ProHoster > Блог > izindaba ze-inthanethi > Isiphathi sesistimu i-systemd 260 siyatholakala

Isiphathi sesistimu i-systemd 260 siyatholakala

Ngemva kwezinyanga ezintathu zokuthuthukiswa, i-system manager systemd 260 isiyatholakala manje. Izinguquko ezibalulekile zifaka: ukususwa kwezikripthi zesevisi ye-System V, indlela "ye-mstack" yokubhala amazinga okukhweza anezingqimba eziningi, umbuso we-systemd-report, ukusekelwa kokuhlanganiswa kwe-systemd-networkd ne-ModemManager, ukusekelwa kwezinsizakalo eziphathekayo ezichazwe ngumsebenzisi, kanye nokwethulwa kwe-"xaccess" ku-systemd-logind kanye ne-systemd-udevd.

Phakathi kwezinguquko ekukhishweni okusha:

  • Ukusekelwa kwezikripthi zesevisi yeSistimu V kuyekiwe, kanti izingxenye ze-rc-local.service, i-systemd-sysv-install, i-systemd-rc-local-generator, kanye ne-systemd-sysv-generator ziyekiwe.
  • Indlela "ye-mstack" (Mount Stack) isiqalisiwe. Ivumela iziqondisi ezinesijobelelo ".mstack/" ukwakha uhlu lweziqondisi oluhlanganisiwe, oludalwe ngokufaka nokuhlanganisa izithombe zediski nezingxenye zesistimu yamafayela kusetshenziswa i-OverlayFS kanye ne-"mount --bind." Umyalo we-systemd-mstack, inketho "--mstack" ku-systemd-nspawn, kanye nepharamitha ye-RootMStack kumayunithi kungeziwe. Lokhu kungasetshenziswa ukufaka nokukhipha zonke izakhi ezichazwe ekucushweni kwe-".mstack" ngesikhathi esisodwa, isibonelo, ukuphinda kudale isithombe sesitsha ngokushesha noma indawo yokusebenza yesevisi. Ifayela ngalinye noma i-subdirectory ku-".mstack/" ichaza izinga elilodwa lokukhweza noma ungqimba "lwe-overlayfs".

    Isibonelo, ukucushwa okulandelayo "foobar.mstack/" kuchaza i-overlayfs enezendlalelo ezimbili zokufunda kuphela ezivela ku-disk images base.raw kanye ne-app.raw (ezichazwe njengezixhumanisi ezingokomfanekiso), kanye nesiqondisi esibhaliwe "rw": foobar.mstack/layer@0.raw → ../base.raw foobar.mstack/layer@1.raw → ../app.raw foobar.mstack/rw/

