ProHoster > Blog > litaba tsa inthanete > Tsamaiso ea tsamaiso ea systemd e lokolloa 253

Tsamaiso ea tsamaiso ea systemd e lokolloa 253

Kamora likhoeli tse tharo le halofo tsa nts'etsopele, ho ile ha hlahisoa tokollo ea motsamaisi oa sistimi systemd 253.

Har'a liphetoho tse hlahang tokollong e ncha:

  • Sephutheloana se kenyelletsa sesebelisoa sa 'ukify', se etselitsoeng ho aha, ho netefatsa le ho hlahisa li-signature bakeng sa litšoantšo tse kopaneng tsa kernel (UKI, Unified Kernel Image), ho kopanya sesebelisoa sa ho kenya kernel ho tsoa ho UEFI (UEFI boot stub), setšoantšo sa kernel sa Linux le tikoloho ea sistimi e kentsoeng ka har'a initrd ea memori, e sebelisetsoang ho qala sethaleng pele e kenya sistimi ea faele ea metso. Sesebelisoa se nka sebaka sa ts'ebetso e neng e fanoe pele ke taelo ea 'dracut -uefi' 'me e e tlatsa ka bokhoni ba ho bala li-offsets ka mokhoa o ikemetseng lifaeleng tsa PE, ho kopanya li-initrds, ho saena litšoantšo tsa kernel tse kentsoeng, ho etsa litšoantšo tse kopantsoeng le sbsign, heuristics bakeng sa ho khetholla kernel uname, ho hlahloba setšoantšo se nang le skrine sa splash le ho eketsa maano a PCR a saenneng a hlahisoang ke sesebelisoa sa systemd-measure.
  • Ts'ehetso e ekelitsoeng bakeng sa tikoloho ea initrd e sa lekanyetsoang ke ho beha mohopolo, moo ho sebelisoang li-overlayfs sebakeng sa tmpfs. Bakeng sa libaka tse joalo, systemd ha e hlakole lifaele tsohle ho initrd ka mor'a ho fetola sistimi ea faele ea motso.
  • Paramethara ea "OpenFile" e kenyellelitsoe lits'ebeletso bakeng sa ho bula lifaele tse hanyetsanang tsamaisong ea faele (kapa ho hokela li-sockets tsa Unix) le ho fetisa litlhaloso tsa faele tse amanang le ts'ebetso e qalileng (mohlala, ha o hloka ho hlophisa phihlello ea faele bakeng sa faele ea hau. tšebeletso e se nang tokelo ntle le ho fetola litokelo tsa ho fihlella faeleng) .
  • Ho systemd-cryptenroll, ha u ngolisa linotlolo tse ncha, hoa khoneha ho notlolla likarolo tse patiloeng u sebelisa li-tokens tsa FIDO2 (-unlock-fido2-device) ntle le ho hloka phasewete. PIN khoutu e boletsoeng ke mosebelisi e bolokoa ka letsoai ho thatafatsa ho lemoha ha motho a le matla.
  • E ekelitsoe ReloadLimitIntervalSec le ReloadLimitBurst litlhophiso, hammoho le likhetho tsa mela ea taelo ea kernel (systemd.reload_limit_interval_sec le /systemd.reload_limit_burst) ho fokotsa matla a ts'ebetso ea morao-rao e qalang hape.
  • Bakeng sa li-unit, khetho ea "MemoryZSwapMax" e kentsoe ts'ebetsong ho lokisa thepa ea memory.zswap.max, e khethollang boholo ba boholo ba zswap.
  • Bakeng sa li-unit, khetho ea "LogFilterPatterns" e kentsoe ts'ebetsong, e leng se u lumellang hore u behe lipolelo tse tloaelehileng ho hloekisa tlhahiso ea tlhahisoleseding ho log (e ka sebelisoa ho kenyelletsa tlhahiso e itseng kapa ho boloka data e itseng feela).
  • Li-Scope units li se li tšehetsa "OOMPolicy" ho beha boitšoaro ha u leka ho thibela mohopolo ha mohopolo o le tlase (linako tsa ho kena li behiloe ho OOMPolicy=tsoela pele e le hore 'molai oa OOM a se ke a li felisa ka matla).
  • Ho hlalositsoe mofuta o mocha oa ts'ebeletso - "Mofuta=tsebisa-tsebisa hape", e leng ho eketsang mofuta oa "Mofuta=tsebiso" ka bokhoni ba ho emela hore lets'oao le qalang bocha le qetelle ho sebetsa (SIGHUP). Litšebeletso tsa systemd-networkd.service, systemd-udevd.service le systemd-logind li fetiselitsoe mofuteng o mocha.
