ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa komphathi wenkqubo ye-242

Ukukhutshwa komphathi wenkqubo ye-242

[:en]

Emva kweenyanga ezimbini zophuhliso thaca ukukhululwa komphathi wenkqubo Inkqubo 242. Phakathi kwezinto ezintsha, sinokuqaphela inkxaso yeetonela ze-L2TP, ukukwazi ukulawula ukuziphatha kwe-systemd-logind ekuqaliseni kwakhona ngokusebenzisa izinto eziguquguqukayo zendalo, inkxaso yezahlulo ezandisiweyo ze-XBOOTLDR zokunyuka / ukuqala, ukukwazi ukuqalisa ngesahlulelo sengcambu kwi-overlayfs, kunye nenani elikhulu lemimiselo emitsha kwiintlobo ezahlukeneyo zeeyunithi.

Utshintsho oluphambili:

  • i-systemd-networkd ibonelela ngenkxaso yeetonela ze-L2TP;
  • I-sd-boot kunye ne-bootctl zibonelela ngenkxaso ye-XBOOTLDR (i-Extended Boot Loader) yezahlulo ezilungiselelwe ukuxhonywa kwi-/boot, ukongeza kwizahlulo ze-ESP ezixhonywe kwi/efi okanye /boot/efi. IiKernels, iisetingi, initrd kunye nemifanekiso ye-EFI ngoku zinokuqalwa kuzo zombini i-ESP kunye ne-XBOOTLDR izahlulo. Olu tshintsho lukuvumela ukuba usebenzise i-sd-boot bootloader kwiimeko ezininzi ezigcinayo, xa isilayidi sokuqala sikwi-ESP, kwaye iikernels ezilayishiweyo kunye nemetadata ehambelana nazo zibekwe kwicandelo elahlukileyo;
  • Yongeza isakhono sokuqalisa nge "systemd.volatile=overlay" ukhetho olugqithiselwe kwi kernel, ekuvumela ukuba ubeke isahlulelo sengcambu kwi overlayfs kwaye ulungelelanise umsebenzi phezu komfanekiso wokufunda kuphela wolawulo lweengcambu kunye notshintsho olubhaliweyo kwi Uluhlu olwahlukileyo kwi-tmpfs (utshintsho kolu lungelelwaniso luyalahleka emva kokuqalisa ngokutsha) . Ngothelekiso, i-systemd-nspawn yongeze i-“--volatile=overlay” ukhetho lokusebenzisa ukusebenza okufanayo kwizikhongozeli;
  • i-systemd-nspawn yongeze i-"--oci-bundle" ukhetho lokuvumela ukusetyenziswa kweenyanda zexesha lokuqhuba ukubonelela ngokundululwa okukodwa kwezikhongozeli ezithobelana nenkcazo ye-Open Container Initiative (OCI). Ukusetyenziswa kumgca womyalelo kunye neeyunithi ze-nspawn, inkxaso yeenketho ezahlukeneyo ezichazwe kwinkcazo ye-OCI iyacetywa, umzekelo, ukhetho "-- olungafikelelekiyo" kunye "nolungenakufikeleleka" lunokusetyenziswa ukukhuphela ngaphandle iindawo zesixokelelwano sefayile, kunye ne " --console” iinketho zongezwe ukuqwalasela imijelo yemveliso eqhelekileyo kunye ne "-pipe";
  • Kongezwe ukukwazi ukulawula ukuziphatha kwe-systemd-logind ngokusebenzisa izinto eziguquguqukayo zemekobume: $SYSTEMD_REBOOT_ TO_FIRMWARE_SETUP,
    $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU kunye
    $SYSTEMD_REBOOT_ TO_BOOT_LOADER_ENTRY. Usebenzisa ezi ziguquguqukayo, ungaqhagamshela eyakho inkqubo yokuqalisa ngokutsha abaphathi (/ run/systemd/reboot-to-firmware-setup, /run/systemd/reboot-to-boot-loader-menu kwaye
    /run/systemd/reboot-to-boot-loader-entry) okanye uzikhubaze ngokupheleleyo (ukuba ixabiso limiselwe kubuxoki);