  • Sekusetshenziswe uhlaka "lwama-metric" kanye "nombiko", olungasetshenziswa yizingxenye zesistimu ukukhipha izibalo nge-Varlink kufolda ethi /run/systemd/report/. Insizakalo ye-systemd-report ingeziwe, ikhiqiza umbiko ohlanganisiwe ohlanganisa izibalo ezivela kuzo zonke izingxenye futhi iwukhiphe ngefomethi ye-JSON. Njengamanje, umphathi wesevisi kanye ne-systemd-networkd kuphela abahlinzeka ngama-metric.
  • I-systemd-networkd ihlanganiswe ne-ModemManager futhi isigaba esithi "[MobileNetwork]" sengezwe nezilungiselelo ze-APN, i-AllowedAuthenticationMechanisms, i-User, i-Password, i-IPFamily, i-AllowRoaming, i-PIN, i-OperatorId, i-RouteMetric, kanye ne-UseGateway, okuvumela ukuthi usebenzise i-systemd-networkd ukuxhuma kuma-opharetha eselula nge-modem.
  • Ikhono lokusebenzisa i-systemd-portabled njengesevisi yomsebenzisi, eqhutshwa umsebenzisi ongenamalungelo, seliqalisiwe. Amafulegi "--user" kanye "--system" angeziwe ku-utility ye-portablectl ukukhetha uhlobo lwesevisi. Izinsizakalo Eziphathekayo ziyizinsizakalo zesistimu ezipakishwe njengeziqukathi ezizimele (ezilethwa njengesithombe sesistimu, kodwa eziphathwa njengesevisi evamile).
  • I-systemd-logind kanye ne-systemd-udevd zengeze ukwesekwa komqondo we-"xaccess" (Extended Access), okuvumela abasebenzisi abakude abangasebenzisi ngokoqobo i-monitor noma amadivayisi okufaka ohlelweni lwendawo ukufinyelela i-GPU kuseshini yezithombe (efana ne-uaccess, ehlanganisa abasebenzisi abasebenza nekhompyutha ngokomzimba). Ukuze ulungiselele amaseshini kulokhu, kunconywa ukusetha i-XDG_SESSION_EXTRA_DEVICE_ACCESS environment variable nge-PAM.
  • Ukuze kwenziwe ngokuzenzakalelayo ukucushwa kwe-DeviceTree ezithombeni ze-UKI (Unified Kernel Image), kuphakanyiswa isethi ye-canonical yamafayela okuhlonza ihadiwe (/usr/lib/systemd/boot/hwids/) . Lawa mafayela ahlobanisa izihlonzi zedivayisi nezinto ze-DeviceTree. Kusetshenziswa le sethi, isithombe se-UKI sithola ngokuzenzakalelayo futhi silayishe i-Device Tree Blob (DTB) edingekayo ngesikhathi sokuqalisa, ngaphandle kwesidingo sokudala izithombe ezithile zedivayisi. Njengamanje, amafayela e-hwid akhiqizwa amadivayisi e-ARM64 ngokusekelwe kuma-chips e-Snapdragon.
  • Inkambu entsha, ethi "FANCY_NAME," ingeziwe ku-/etc/os-release. Ihlukile ku-"PRETTY_NAME" ngoba ingasebenzisa ama-glyph angewona ama-ASCII Unicode. Uma inkambu ethi "FANCY_NAME" ikhona, izosetshenziswa ekukhishweni kwe-systemd, systemd-hostnamed, kanye ne-hostnamectl esikhundleni se-"PRETTY_NAME."
  • Izinsizakalo ezihlinzeka ngezixhumanisi zomphakathi ze-Varlink zixhunywe ngokomfanekiso kufolda eyodwa, /run/varlink/registry/. Umyalo 'we-varlinkctl list-registry' uyasebenza ukuze ubuke uhlu lwalezo zinsizakalo.
  • Kumayunithi, ikhono lokucacisa inani "eliphethwe" kupharamitha ye-PrivateUsers seliqalisiwe ukuze linikeze ngokuzenzakalelayo ububanzi bezihlonzi zomsebenzisi kanye neqembu (i-UID/GID) kuyunithi nge-systemd-nsresourced.
  • Kufakwe isilungiselelo se-RefreshOnReload kumayunithi ukuze kubuyekezwe izandiso kanye neziqinisekiso lapho iyunithi iqala kabusha.
  • Isethingi ye-BindNetworkInterface ingeziwe kumayunithi ukuze ibophe ngokuzenzakalelayo wonke amasokhethi adalwe kuyunithi kusixhumi esibonakalayo senethiwekhi esichaziwe.
