ProHoster > Blog > litaba tsa inthanete > systemd 245 e fumaneha ka ts'ebetsong ea bukana ea lapeng e nkehang

systemd 245 e fumaneha ka ts'ebetsong ea bukana ea lapeng e nkehang

Ka mor'a likhoeli tse tharo tsa tsoelo-pele hlahisoa ho lokolloa ha mookameli oa tsamaiso tsamaiso 245. Phatlalatsong e ncha, likarolo tse ncha tsa systemd-homed le systemd-repart li kenyellelitsoe, tšehetso ea li-profiles tsa basebelisi tse nkehang ka mokhoa oa JSON e kenyelelitsoe, bokhoni ba ho hlalosa libaka tsa mabitso ho systemd-journald bo fanoe, 'me tšehetso ea mochine oa "pidfd" e ea eketsoa. . E hlophisitsoe bocha webosaete ea morero, e bokellang boholo ba litokomane tse teng le ho hlahisa logo e ncha.

systemd 245 e fumaneha ka ts'ebetsong ea bukana ea lapeng e nkehang

ka sehloohong fetola:

  • Tshebeletso e ekeditsweng systemd-homed, e fanang ka tsamaiso ea li-directory tsa lapeng tse nkehang, tse fanoang ka mokhoa oa faele ea setšoantšo e behiloeng, data eo ho eona e kentsoeng ka mokhoa o patiloeng. Systemd-homed e o lumella ho theha tikoloho e ikemetseng bakeng sa data ea mosebelisi e ka fetisetsoang lipakeng tsa litsamaiso tse fapaneng ntle le ho tšoenyeha ka khokahano ea li-identifier le lekunutu. Lintlha tsa mosebelisi li tlameletsoe bukeng ea lapeng ho fapana le litlhophiso tsa sistimi - ho sebelisoa profil ka sebopeho ho fapana le / joalo-joalo / passwd, / joalo-joalo / sehlopha le / joalo-joalo / moriti. JSON. Bakeng sa lintlha tse ling, bona tsebiso ea ho qetela systemd-homed.
  • E kenyellelitse karolo ea "systemd-homed companion"userdb” (“systemd-userb”), e fetolelang li-account tsa UNIX/glibc NSS ho lirekoto tsa JSON mme e fana ka Varlink API e kopaneng bakeng sa ho botsa le ho pheta-pheta lirekoto. Boemo ba JSON bo amanang le bukana ea lapeng e totobatsa lintlha tse hlokahalang bakeng sa mosebetsi oa mosebelisi, ho kenyeletsoa lebitso la mosebelisi, password ea hash, linotlolo tsa encryption, quotas, le lisebelisoa tse fanoeng. Boemo bo ka netefatsoa ka signature ea dijithale e bolokiloeng ho token ea Yubikey e kantle. Ho laola li-profile, "userdbctl" e sebelisoa. Ts'ehetso ea li-profiles tsa JSON e kenyelelitsoe likarolong tse fapaneng tsa tsamaiso, ho kenyelletsa le systemd-logind le pam-systemd, e lumellang basebelisi ba li-directory tse nkehang habonolo ho netefatsa, ho kena, ho beha mefuta e fapaneng ea tikoloho, ho etsa seboka, ho beha meeli, joalo-joalo. Nakong e tlang, ho lebelletsoe hore moralo oa ssd o tla khona ho hlahisa li-profiles tsa JSON ka litlhophiso tsa mosebelisi tse bolokiloeng ho LDAP.
  • Sesebelisoa se secha sa "systemd-repart" se kentsoe, se etselitsoeng ho arola litafole tsa karohano ea disk ka sebopeho sa GPT. Sebopeho sa karohano se hlalosoa ka mokhoa oa phatlalatso ka lifaele tse hlalosang hore na ke likarolo life tse lokelang ho ba teng kapa tse ka bang teng. Botong bo bong le bo bong, tafole ea 'nete ea karohano e bapisoa le lifaele tsena, ka mor'a moo likarolo tse sieo li eketsoa kapa, haeba boholo bo amanang kapa bo felletseng bo hlalositsoeng litlhophisong bo sa lumellane, boholo ba tse teng boa eketseha. Ke liphetoho tse ntseng li eketseha feela tse lumelloang, i.e. ho hlakola le ho fokotsa boholo ha ho khonehe, likaroloana li ka eketsoa feela le ho atolosoa.
    Sesebelisoa se etselitsoe ho qalisoa ho tloha ho initrd mme se iphumanela disk eo karolo ea motso e leng ho eona, e sa hlokeng tlhophiso e eketsehileng, ntle le lifaele tse nang le tlhaloso ea liphetoho.

    Ha e le hantle, systemd-repart e ka ba molemo bakeng sa litšoantšo tsa tsamaiso ea ts'ebetso tse ka 'nang tsa romeloa ka mokhoa o fokolang,' me ka mor'a hore boot ea pele e atolosoe ho isa boholo ba sesebelisoa sa block kapa sa tlatsetsoa ka likarolo tse ling (mohlala, motso). karohano e ka atolosoa ho koahela disk eohle kapa ka mor'a hore boot ea pele e thehe karohano ea swap kapa / lapeng). Tšebeliso e 'ngoe e ka ba litlhophiso tse nang le likarolo tse peli tse potolohang - ke karohano ea pele feela e ka fanoang qalong, 'me ea bobeli e tla etsoa booting ea pele.

  • Hona joale hoa khoneha ho qala mehlala e mengata ea systemd-journald, e 'ngoe le e' ngoe e bolokang li-log sebakeng sa eona sa mabitso. Ho phaella tsamaisong e kholo ea systemd-journald.service, .service directory e fana ka template bakeng sa ho etsa maemo a eketsehileng a tlameletsoe ho libaka tsa bona tsa mabitso ho sebelisa taelo ea "LogNamespace". Sebaka se seng le se seng sa mabitso sa log se sebeletsoa ke mokhoa o ikhethileng oa morao-rao o nang le li-setting tsa ona le meeli. Karolo e reriloeng e ka ba molemo bakeng sa ho leka-lekanya thepa ka bongata bo boholo ba li-log kapa ho ntlafatsa ho itšehla thajana ha ts'ebeliso. E kentsoe "--namespace" khetho ho journalctl ho fokotsa potso sebakeng se boletsoeng feela.
  • Systemd-udevd le likarolo tse ling tsa systemd li kentse tšehetso bakeng sa mochine oa ho fana ka mabitso a mang ho li-interface tsa marang-rang, ho lumella mabitso a mangata hore a sebelisoe ka nako e le 'ngoe bakeng sa sebopeho se le seng. Lebitso le ka ba litlhaku tse 128 (pele, lebitso la sebopeho sa marang-rang le ne le lekanyelitsoe ho litlhaku tse 16). Ka nako e sa lekanyetsoang, systemd-udevd joale e fana ka sebopeho se seng le se seng sa marang-rang mabitso ohle a fapaneng a hlahisoang ke merero ea mabitso e tšehetsoeng. Boitšoaro bona bo ka fetoloa ka litlhophiso tse ncha tsa AlternativeName le AlternativeNamesPolicy ho lifaele tsa .link. systemd-nspawn e sebelisa ho hlahisa mabitso a mang a nang le lebitso le felletseng la setshelo bakeng sa lihokelo tsa veth tse entsoeng ka lehlakoreng la moamoheli.
  • sd-event.h API e eketsa ts'ehetso bakeng sa "pidfd" ea Linux kernel subsystem ho sebetsana le boemo ba ho sebelisa PID hape (pidfd e amahanngoa le ts'ebetso e itseng 'me ha e fetohe, ha PID e ka amahanngoa le ts'ebetso e' ngoe ka mor'a ts'ebetso ea hona joale. e amanang le eona e tsoa PID ena). Likarolo tsohle tsa systemd ntle le PID 1 li fetotsoe ho sebelisa li-pidfd haeba subsystem e tšehetsoa ke kernel ea hajoale.
  • systemd-logind e fana ka licheke tsa phihlello bakeng sa ts'ebetso ea phetoho ea terminal ka PolicyKit. Ka nako e sa lekanyetsoang, tumello ea ho fetola terminal e sebetsang e fuoa feela basebelisi ba qalileng seboka ho terminal ea lehae bonyane hang.
  • Ho etsa hore ho be bonolo ho etsa litšoantšo tsa initrd ka systemd, PID 1 handler joale e lemoha hore na initrd e ea sebelisoa, 'me tabeng ena e itjarisa initrd.target sebakeng sa default.target. Ka mokhoa ona, litšoantšo tsa initrd le tsa mantlha tsa sistimi li ka fapana feela ka boteng ba faele ea /etc/initrd-release.
  • E kentse parameter e ncha ea taelo ea kernel - "systemd.cpu_affinity", e lekanang le khetho ea CPUAffinity ho /etc/systemd/system.conf le ho u lumella hore u lokise mask a kamano ea CPU bakeng sa PID 1 le mekhoa e meng.
  • E nolofalitse ho kenya database ea SELinux hammoho le ho qala PID 1 ka litaelo tse kang "systemctl daemon-reload".
  • Tlhophiso ea "systemd.show-status=error" e kenyelelitsoe ho mohlokomeli oa PID 1, ha e behiloe, melaetsa ea liphoso feela le tieho e kholo nakong ea ho laela e bontšoa ho console.
  • systemd-sysusers e kentse tšehetso bakeng sa ho theha basebelisi ba nang le lebitso la sehlopha sa mantlha le fapaneng le lebitso la mosebelisi.
  • systemd-growfs e hlahisa tšehetso bakeng sa katoloso ea karohano ea XFS ka x-systemd.growfs mount kgetho ho /etc/fstab, ho phaella ho katoloso ea karohano e tšehetsoeng pele ka Ext4 le Btrfs.
  • E kentse khetho ea x-initrd.attach ho /etc/crypttab ho hlalosa karohano e patiloeng e seng e notletsoe sethaleng sa pele.
  • systemd-cryptsetup e ekelitse tšehetso (khetho pkcs11-uri in /etc/crypttab) bakeng sa ho notlolla li-partitions tse patiloeng ho sebelisa PKCS#11 smartcards, mohlala bakeng sa ho hokela encryption ea partition ho YubiKeys.
  • Likhetho tse ncha tsa "x-systemd.required-by" le "x-systemd.wanted-by" li kenyellelitsoe ho /etc/fstab ho hlophisa ka ho hlaka likarolo tse hlalosang lits'ebetso tsa mount tse tla bitsoa sebakeng sa local-fs.target le remote. -fs .target.
  • Ho kentsoe khetho e ncha ea sandboxing - ProtectClock, e fokotsang ho ngolla oache ea sistimi (ho fihlella ho koetsoe boemong ba /dev/rtc, mehala ea sistimi le tumello ea CAP_SYS_TIME/CAP_WAKE_ALARM).
  • Ho ea ka litlhaloso Li-partitions tse fumanehang le systemd-gpt-auto-generator e kenyellelitse ho lemoha karohano
    /var le /var/tmp.