  • Iinketho ezongeziweyo "-boot-load-menu=" kunye
    “—boot-loader-entry=”, ikuvumela ukuba ukhethe into ethile yemenyu yokuqalisa okanye indlela yokuqalisa emva kokuba uqalise;

  • Yongeza umyalelo omtsha webhokisi yesanti "RestrictSUIDSGID=", esebenzisa i-seccomp ukuthintela ukuyilwa kweefayile ezineflegi zeSUID/SGID;
  • Kuqinisekiswe ukuba izithintelo ze-“NoNewPrivileges” kunye ne-“RestrictSUIDSGID” zisetyenziswa ngokungagqibekanga kwiinkonzo ezinendlela yokuvelisa i-ID yomsebenzisi (“DynamicUser” yenziwe yasebenza);
  • Ukumisela okumiselweyo kwe-MACAddressPolicy=persistent setting kwi-.link iifayile zitshintshiwe ukuze zigqume izixhobo ezingakumbi. Ujongano lweebhulorho zothungelwano, itonela (i-tun, itephu) kunye namakhonkco adityanisiweyo (ibhondi) awazichazi ngaphandle kwegama lojongano lwenethiwekhi, ngoko eli gama ngoku lisetyenziswa njengesiseko sokubopha idilesi ye-MAC kunye ne-IPv4. Ukongezelela, i-"MACAddressPolicy=random" isethingi yongeziwe, engasetyenziselwa ukubopha iidilesi ze-MAC kunye ne-IPv4 kwizixhobo ngokulandelelana okungahleliwe;
  • Iifayile zeyunithi ".device" ezenziwe nge-systemd-fstab-generator azisaquki ".mount" engqinelanayo iiyunithi njengabaxhomekeke kwicandelo "Wants=". Ukuplaga nje isixhobo akusaqalisi ngokuzenzekelayo iyunithi ukunyuswa, kodwa iiyunithi ezinjalo zinokusungulwa ngenxa yezinye izizathu, njengenxalenye ye local-fs.target okanye njengokuxhomekeka kwezinye iiyunithi ezixhomekeke kwi local-fs.target. ;
  • Inkxaso eyongeziweyo yeemaski (“*”, njl.
  • Utshintsho lwemeko-bume ye-$PIDFILE ngoku lusetwa kusetyenziswa indlela epheleleyo eqwalaselwe kwiinkonzo nge-"PIDFile=;" iparameter.
  • Iiseva zikawonke-wonke ze-Cloudflare (1.1.1.1) zongezwe kwinani le-backup DNS servers ezisetyenzisiweyo ukuba i-DNS ephambili ayichazwanga ngokucacileyo. Ukuchaza ngokutsha uluhlu lweeseva ze-DNS zogcino, ungasebenzisa "-Ddns-servers=" ukhetho;
  • Xa ufumanisa ubukho boMlawuli weDivaysi ye-USB, i-usb-gadget.target handler entsha iqaliswa ngokuzenzekelayo (xa inkqubo isebenza kwisixhobo seperipheral ye-USB);
  • Kwiifayile zeyunithi, ukusetwa kwe-"CPUQuotaPeriodSec=" kuphunyeziwe, okumisela ixesha elihambelana nenani lexesha le-CPU elilinganiswe ngalo, libekwe nge-"CPUQuota=" setting;
  • Kwiifayile zeyunithi, useto lwe-“ProtectHostname=” luphunyeziwe, oluthintela iinkonzo ekutshintsheni ulwazi malunga negama lomninimzi, nokuba zineemvume ezifanelekileyo;
  • Kwiifayile zeyunithi, isicwangciso se-"NetworkNamespacePath=" siphunyeziwe, esikuvumela ukuba ubophe indawo yegama kwiinkonzo okanye iiyunithi zesokhethi ngokukhankanya indlela eya kwifayile yendawo yegama kwi-pseudo-FS /proc;
  • Kongezwe ukukwazi ukukhubaza ukutshintshwa kwezinto eziguquguqukayo zemeko-bume kwiinkqubo eziqaliswe kusetyenziswa i-“ExecStart=” isicwangciso ngokongeza “:” uphawu phambi komyalelo wokuqala;
  • Izibali-xesha (iiyunithi zexesha) iiflegi ezintsha "OnClockChange=" kunye
    “OnTimezoneChange=", onokulawula ngayo umnxeba weyunithi xa ixesha lenkqubo okanye ummandla wexesha utshintsha;