  • udev e sebelisa leano le lecha la ho reha mabitso bakeng sa lisebelisoa tsa marang-rang, phapang ke hore bakeng sa lisebelisoa tsa USB tse sa tlamelletsoeng beseng ea PCI, ID_NET_NAME_PATH joale e se e behiloe ho netefatsa mabitso a hlakileng haholoanyane. '-=' opareitara e kentsoe tšebetsong bakeng sa SYMLINK tse feto-fetohang, e siea lihokelo tsa tšoantšetso li sa hlophisoa haeba molao oa ho li kenya o ne o hlalosoa pele.
  • Ho systemd-boot, phetisetso ea peo bakeng sa lijenereithara tsa linomoro tsa pseudo-random ka har'a kernel le bakeng sa disk backend e se e entsoe bocha. Ts'ehetso e ekelitsoeng ea ho kenya kernel eseng feela ho ESP (EFI System Partition), mohlala, ho tsoa ho firmware kapa ka kotloloho bakeng sa QEMU. Ho aroloa ha li-parameter tsa SMBIOS ho fanoa ho tseba hore na ho qala joang sebakeng sa virtualization. Mokhoa o mocha oa 'haeba o bolokehile' o kentsoe ts'ebetsong moo setifikeiti sa UEFI Secure Boot se laeloang ho tsoa ho ESP ha feela se nkuoa se bolokehile (se sebetsa ka mochini o sebetsang).
  • Sesebelisoa sa bootctl se sebelisa tlhahiso ea li-tokens tsa tsamaiso ho litsamaiso tsohle tsa EFI, ntle le libaka tsa virtualization. Litaelo tsa 'kernel-identify' le 'kernel-inspect' ho bonts'a mofuta oa setšoantšo sa kernel le tlhahisoleseding mabapi le khetho ea line ea taelo le kernel version, 'unlink' ho tlosa faele e amanang le mofuta oa pele oa lirekoto tsa boot, 'cleanup' ho tlosa tsohle. lifaele tse tsoang bukeng ea "entry-token" ho ESP le XBOOTLDR, e sa amaneng le mofuta oa pele oa lirekoto tsa boot. Phetoho ea mofuta oa KERNEL_INSTALL_CONF_ROOT e fanoe.
  • Taelo ea 'systemctl list-dependencies' e se e ts'ehetsa ts'ebetso ea likhetho tsa '--type' le '--state', 'me taelo ea' systemctl kexec 'e eketsa tšehetso bakeng sa tikoloho e ipapisitseng le Xen hypervisor.
  • Lifaeleng tsa .network karolong ea [DHCPv4], joale ho kentsoe tšehetso ea SocketPriority le QuickAck, RouteMetric=high|medium|tlase.
  • Likhetho tse kenyellelitsoeng tsa Systemd-repart "- kenyeletsa-partitions", "--exclude-partitions" le "--defer-partitions" ho sefa likarolo ka mofuta oa UUID, oo, mohlala, o o lumellang ho theha litšoantšo tseo karolo e le 'ngoe e leng ho tsona. e hahiloeng ho latela litaba tsa karohano e 'ngoe. Hape ho kenyelelitsoe khetho "--sector-size" ho hlakisa boholo ba lekala le sebelisitsoeng ha ho etsoa karohano. Ts'ehetso e ekelitsoeng bakeng sa tlhahiso ea lifaele tsa erofs. Setting ea Minimize e sebelisa ts'ebetso ea boleng bo "molemo" ho khetha boholo bo ka khonehang ba setšoantšo.
  • systemd-journal-remote e lumella tšebeliso ea MaxUse, KeepFree, MaxFileSize le MaxFiles litlhophiso ho fokotsa tšebeliso ea sebaka sa disk.
  • systemd-cryptsetup e eketsa ts'ehetso ea ho romella likopo tse sebetsang ho li-tokens tsa FIDO2 ho tseba boteng ba tsona pele ho netefatso.
  • Litekanyetso tse ncha tsa tpm2-measure-bank le tpm2-measure-pcr li kentsoe ho crypttab.
  • systemd-gpt-auto-generator e kenya lisebelisoa tsa likarolo tsa ESP le XBOOTLDR ka mekhoa ea "noexec,nosuid,nodev", hape e eketsa tlaleho ea rootfstype le rootflags parameters e fetang mola oa taelo oa kernel.
  • systemd-resolved e fana ka bokhoni ba ho lokisa liparamente tsa solver ka ho hlakisa mabitso a mabitso, domain, network.dns le network.search_domains likhetho moleng oa taelo oa kernel.
  • Taelo ea "systemd-analyze plot" joale e na le bokhoni ba ho hlahisa ka sebopeho sa JSON ha e hlakisa folakha ea "-json". Likhetho tse ncha "--tafole" le "-no-legend" le tsona li kentsoe ho laola tlhahiso.
  • Ka 2023, re rera ho felisa tšehetso ea lihlopha tsa v1 le lihlopha tsa lihlopha tse arohaneng (moo / usr e behiloeng ka thōko ho motso, kapa / bin le / usr / bin, / lib le / usr / lib li arohane).

Source: opennet.ru

Eketsa ka tlhaloso