantšo ea GPT e sebelisoang ho systemd-nspawn, systemd-dissect, le lits'ebeletso tse ts'oanang e sebelisa bokhoni ba ho khetholla litšoantšo bakeng sa meaho e meng, e lumella systemd-nspawn hore e sebelisoe ho tsamaisa litšoantšo ho li-emulators tsa meaho e meng.
  • Ha o hlahloba litšoantšo tsa disk, systemd-dissect joale e bonts'a tlhahisoleseling mabapi le sepheo sa karohano, joalo ka ho tšoaneleha ha booting ka UEFI kapa ho sebetsa ka har'a setshelo.
  • Sebaka sa "SYSEXT_SCOPE" se kentsoe lifaeleng tsa system-extension.d/, se u lumellang hore u bontše boholo ba setšoantšo sa sistimi - "initrd", "system" kapa "portable".
  • Karolo ea "PORTABLE_PREFIXES" e kenyelelitsoe faeleng ea os-release, e ka sebelisoang litšoantšong tse nkehang habonolo ho fumana li-prefixes tsa li-unit tse tšehetsoeng.
  • systemd-logind e hlahisa litlhophiso tse ncha HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress le HandleHibernateKeyLongPress, e ka sebelisoang ho tseba hore na ho etsahala'ng ha linotlolo tse ling li ts'oaroe ka metsotsoana e fetang 5 (mohlala, ho tobetsa konopo ea Suspend ho ea ho konopo ea standby ka potlako. , 'me ha e tšoaroa, e tla robala) .
  • Bakeng sa li-unit, li-setting tsa StartupAllowedCPUs le StartupAllowedMemoryNodes li kengoa ts'ebetsong, tse fapaneng le litlhophiso tse tšoanang ntle le sehlomathiso sa ho Qala ka hore li sebelisoa feela sethaleng sa ho qalisa le ho koala, se u lumellang ho beha lithibelo tse ling tsa lisebelisoa nakong ea boot.
  • E kentsoe [Condition|Assert][Memory|CPU|IO]Ditekole tsa kgatello tse dumellang tshebediso ya yuniti hore e tlolwe kapa e hlolehe haeba motjhini wa PSI o ka lemoha moroalo o boima mohopolong, CPU, le I/O mochining.
  • Moeli o sa feleng oa li-inode o eketsehile bakeng sa karohano ea / dev ho tloha 64k ho ea ho 1M, le bakeng sa karohano ea /tmp ho tloha 400k ho ea ho 1M.
  • Setlhophiso sa ExecSearchPath se hlahisitsoe bakeng sa lits'ebeletso, se etsang hore ho khonehe ho fetola tsela ea ho batla lifaele tse ka phethisoang tse hlahisitsoeng ka litlhophiso tse kang ExecStart.
  • E kentse tlhophiso ea RuntimeRandomizedExtraSec, e u lumellang hore u kenye liphapang tse sa reroang nakong ea nako ea RuntimeMaxSec, e fokotsang nako ea ts'ebetso ea yuniti.
  • Syntax ea litlhophiso tsa RuntimeDirectory, StateDirectory, CacheDirectory le LogsDirectory e ekelitsoe, moo ka ho hlakisa boleng bo eketsehileng bo arotsoeng ke kolone, joale u ka hlophisa ho theha sehokelo sa tšoantšetso bukeng e fanoeng bakeng sa ho hlophisa phihlello litseleng tse 'maloa.
  • Bakeng sa lits'ebeletso, litlhophiso tsa TTYRows le TTYColumns li fanoa ho seta palo ea mela le likholomo sesebelisoa sa TTY.
  • E kentse tlhophiso ea ExitType, e u lumellang hore u fetole mohopolo oa ho fumana pheletso ea ts'ebeletso. Ka kamehla, systemd e hlokomela feela lefu la ts'ebetso ea mantlha, empa haeba ExitType=cgroup e setiloe, molaoli oa sistimi o tla emela ts'ebetso ea ho qetela sehlopheng hore e phethe.
  • Ts'ebetsong ea systemd-cryptsetup ea ts'ehetso ea TPM2/FIDO2/PKCS11 e se e hahiloe joalo ka plugsetup plugin, e lumellang hore ho sebelisoe taelo e tloaelehileng ea cryptsetup ho notlolla karohano e patiloeng.
  • TPM2 handler ho systemd-cryptsetup/systemd-cryptsetup e eketsa tšehetso bakeng sa linotlolo tsa mantlha tsa RSA ho kenyelletsa linotlolo tsa ECC ho ntlafatsa tšebelisano le li-chips tse seng tsa ECC.
  • Khetho ea nako ea ho qeta nako e kenyelitsoe ho / joalo-joalo / crypttab, e leng se u lumellang hore u hlalose nako e telele ea ho emela PKCS # 11 / FIDO2 token token, ka mor'a moo u tla susumelletseha ho kenya phasewete kapa senotlolo sa ho hlaphoheloa.
  • systemd-timesyncd e sebelisa tlhophiso ea SaveIntervalSec, e u lumellang hore nako le nako u boloke nako ea sistimi ea hajoale ho disk, mohlala, ho kenya ts'ebetsong oache ea monotonic lits'ebetsong ntle le RTC.
  • Likhetho li kenyellelitsoe ts'ebelisong ea systemd-analyse: "--image" le "--root" bakeng sa ho lekola lifaele tsa yuniti ka har'a setšoantšo se fanoeng kapa buka ea motso, "-recursive-errors" bakeng sa ho ela hloko likarolo tse itšetlehileng ka eona ha phoso e hlaha. e fumanoa, "--offline" bakeng sa ho hlahloba ka thoko lifaele tsa yuniti tse bolokiloeng ho disk, "-json" bakeng sa tlhahiso ka sebopeho sa JSON, "-khutsa" ho tima melaetsa e sa reng letho, "-profile" ho tlama profaele e nkehang. Ho boetse ho eketsoa ke taelo ea tlhahlobo-elf bakeng sa ho arola lifaele tsa mantlha ka sebopeho sa ELF le bokhoni ba ho lekola lifaele tsa yuniti ka lebitso le fanoeng la yuniti, ho sa tsotelehe hore na lebitso lena le lumellana le lebitso la faele.
  • systemd-networkd e atolositse tšehetso bakeng sa bese ea Controller Area Network (CAN). Litlhophiso tse kentsoeng ho laola mekhoa ea CAN: Loopback, OneShot, PresumeAck le ClassicDataLengthCode. E Eketsehile TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment2 le DataSyncJumpWidth dikgetho ho karolo ya [CANnetwork.sync] ya difaele tsa ho laola bit
  • Systemd-networkd e kentse khetho ea Label bakeng sa moreki oa DHCPv4, e u lumellang hore u lokise aterese ea aterese e sebelisoang ha u lokisa liaterese tsa IPv4.
  • systemd-udevd bakeng sa "ethtool" ts'ehetso ea lisebelisoa bakeng sa litekanyetso tse khethehileng tsa "max" tse behang boholo ba buffer ho boleng bo phahameng bo tšehetsoeng ke hardware.
  • Lifaeleng tsa .link bakeng sa systemd-udevd joale u ka hlophisa li-parameter tse fapaneng bakeng sa ho kopanya li-adapter tsa marang-rang le ho hokahanya li-hardware handlers (offload).
  • systemd-networkd e fana ka lifaele tse ncha tsa .network ka kamehla: 80-container-vb.network ho hlalosa marokho a marang-rang a entsoeng ha ho sebetsa systemd-nspawn ka likhetho tsa "--network-bridge" kapa "--network-zone"; 80-6rd-tunnel.network ho hlalosa lithanele tse itlhahelang ka bo eona ha li fumana karabo ea DHCP ka khetho ea 6RD.
  • Systemd-networkd le systemd-udevd li ekelitse ts'ehetso ea ho fetisetsa IP holim'a li-interfaces tsa InfiniBand, tseo karolo ea "[IPoIB]" e kenyelelitsoe lifaeleng tsa systemd.netdev, 'me ts'ebetso ea boleng ba "ipoib" e kentsoe tšebetsong Mofuteng. tlhophiso.
  • systemd-networkd e fana ka peakanyo ya tsela ya othomathike bakeng sa diaterese tse boletsweng ho paramethara ya AllowedIPs, e ka hlophiswang ka diparamente tsa RouteTable le RouteMetric karolong ya [WireGuard] le [WireGuardPeer].
  • systemd-networkd e fana ka ho iketsetsa liaterese tsa MAC tse sa fetoheng bakeng sa batadv le likhokahano tsa borokho. Ho tima boits'oaro bona, o ka hlakisa MACAddress=none ho lifaele tsa .netdev.
  • Setlhophiso sa WakeOnLanPassword se kentsoe .link lifaeleng karolong ea "[Link]" ho fumana phasewete ha WoL e sebetsa ka mokhoa oa "SecureOn".
  • Added AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Wash, SplitGSO le UseRawPacketSize setting to the “[CAKE]” karolo ea .network files to define parameters of the CAKE (Common Applications network Kept) .
  • E kentse litlhophiso tsa IgnoreCarrierLoss karolong ea "[Network]" ea lifaele tsa .network, e u lumellang hore u tsebe hore na u eme nako e kae pele u arabela tahlehelong ea lets'oao la mofani oa thepa.
  • Systemd-nspawn, homectl, machinectl le systemd-run li atolositse syntax ea paramethara ea "--setenv" - ha feela lebitso le feto-fetohang le boletsoe (ntle le "="), boleng bo tla nkuoa ho feto-fetoha ea tikoloho e tsamaellanang (bakeng sa mohlala, ha o hlakisa "--setenv=FOO" boleng bo tla nkuoa ho $FOO e feto-fetohang ea tikoloho 'me e sebelisoe tikolohong e fapaneng ea lebitso le tšoanang le behiloeng ka har'a sets'oants'o).
  • systemd-nspawn e kentse khetho ea "--suppress-sync" ho tima mehala ea sync ()/fsync()/fdatasync() ha o theha setshelo (e thusa ha lebelo e le ntho e tlang pele le ho boloka li-artifacts haeba ho ka se atlehe. bohlokoa, kaha li ka etsoa bocha neng kapa neng).
  • Ho kentsoe database e ncha ea hwdb, e kenyelletsang mefuta e fapaneng ea bahlahlobi ba matšoao (li-multimeter, li-protocol analyzers, oscilloscopes, joalo-joalo). Lintlha tse mabapi le lik'hamera tse ho hwdb li atolositsoe ka lebala le nang le tlhaiso-leseling mabapi le mofuta oa khamera (ea kamehla kapa ea infrared) le ho beoa ha lense (ka pele kapa ka morao).
  • E lumelletsoe ho hlahisa mabitso a marang-rang a sa fetoheng bakeng sa lisebelisoa tsa marang-rang tse sebelisoang Xen.
  • Tlhahlobo ea lifaele tsa mantlha ke sesebelisoa sa systemd-coredump se ipapisitseng le lilaebrari tsa libdw/libelf e se e etsoa ka mokhoa o ikhethileng, o ikhethileng tikolohong ea sandbox.
  • systemd-importd e kentse tšehetso bakeng sa mefuta-futa ea tikoloho $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA, $SYSTEMD_IMPORT_SYNC, eo ka eona u ka thibelang tlhahiso ea likaroloana tsa Btrfs, hammoho le ho lokisa quotas le disk synchronization.
  • Ho systemd-journald, ho litsamaiso tsa lifaele tse tšehetsang mokhoa oa ho kopitsa-ho-ngola, mokhoa oa COW o lumelloa hape bakeng sa likoranta tse bolokiloeng, ho li lumella ho hatelloa ka ho sebelisa Btrfs.
  • systemd-journald e sebelisa ho qolla masimo a tšoanang molaetsa o le mong, o etsoang sethaleng pele o beha molaetsa koranteng.
  • E kenyellelitsoe "--show" khetho ea ho koala taelo ho bonts'a ho koala ho reriloeng.

Source: opennet.ru

Eketsa ka tlhaloso