  • Izilungiselelo ze-ConditionPathIsSocket kanye ne-AssertPathIsSocket zengezwe kumayunithi ukushintsha ukuziphatha noma ukuphahlazeka kweyunithi uma izindlela ezichaziwe zingezona izisekelo.
  • Umyalo othi 'enqueue-marked' ungeziwe ku-systemctl, obiza indlela ethi D-Bus EnqueueMarkedJobs(). Ipharamitha ethi '--marked' eyayisetshenziswa ngaphambilini kule njongo iye yasuswa.
  • Kufakwe isethingi ye-MemoryTHP kumasevisi ukulawula ukusetshenziswa kwamakhasi amakhulu enkumbulo (i-THP - Amakhasi Abanzi Abonakalayo) kumasevisi.
  • Amafayela e-.delegate axazululwe nge-systemd manje asekela ipharamitha ye-FirewallMark yokusetha uphawu lwe-firewall ku-network stack yethrafikhi ye-DNS ekhiqizwe.
  • Umyalo 'wokuthola' ungeziwe ku-systemd-sysupdate ukuze kuhlukaniswe izigaba zokuqalisa kanye nokufaka/ukubuyekeza. Usekelo lokumaka izingxenye njengeziqalisiwe kancane luye lwasetshenziswa.
  • Kwengezwe inketho ethi "--image-format" ku-systemd-vmspawn ukuze kukhethwe ifomethi (qcow2 noma eluhlaza) yesithombe sediski.
  • I-systemd-inhibit manje isekela ifomethi ye-JSON yenketho ethi "--list", kanye nekhono lokusebenzisa amafulegi athi "--what", "--who", "--why", kanye nethi "--mode" ukuhlunga umphumela.
  • i-systemd-repart ingeza ukwesekwa okuyisisekelo kokuqapha ubuqotho bezingxenye ezibethelwe kusetshenziswa i-dm-integrity.
  • Insizakalo ye-systemd-keyutil manje inomyalo othi 'extract-certificate' wokubonisa okuqukethwe kwezitifiketi ze-X.509.
  • i-systemd-sysext kanye ne-varlinkctl manje zisekela ukugunyazwa okusebenzisanayo kusetshenziswa i-polkit.
  • Kungezwe inqubomgomo ye-polkit evumela ukubiza i-systemd-ask-password njengomsebenzisi ongenamalungelo.
  • i-systemd-importd manje isekela ukulayisha izithombe ze-OCI ngomyalo othi "importctl pull-oci", ogcinwa njengezithombe zokufakwa nge-"mstack".
  • Kungezwe ukwesekwa kwe-SYSTEMD_COLORS=auto-16, SYSTEMD_COLORS=auto-256, kanye ne-SYSTEMD_COLORS=auto-24bit colors.
  • Ama-executable azimele asebenza ngokugcwele anikezwa ama-systemd-sysusers kanye nama-systemd-tmpfiles (ngaphambilini, kwakhiwe izinguqulo ezihlukanisiwe).
  • I-"prekill hook" ingeziwe ku-systemd-oomd, okuvumela ukuthi unamathisele izibambi eziqala ukusebenza ngaphambi kokuba inqubo iqedwe ngenkani ngenxa yezimo zememori eziphansi.
  • Kubuyiselwe esikhundleni, kodwa kumakwe njengokwenqatshiwe, ikhono lokusebenzisa abasebenzisi namaqembu angewona awesistimu emithethweni ye-udev (OWNER=/GROUP=) kanye nezilungiselelo ze-systemd-networkd (User=/Group=).
  • I-systemd-repart isebenzisa ukusebenza kwensiza ye-mkfs.xfs, eyethulwe ku-xfsprogs 6.17.0, ukuze yandise okuqukethwe kokuqala kwesistimu yefayela kusuka kufolda ethile.
  • Izidingo zenguqulo ezincane kakhulu zikhulisiwe: i-kernel Linux 5.4 → 5.10 (5.14 kunconywa, 6.6 ukuze kusebenze ngokugcwele), i-libidn → i-libidn2, i-Python 3.7.0 → 3.9.0, i-glibc 2.31 → 2.34, i-OpenSSL 1.1.0 → 3.0.0, i-cryptsetup 2.0.1/2.3.0 → 2.4.0, i-elfutils 158 → 177, i-liblblkid 2.24 → 2.37, i-libseccomp 2.3.1 → 2.4.0.
  • Iziqondiso zokuphatheka kanye nokuzinza zibuyekeziwe futhi zenziwa lula, okuqinisa ukuzibophezela ekuvimbeleni ukuhlehla okubonakalayo komsebenzisi ezindaweni zokuxhumana zomphakathi.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster