ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa komphathi wenkqubo ye-253

Ukukhutshwa komphathi wenkqubo ye-253

Emva kweenyanga ezintathu ezinesiqingatha zophuhliso, ukukhululwa komphathi wenkqubo systemd 253 kwaboniswa.

Phakathi kotshintsho kukhupho olutsha:

  • Iphakheji iquka into eluncedo ye 'ukify', eyilelwe ukwakha, ukuqinisekisa kunye nokwenza utyikityo lwemifanekiso yekernel edityanisiweyo (UKI, Umfanekiso weKernel eManyeneyo), ukudibanisa isiphathi sokulayisha ikernel kwi-UEFI (UEFI boot stub), umfanekiso we-Linux kernel kunye inkqubo yendawo engqongileyo ilayishwe kwinkumbulo initrd, esetyenziselwa uqalo lokuqala kwinqanaba phambi kokunyuswa kwendlela yefayile yengcambu. Into eluncedo ithatha indawo yokusebenza ebinikwe ngaphambili ngumyalelo we 'dracut -uefi' kwaye iwuzalise ngezakhono zokubala ngokuzenzekelayo ii-offsets kwiifayile ze-PE, ukudibanisa ii-initrds, ukusayina imifanekiso yekernel elungisiweyo, ukwenza imifanekiso edityanisiweyo nge-sbsign, i-heuristics yokumisela i-kernel uname, ukujonga umfanekiso onesikrini sokutshiza kunye nokongeza imigaqo-nkqubo yePCR esayiniweyo eveliswe yinto eluncedo yomlinganiselo we-systemd.
  • Inkxaso eyongeziweyo yeemeko-bume ze-initrd ezingakhawulelwanga kukubekwa kwememori, apho kusetyenziswa ulwakhiwo olungaphezulu endaweni yee-tmpfs. Kwiimeko-bume ezinjalo, i-systemd ayicimi zonke iifayile kwi-initrd emva kokutshintsha indlela yefayile yengcambu.
  • Iparamitha "I-OpenFile" yongezwe kwiinkonzo zokuvula iifayile ezingenasizathu kwisixokelelwano sefayile (okanye ukudibanisa kwiisokethi ze-Unix) kwaye ugqithise iinkcazelo zefayile ezinxulumeneyo kwinkqubo eyasungulwa (umzekelo, xa ufuna ukulungelelanisa ufikelelo kwifayile inkonzo engafanelekanga ngaphandle kokutshintsha amalungelo okufikelela kwifayile) .
  • Kwi-systemd-cryptenroll, xa ubhalisa izitshixo ezitsha, kuyenzeka ukuba uvule izahlulo ezifihliweyo usebenzisa i-FIDO2 tokens (-unlock-fido2-device) ngaphandle kokufuna igama eliyimfihlo. Ikhowudi ye-PIN echazwe ngumsebenzisi igcinwa ngetyuwa ukwenza nzima ukubhaqwa kwe-brute-force.
  • I-ReloadLimitIntervalSec eyongeziweyo kunye ne-ReloadLimitBurst izicwangciso, kunye neenketho zomyalelo we-kernel (systemd.reload_limit_interval_sec kunye /systemd.reload_limit_burst) ukunciphisa ubunzulu benkqubo yangasemva iphinda iqale.
  • Kwiiyunithi, ukhetho lwe "MemoryZSwapMax" luphunyeziwe ukuqwalasela ipropathi ye-memory.zswap.max, emisela ubukhulu be-zswap.
  • Kwiiyunithi, ukhetho lwe "LogFilterPatterns" luphunyeziwe, olukuvumela ukuba usete iintetho eziqhelekileyo zokucoca imveliso yolwazi kwilogi (inokusetyenziswa ukungabandakanyi imveliso ethile okanye ukugcina idatha ethile kuphela).
  • Iiyunithi zoMda ngoku zixhasa i-“OOMPolicy” ukuseta indlela yokuziphatha xa uzama uku-preempt xa inkumbulo iphantsi (iiseshoni zokungena zisetelwe ku-OOMPolicy=qhubeka ukuze umbulali we-OOM angazicimi ngenkani).
  • Kuchaziwe uhlobo olutsha lwenkonzo - “Type=notify-reload”, eyandisa uhlobo lwe-“Type=notify” ngokukwazi ukulinda umqondiso wokuqalisa ngokutsha ukugqibezela ukusetyenzwa (SIGHUP). Iinkonzo ze-systemd-networkd.service, systemd-udevd.service kunye ne-systemd-logind zitshintshelwe kolu hlobo lutsha.
  • i-udev isebenzisa iskimu esitsha samagama sezixhobo zenethiwekhi, umahluko kukuba kwizixhobo ze-USB ezingabotshwanga kwibhasi yePCI, i-ID_NET_NAME_PATH ngoku isetilwe ukuqinisekisa amagama anokuxelwa kwangaphambili. Umsebenzisi '-=' uphunyeziwe kwiSYMLINK iinguqu, eshiya amakhonkco omfuziselo engamiselwanga ukuba umthetho wokongeza ubuchaziwe ngaphambili.
  • Kwi-systemd-boot, ukuhanjiswa kwembewu yepseudo-random number generators kwi kernel nakwi disk backend iye yaphinda yasebenza. Inkxaso eyongeziweyo yokulayisha i-kernel kungekhona kuphela kwi-ESP (i-EFI System Partition), umzekelo, ukusuka kwi-firmware okanye ngqo kwi-QEMU. Ukwahlulwahlulwa kweeparamitha ze-SMBIOS kubonelelwe ukumisela uqalo kwindawo yokubona. Indlela entsha 'ukuba-ekhuselekileyo' iphunyeziwe apho isatifikethi se-UEFI Secure Boot silayishwa ukusuka kwi-ESP kuphela ukuba sithathwa njengekhuselekile (isebenza kumatshini wenyani).
  • Isixhobo se-bootctl siphumeza ukuveliswa kwamathokheni enkqubo kuzo zonke iinkqubo ze-EFI, ngaphandle kweemeko ezingqongileyo. Eyongeziweyo 'i-kernel-chonga' kunye nemiyalelo 'ye-kernel-hlola' ukubonisa uhlobo lomfanekiso we-kernel kunye nolwazi malunga neenketho zelayini yomyalelo kunye noguqulelo lwe-kernel, 'ukunganxulumanisi' ukususa ifayile ehambelana nohlobo lokuqala lweerekhodi zesiqalo, 'coca' ukususa zonke. iifayile ezivela kwi "entry-token" directory kwi-ESP kunye ne-XBOOTLDR, engadityaniswanga nohlobo lokuqala lweerekhodi zesiqalo. Ukuqhubekeka koguqulo lwe-KERNEL_INSTALL_CONF_ROOT lunikiwe.
  • Umyalelo we 'systemctl list-dependencies' ngoku uxhasa ukuqhubekekiswa ko '--uhlobo' kunye '---state' iinketho, kunye nomyalelo we-'systemctl kexec' wongeza inkxaso yeemeko-bume ezisekwe kwi-Xen hypervisor.
  • Kwiifayile zothungelwano kwicandelo [DHCPv4], inkxaso ye-SocketPriority kunye ne-QuickAck, i-RouteMetric=high|medium|iinketho ezisezantsi zongeziwe ngoku.
  • I-Systemd-repart-partitions ezongeziweyo "--include-partitions", "--exclude-partitions" kunye "--defer-partitions" ukucoca izahlulo ngohlobo lwe-UUID, ethi, umzekelo, ikuvumela ukuba wakhe imifanekiso apho isahlulelo esinye sikhona. yakhiwe ngokusekelwe kwimixholo yesinye isahlulelo. Kwakhona kongezwe ukhetho "--isayizi yecandelo" ukucacisa ubungakanani becandelo elisetyenzisiweyo xa kusenziwa isahlulelo. Inkxaso eyongeziweyo yokwenziwa kweefayile zeerofs. I-Nciphisa isethingi iphumeza ukusetyenzwa kwexabiso "elilungileyo" ukukhetha ubuncinci besayizi yomfanekiso onokwenzeka.
  • i-systemd-journal-remote ivumela ukusetyenziswa kwe-MaxUse, KeepFree, MaxFileSize kunye ne-MaxFiles izicwangciso zokunciphisa ukusetyenziswa kwendawo kwidisk.
  • i-systemd-cryptsetup yongeza inkxaso yokuthumela izicelo ezisebenzayo kwi-FIDO2 iithokheni ukumisela ubukho bazo phambi koqinisekiso.
  • Iiparamitha ezintsha ze-tpm2-measure-bank kunye ne-tpm2-measure-pcr zongezwe kwi-crypttab.
  • i-systemd-gpt-auto-generator iphumeza ukunyuswa kwe-ESP kunye ne-XBOOTLDR izahlulo kwiindlela ze-“noexec,nosuid,nodev”, kwaye yongeza ubalo lwe-rootfstype kunye neeparamitha ze-rootflags ezigqithwe kumgca womyalelo we-kernel.
  • i-systemd-isonjululwe inika isakhono sokuqwalasela iparameters zokusombulula ngokuchaza i-nameserver, i-domain, network.dns kunye ne-network.search_domains iinketho kumgca womyalelo we-kernel.
  • Umyalelo "we-systemd-analyze plot" ngoku unamandla okuvelisa kwifomathi ye-JSON xa uchaza iflegi "-json". Iinketho ezintsha "--itheyibhile" kunye "-akukho-legend" nazo zongezelelwe ukulawula iziphumo.
  • Ngo-2023, siceba ukuphelisa inkxaso yee-cgroups v1 kunye noluhlu lwe-directory hierarchies (apho / usr ifakwe ngokwahlukileyo kwingcambu, okanye / bin kunye / usr / bin, / lib kunye / usr / lib bahlulwe).

umthombo: opennet.ru

Yongeza izimvo