  • Iisetingi ezitsha zongeziweyo "ConditionMemory=" kunye ne "ConditionCPUs=", emisela iimeko zokufowunela iyunithi ngokuxhomekeke kubungakanani bememori kunye nenani lee-CPU cores (umzekelo, inkonzo enzima kakhulu inokuqaliswa kuphela ukuba inani elifunekayo RAM iyafumaneka);
  • Kongezwe iyunithi entsha yexesha-set.target eyamkela ixesha lenkqubo emiselweyo yendawo, ngaphandle kokusebenzisa uxolelwaniso kunye nabancedisi bexesha langaphandle usebenzisa iyunithi yexesha-sync.target. Iyunithi entsha ingasetyenziswa ngeenkonzo ezifuna ukuchaneka kweewotshi zengingqi ezingahambelaniyo;
  • Inketho ethi "--show-transaction" yongezwe kwi-"systemctl start" kunye nemiyalelo efanayo, xa icacisiwe, isishwankathelo sayo yonke imisebenzi eyongezwe kumgca ngenxa yokusebenza okuceliwe kuyaboniswa;
  • i-systemd-networkd isebenzisa inkcazo yelizwe elitsha 'elikhobokileyo', elisetyenziswa endaweni 'yokuthotywa' okanye 'umphathiswa' wojongano lwenethiwekhi oluyinxalenye yoqhakamshelwano oludityanisiweyo okanye iibhulorho zothungelwano. Ujongano oluphambili, kwimeko yeengxaki kwelinye lamakhonkco adibeneyo, 'i-degraded-carrier state' yongezwe;
  • Kongezwe "IgnoreCarrierLoss=" ukhetho kwi-.network units ukugcina useto lwenethiwekhi kwimeko yokulahleka koqhagamshelwano;
  • Ngokusebenzisa i-“RequiredForOnline=” isetingi kwiiyunithi zenethiwekhi, ngoku unokuseta ubuncinci bemeko yekhonkco eyamkelekileyo efunekayo ukudlulisela ujongano lwenethiwekhi “kwi-intanethi” kwaye uqalise isibambi se-systemd-networkd-wait-online;
  • Yongeza i "--nayiphi" ukhetho kwi-systemd-networkd-wait-online ukulinda ukulungela kwalo naluphi na udibaniso lwenethiwekhi oluchaziweyo endaweni yazo zonke, kunye no "--operational-state=" ukhetho lokumisela ubume be. ikhonkco elibonisa ukulungela;
  • Kongezwe i-“UseAutonomousPrefix=” kunye ne-“UseOnLinkPrefix=” useto kwi-.network units, ezinokusetyenziswa ukungahoyi izimaphambili xa ufumana
    isibhengezo esivela kwi-IPv6 router (i-RA, iNtengiso ye-Router);

  • Kwiiyunithi zenethiwekhi, i-“MulticastFlood=”, “NeighborSuppression=” kunye ne-“Learning=” izicwangciso zongezwe ukutshintsha iiparamitha zokusebenza zebhulorho yothungelwano, kunye ne “TripleSampling=” ukuseta ukutshintsha imo ye-TRIPLE-SAMPLING. ye-CAN ujongano lwenyani;
  • Izicwangciso ze-“PrivateKeyFile=” kunye ne-“PresharedKeyFile=” zongezwe kwiiyunithi ze-.netdev, onokuthi ngazo uchaze izitshixo zabucala nezabelwana ngazo (PSK) zeWireGuard VPN ujongano;
  • Yongezwa i-cpu-crypt efanayo kunye nokungenisa-ukusuka-ukusuka-i-crypt-cpus iinketho ukuya /etc/crypttab, elawula ukuziphatha komcwangcisi xa ufuduka umsebenzi onxulumene ne-encryption phakathi kwe-CPU cores;
  • I-systemd-tmpfiles ibonelela ngokulungiswa kwefayile yokutshixa phambi kokwenza imisebenzi kubalawuli abaneefayile zexeshana, ekuvumela ukuba uvale umsebenzi ekucoceni iifayile eziphelelwe lixesha kangangexesha lezenzo ezithile (umzekelo, xa ukhulula ugcino lwetar kwi/tmp, iifayile ezindala kakhulu ivuliwe engenakususwa phambi kokuphela kwesenzo kunye nabo);
  • Umyalelo othi "systemd-analyze cat-config" unika amandla okuhlalutya ulungelelwaniso olwahlulwe kwiifayile ezininzi, umzekelo, ukusetha kwangaphambili komsebenzisi kunye nenkqubo, imixholo ye-tmpfiles.d kunye ne-sysusers.d, imithetho ye-udev, njl.
  • Yongezwe "--cursor-file=" ukhetho kwi "journalctl" ukukhankanya ifayile yokulayisha nokugcina isalathisi sendawo;
  • Inkcazo eyongeziweyo ye-ACRN hypervisor kunye ne-WSL subsystem (I-Windows Subsystem ye-Linux) ukuya kwi-systemd-detect-virt ye-branching elandelayo usebenzisa umqhubi wemeko "ConditionVirtualization";
  • Ngexesha lofakelo lwe-systemd (xa uphumeza "ufakelo lwe-ninja"), ukwenziwa koqhagamshelo lomfuziselo kwiifayile systemd-networkd.service, systemd-networkd.socket,
    systemd-resolved.service, remote-cryptsetup.target, remote-fs.target,
    i-systemd-networkd-wait-online.service kunye ne-systemd-timesyncd.service. Ukwenza ezi fayile, ngoku kufuneka usebenzise umyalelo othi "systemctl preset-all".

Umthomboopennet.ru

[: zu]

Emva kweenyanga ezimbini zophuhliso thaca ukukhululwa komphathi wenkqubo Inkqubo 242. Phakathi kwezinto ezintsha, sinokuqaphela inkxaso yeetonela ze-L2TP, ukukwazi ukulawula ukuziphatha kwe-systemd-logind ekuqaliseni kwakhona ngokusebenzisa izinto eziguquguqukayo zendalo, inkxaso yezahlulo ezandisiweyo ze-XBOOTLDR zokunyuka / ukuqala, ukukwazi ukuqalisa ngesahlulelo sengcambu kwi-overlayfs, kunye nenani elikhulu lemimiselo emitsha kwiintlobo ezahlukeneyo zeeyunithi.

Utshintsho oluphambili:

  • i-systemd-networkd ibonelela ngenkxaso yeetonela ze-L2TP;
  • I-sd-boot kunye ne-bootctl zibonelela ngenkxaso ye-XBOOTLDR (i-Extended Boot Loader) yezahlulo ezilungiselelwe ukuxhonywa kwi-/boot, ukongeza kwizahlulo ze-ESP ezixhonywe kwi/efi okanye /boot/efi. IiKernels, iisetingi, initrd kunye nemifanekiso ye-EFI ngoku zinokuqalwa kuzo zombini i-ESP kunye ne-XBOOTLDR izahlulo. Olu tshintsho lukuvumela ukuba usebenzise i-sd-boot bootloader kwiimeko ezininzi ezigcinayo, xa isilayidi sokuqala sikwi-ESP, kwaye iikernels ezilayishiweyo kunye nemetadata ehambelana nazo zibekwe kwicandelo elahlukileyo;
  • Yongeza isakhono sokuqalisa nge "systemd.volatile=overlay" ukhetho olugqithiselwe kwi kernel, ekuvumela ukuba ubeke isahlulelo sengcambu kwi overlayfs kwaye ulungelelanise umsebenzi phezu komfanekiso wokufunda kuphela wolawulo lweengcambu kunye notshintsho olubhaliweyo kwi Uluhlu olwahlukileyo kwi-tmpfs (utshintsho kolu lungelelwaniso luyalahleka emva kokuqalisa ngokutsha) . Ngothelekiso, i-systemd-nspawn yongeze i-“--volatile=overlay” ukhetho lokusebenzisa ukusebenza okufanayo kwizikhongozeli;
  • i-systemd-nspawn yongeze i-"--oci-bundle" ukhetho lokuvumela ukusetyenziswa kweenyanda zexesha lokuqhuba ukubonelela ngokundululwa okukodwa kwezikhongozeli ezithobelana nenkcazo ye-Open Container Initiative (OCI). Ukusetyenziswa kumgca womyalelo kunye neeyunithi ze-nspawn, inkxaso yeenketho ezahlukeneyo ezichazwe kwinkcazo ye-OCI iyacetywa, umzekelo, ukhetho "-- olungafikelelekiyo" kunye "nolungenakufikeleleka" lunokusetyenziswa ukukhuphela ngaphandle iindawo zesixokelelwano sefayile, kunye ne " --console” iinketho zongezwe ukuqwalasela imijelo yemveliso eqhelekileyo kunye ne "-pipe";
  • Kongezwe ukukwazi ukulawula ukuziphatha kwe-systemd-logind ngokusebenzisa izinto eziguquguqukayo zemekobume: $SYSTEMD_REBOOT_ TO_FIRMWARE_SETUP,
    $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU kunye
    $SYSTEMD_REBOOT_ TO_BOOT_LOADER_ENTRY. Usebenzisa ezi ziguquguqukayo, ungaqhagamshela eyakho inkqubo yokuqalisa ngokutsha abaphathi (/ run/systemd/reboot-to-firmware-setup, /run/systemd/reboot-to-boot-loader-menu kwaye
    /run/systemd/reboot-to-boot-loader-entry) okanye uzikhubaze ngokupheleleyo (ukuba ixabiso limiselwe kubuxoki);

  • Iinketho ezongeziweyo "-boot-load-menu=" kunye
    “—boot-loader-entry=”, ikuvumela ukuba ukhethe into ethile yemenyu yokuqalisa okanye indlela yokuqalisa emva kokuba uqalise;

  • Yongeza umyalelo omtsha webhokisi yesanti "RestrictSUIDSGID=", esebenzisa i-seccomp ukuthintela ukuyilwa kweefayile ezineflegi zeSUID/SGID;
  • Kuqinisekiswe ukuba izithintelo ze-“NoNewPrivileges” kunye ne-“RestrictSUIDSGID” zisetyenziswa ngokungagqibekanga kwiinkonzo ezinendlela yokuvelisa i-ID yomsebenzisi (“DynamicUser” yenziwe yasebenza);
  • Ukumisela okumiselweyo kwe-MACAddressPolicy=persistent setting kwi-.link iifayile zitshintshiwe ukuze zigqume izixhobo ezingakumbi. Ujongano lweebhulorho zothungelwano, itonela (i-tun, itephu) kunye namakhonkco adityanisiweyo (ibhondi) awazichazi ngaphandle kwegama lojongano lwenethiwekhi, ngoko eli gama ngoku lisetyenziswa njengesiseko sokubopha idilesi ye-MAC kunye ne-IPv4. Ukongezelela, i-"MACAddressPolicy=random" isethingi yongeziwe, engasetyenziselwa ukubopha iidilesi ze-MAC kunye ne-IPv4 kwizixhobo ngokulandelelana okungahleliwe;
  • Iifayile zeyunithi ".device" ezenziwe nge-systemd-fstab-generator azisaquki ".mount" engqinelanayo iiyunithi njengabaxhomekeke kwicandelo "Wants=". Ukuplaga nje isixhobo akusaqalisi ngokuzenzekelayo iyunithi ukunyuswa, kodwa iiyunithi ezinjalo zinokusungulwa ngenxa yezinye izizathu, njengenxalenye ye local-fs.target okanye njengokuxhomekeka kwezinye iiyunithi ezixhomekeke kwi local-fs.target. ;
  • Inkxaso eyongeziweyo yeemaski (“*”, njl.
  • Utshintsho lwemeko-bume ye-$PIDFILE ngoku lusetwa kusetyenziswa indlela epheleleyo eqwalaselwe kwiinkonzo nge-"PIDFile=;" iparameter.
  • Iiseva zikawonke-wonke ze-Cloudflare (1.1.1.1) zongezwe kwinani le-backup DNS servers ezisetyenzisiweyo ukuba i-DNS ephambili ayichazwanga ngokucacileyo. Ukuchaza ngokutsha uluhlu lweeseva ze-DNS zogcino, ungasebenzisa "-Ddns-servers=" ukhetho;
  • Xa ufumanisa ubukho boMlawuli weDivaysi ye-USB, i-usb-gadget.target handler entsha iqaliswa ngokuzenzekelayo (xa inkqubo isebenza kwisixhobo seperipheral ye-USB);
  • Kwiifayile zeyunithi, ukusetwa kwe-"CPUQuotaPeriodSec=" kuphunyeziwe, okumisela ixesha elihambelana nenani lexesha le-CPU elilinganiswe ngalo, libekwe nge-"CPUQuota=" setting;
  • Kwiifayile zeyunithi, useto lwe-“ProtectHostname=” luphunyeziwe, oluthintela iinkonzo ekutshintsheni ulwazi malunga negama lomninimzi, nokuba zineemvume ezifanelekileyo;
  • Kwiifayile zeyunithi, isicwangciso se-"NetworkNamespacePath=" siphunyeziwe, esikuvumela ukuba ubophe indawo yegama kwiinkonzo okanye iiyunithi zesokhethi ngokukhankanya indlela eya kwifayile yendawo yegama kwi-pseudo-FS /proc;
  • Kongezwe ukukwazi ukukhubaza ukutshintshwa kwezinto eziguquguqukayo zemeko-bume kwiinkqubo eziqaliswe kusetyenziswa i-“ExecStart=” isicwangciso ngokongeza “:” uphawu phambi komyalelo wokuqala;
  • Izibali-xesha (iiyunithi zexesha) iiflegi ezintsha "OnClockChange=" kunye
    “OnTimezoneChange=", onokulawula ngayo umnxeba weyunithi xa ixesha lenkqubo okanye ummandla wexesha utshintsha;

  • Iisetingi ezitsha zongeziweyo "ConditionMemory=" kunye ne "ConditionCPUs=", emisela iimeko zokufowunela iyunithi ngokuxhomekeke kubungakanani bememori kunye nenani lee-CPU cores (umzekelo, inkonzo enzima kakhulu inokuqaliswa kuphela ukuba inani elifunekayo RAM iyafumaneka);
  • Kongezwe iyunithi entsha yexesha-set.target eyamkela ixesha lenkqubo emiselweyo yendawo, ngaphandle kokusebenzisa uxolelwaniso kunye nabancedisi bexesha langaphandle usebenzisa iyunithi yexesha-sync.target. Iyunithi entsha ingasetyenziswa ngeenkonzo ezifuna ukuchaneka kweewotshi zengingqi ezingahambelaniyo;
  • Inketho ethi "--show-transaction" yongezwe kwi-"systemctl start" kunye nemiyalelo efanayo, xa icacisiwe, isishwankathelo sayo yonke imisebenzi eyongezwe kumgca ngenxa yokusebenza okuceliwe kuyaboniswa;
  • i-systemd-networkd isebenzisa inkcazo yelizwe elitsha 'elikhobokileyo', elisetyenziswa endaweni 'yokuthotywa' okanye 'umphathiswa' wojongano lwenethiwekhi oluyinxalenye yoqhakamshelwano oludityanisiweyo okanye iibhulorho zothungelwano. Ujongano oluphambili, kwimeko yeengxaki kwelinye lamakhonkco adibeneyo, 'i-degraded-carrier state' yongezwe;
  • Kongezwe "IgnoreCarrierLoss=" ukhetho kwi-.network units ukugcina useto lwenethiwekhi kwimeko yokulahleka koqhagamshelwano;
  • Ngokusebenzisa i-“RequiredForOnline=” isetingi kwiiyunithi zenethiwekhi, ngoku unokuseta ubuncinci bemeko yekhonkco eyamkelekileyo efunekayo ukudlulisela ujongano lwenethiwekhi “kwi-intanethi” kwaye uqalise isibambi se-systemd-networkd-wait-online;
  • Yongeza i "--nayiphi" ukhetho kwi-systemd-networkd-wait-online ukulinda ukulungela kwalo naluphi na udibaniso lwenethiwekhi oluchaziweyo endaweni yazo zonke, kunye no "--operational-state=" ukhetho lokumisela ubume be. ikhonkco elibonisa ukulungela;
  • Kongezwe i-“UseAutonomousPrefix=” kunye ne-“UseOnLinkPrefix=” useto kwi-.network units, ezinokusetyenziswa ukungahoyi izimaphambili xa ufumana
    isibhengezo esivela kwi-IPv6 router (i-RA, iNtengiso ye-Router);

  • Kwiiyunithi zenethiwekhi, i-“MulticastFlood=”, “NeighborSuppression=” kunye ne-“Learning=” izicwangciso zongezwe ukutshintsha iiparamitha zokusebenza zebhulorho yothungelwano, kunye ne “TripleSampling=” ukuseta ukutshintsha imo ye-TRIPLE-SAMPLING. ye-CAN ujongano lwenyani;
  • Izicwangciso ze-“PrivateKeyFile=” kunye ne-“PresharedKeyFile=” zongezwe kwiiyunithi ze-.netdev, onokuthi ngazo uchaze izitshixo zabucala nezabelwana ngazo (PSK) zeWireGuard VPN ujongano;
  • Yongezwa i-cpu-crypt efanayo kunye nokungenisa-ukusuka-ukusuka-i-crypt-cpus iinketho ukuya /etc/crypttab, elawula ukuziphatha komcwangcisi xa ufuduka umsebenzi onxulumene ne-encryption phakathi kwe-CPU cores;
  • I-systemd-tmpfiles ibonelela ngokulungiswa kwefayile yokutshixa phambi kokwenza imisebenzi kubalawuli abaneefayile zexeshana, ekuvumela ukuba uvale umsebenzi ekucoceni iifayile eziphelelwe lixesha kangangexesha lezenzo ezithile (umzekelo, xa ukhulula ugcino lwetar kwi/tmp, iifayile ezindala kakhulu ivuliwe engenakususwa phambi kokuphela kwesenzo kunye nabo);
  • Umyalelo othi "systemd-analyze cat-config" unika amandla okuhlalutya ulungelelwaniso olwahlulwe kwiifayile ezininzi, umzekelo, ukusetha kwangaphambili komsebenzisi kunye nenkqubo, imixholo ye-tmpfiles.d kunye ne-sysusers.d, imithetho ye-udev, njl.
  • Yongezwe "--cursor-file=" ukhetho kwi "journalctl" ukukhankanya ifayile yokulayisha nokugcina isalathisi sendawo;
  • Inkcazo eyongeziweyo ye-ACRN hypervisor kunye ne-WSL subsystem (I-Windows Subsystem ye-Linux) ukuya kwi-systemd-detect-virt ye-branching elandelayo usebenzisa umqhubi wemeko "ConditionVirtualization";
  • Ngexesha lofakelo lwe-systemd (xa uphumeza "ufakelo lwe-ninja"), ukwenziwa koqhagamshelo lomfuziselo kwiifayile systemd-networkd.service, systemd-networkd.socket,
    systemd-resolved.service, remote-cryptsetup.target, remote-fs.target,
    i-systemd-networkd-wait-online.service kunye ne-systemd-timesyncd.service. Ukwenza ezi fayile, ngoku kufuneka usebenzise umyalelo othi "systemctl preset-all".

umthombo: opennet.ru

[:]

Yongeza izimvo