  • Ho "systemctl list-unit-files", ha ho bonts'a lethathamo la lihlopha, ho hlahile kholomo e ncha e bonts'ang boemo ba ho nolofalletsa bo fanoang ho li-presets tsa moetsi bakeng sa mofuta ona oa yuniti.
  • Khetho "-with-dependencies" e kenyelelitsoe ho "systemctl", ha e kenngoa, litaelo tse kang "systemctl status" le "systemctl cat" li ke ke tsa bontša lihlopha tsohle tse lumellanang, empa le lihlopha tseo li itšetlehileng ka tsona.
  • Ho systemd-networkd, qdisc configuration e kentse bokhoni ba ho lokisa TBF (Token Bucket Filter), SFQ (Stochastic Fairness Queuing), CoDel (Controlled-Delay Active Queue Management) le FQ (Fair Queue) parameters.
  • systemd-networkd tšehetso e eketsehileng bakeng sa lisebelisoa tsa marang-rang tsa IFB (Thibelo ea Mosebetsi oa Mahareng).
  • Systemd-networkd e sebelisa MultiPathRoute parameter karolong ea [Route] ho lokisa litsela tse ngata.
  • Ho systemd-networkd bakeng sa moreki oa DHCPv4, khetho ea SendDecline e ekelitsoe, ha e hlalositsoe, ka mor'a ho fumana karabo ea DHCP e nang le aterese, ho hlahlojoa aterese e 'meli e etsoa' me haeba ho fumanoa khohlano ea aterese, aterese e fanoeng e hanoa. Khetho ea RouteMTUBytes e boetse e kentsoe ho moreki oa DHCPv4, e u lumellang hore u tsebe boholo ba MTU bakeng sa litsela tse hlahisoang ho tsoa ho li-adress tsa IP (liase).
  • Setting ea PrefixRoute karolong ea [Aterese] ea lifaele tsa .network e tlositsoe. E ile ea nkeloa sebaka ke "AddPrefixRoute" setting, e nang le moelelo o fapaneng.
  • Lifaeleng tsa .network, ts'ehetso ea boleng bo bocha "_dhcp" e kenyelelitsoe ho Setting ea Gateway karolong ea "[Route]", ha e behiloe, ho khethoa tsela e tsitsitseng ho latela heke e hlophisitsoeng ka DHCP.
  • Litlhophiso li hlahile lifaeleng tsa .network karolong ea "[RoutingPolicyRule]".
    User le SuppressPrefixLength ho hlakisa tsela ea mohloli ho latela mefuta ea UID le boholo ba sehlomathiso.

  • Ho networkctl, taelo ea "boemo" e fana ka bokhoni ba ho bonts'a li-log mabapi le sebopeho se seng le se seng sa marang-rang.
  • systemd-networkd-wait-online e eketsa tšehetso bakeng sa ho beha nako e ngata ea ho emela hore sebopeho se sebetse le ho emela hore sebopeho se theohe.
  • E emisitse ho sebetsa .link le .network difaele tse nang le letho kapa tse nang le maikutlo a tsoa "[Match]" karolo.
  • Lifaeleng tsa .link le .network, karolong ea "[Match]", ho kentsoe "PermanentMACAddress" ho hlahloba aterese ea MAC e sa feleng ea lisebelisoa tabeng ea ho sebelisa MAC e entsoeng ka tšohanyetso.
  • "Karolo ea "[TrafficControlQueueingDiscipline]" lifaeleng tsa .network e fetotsoe lebitso la "[NetworkEmulator]", 'me sehlomathiso sa "NetworkEmulator" se tlositsoe mabitsong a litlhophiso tse amanang.
  • systemd-resolved bakeng sa DNS-over-TLS e eketsa tšehetso bakeng sa tlhahlobo ea SNI.

Source: opennet.ru

Eketsa ka tlhaloso