Ngemva kwezinyanga ezintathu zentuthuko ukukhululwa komphathi wesistimu . Ekukhishweni okusha, izingxenye ezintsha ze-systemd-homed kanye ne-systemd-repart ziyengezwa, ukusekelwa kwamaphrofayela omsebenzisi aphathekayo ngefomethi ye-JSON kufakiwe, ikhono lokuchaza izikhala zamagama ku-systemd-journald kunikezwa, futhi nokusekelwa kwendlela ye-“pidfd” yengezwa. . Iklanywe kabusha ngokuphelele , eqoqa iningi lamadokhumenti atholakalayo futhi iphakamise ilogo entsha.
main :
- Isevisi eyengeziwe , ehlinzeka ngokuphathwa kwezinkomba zasekhaya eziphathwayo, ezilethwa ngendlela yefayela lesithombe esikhweziwe, idatha ebethelwe kuyo. I-Systemd-homed ikuvumela ukuthi udale izindawo ezizimele zedatha yomsebenzisi engadluliswa phakathi kwamasistimu ahlukene ngaphandle kokukhathazeka ngokuvumelanisa izihlonzi kanye nokugcinwa kuyimfihlo. Imininingwane yomsebenzisi iboshelwe kusiqondisi sasekhaya kunezilungiselelo zesistimu-iphrofayili efomethi isetshenziswa esikhundleni sika-/etc/passwd,/etc/group kanye/etc/shadow . Ukuze uthole imininingwane eyengeziwe, bheka systemd-homed.
- Kungezwe ingxenye engumngane we-systemd-homed "” (“systemd-userb”), ehumusha ama-akhawunti e-UNIX/glibc NSS ibe amarekhodi e-JSON futhi inikeze i-Varlink API ehlanganisiwe yokubuza nokuphindaphinda amarekhodi. Iphrofayela ye-JSON ehlotshaniswa nohla lwemibhalo lwasekhaya icacisa imingcele edingekayo emsebenzini womsebenzisi, okuhlanganisa igama lomsebenzisi, i-hashi yephasiwedi, okhiye bokubethela, ama-quota, nezisetshenziswa ezinikeziwe. Iphrofayili ingagunyazwa ngesiginesha yedijithali egcinwe kuthokheni ye-Yubikey yangaphandle. Ukuze uphathe amaphrofayili, insiza ethi “userdbctl” iyaphakanyiswa. Ukusekelwa kwamaphrofayela e-JSON kwengezwe ezingxenyeni ezihlukahlukene zesistimu, okuhlanganisa i-systemd-logind kanye ne-pam-systemd, okuvumela abasebenzisi bezinkomba eziphathwayo ukuze baqinisekise, bangene ngemvume, basethe okuguquguqukayo kwemvelo, benze iseshini, babeke imikhawulo, njll. Ngokuzayo, kulindeleke ukuthi uhlaka lwe-sssd lukwazi ukukhiqiza amaphrofayela e-JSON ngezilungiselelo zomsebenzisi ezigcinwe ku-LDAP.
- Isisetshenziswa esisha "se-systemd-repart" sengeziwe, esiklanyelwe ukwahlukanisa amatafula we-disk partition ngefomethi ye-GPT. Isakhiwo sokuhlukanisa sichazwa ngendlela yokumemezela ngamafayela achaza ukuthi yiziphi izingxenye okufanele zibe khona noma ezingaba khona. Ebhuthini ngayinye, ithebula lokuhlukanisa langempela liqhathaniswa nalawa mafayela, ngemva kwalokho izingxenye ezilahlekile zengezwe noma, uma isihlobo noma usayizi ophelele ochazwe kuzilungiselelo ungahambisani, ubukhulu balawo akhona buyanda. Izinguquko ezikhuphukayo kuphela ezivunyelwe, i.e. ukususa nokunciphisa usayizi akunakwenzeka, ukuhlukaniswa kungenziwa kuphela futhi kwandiswe.
Insiza iklanyelwe ukuqaliswa kusuka ku-initrd futhi ithola ngokuzenzakalelayo idiski lapho ukuhlukaniswa kwezimpande kutholakala khona, okungadingi ukucushwa okwengeziwe, ngaphandle kwamafayela anencazelo yezinguquko.Empeleni, i-systemd-repart ingaba wusizo ezithombeni zesistimu yokusebenza okungenzeka ekuqaleni zithunyelwe ngefomu elincane, futhi ngemva kokuba ibhuthi yokuqala inganwetshwa ibe usayizi wedivayisi ekhona ye-block noma yengezwe ngezingxenye ezengeziwe (isibonelo, impande. ukwahlukanisa kunganwetshwa ukumboza yonke idiski noma ngemuva kokuthi ibhuthi yokuqala idale ukuhlukaniswa okushintshiwe noma/ikhaya). Okunye ukusetshenziswa kuzoba ukulungiselelwa okunezingxenye ezimbili ezijikelezayo - ingxenye yokuqala kuphela engase inikezwe ekuqaleni, futhi eyesibili izokwakhiwa ekuqaleni kokuqala.
- Manje sekungenzeka ukuthi kwethulwe izimo eziningi ze-systemd-journald, ngayinye egcina amalogi endaweni yayo yamagama. Ngokungeziwe ku-systemd-journald.service eyinhloko, uhla lwemibhalo lwe-.service lunikeza isifanekiso sokudala izimo ezengeziwe eziboshelwe ezindaweni zazo zamagama kusetshenziswa isiqondiso se-“LogNamespace”. Indawo yegama yelogi ngayinye inikezwa inqubo engemuva ehlukile enesethi yayo yezilungiselelo nemikhawulo. Isici esihlongozwayo singase sibe usizo ekulinganiseni ukulayisha ngevolumu enkulu yamalogi noma ekuthuthukiseni ukuhlukaniswa kohlelo lokusebenza. Kwengezwe inketho ethi "--namespace" ku-journalctl ukuze kukhawulelwe umbuzo endaweni yamagama eshiwo kuphela.
- I-Systemd-udevd nezinye izingxenye ze-systemd zengeze usekelo lwendlela yokunikeza amanye amagama kuzixhumi ezibonakalayo zenethiwekhi, okuvumela amagama amaningi ukuthi asetshenziswe ngesikhathi esisodwa esixhumi esibonakalayo esisodwa. Igama lingaba nezinhlamvu ezifika ku-128 (ngaphambilini, igama lesixhumi esibonakalayo senethiwekhi lalinomkhawulo wezinhlamvu eziyi-16). Ngokuzenzakalelayo, i-systemd-udevd manje inika isixhumi esibonakalayo senethiwekhi ngayinye wonke amagama ahlukile akhiqizwa izikimu zokuqamba ezisekelwayo. Lokhu kuziphatha kungashintshwa ngezilungiselelo ezintsha ze-AlternativeName kanye ne-AlternativeNamesPolicy kumafayela we-.link. I-systemd-nspawn isebenzisa ukukhiqizwa kwamanye amagama anegama lesiqukathi esigcwele sezixhumanisi ze-veth ezidalwe ohlangothini lomsingathi.
- I-sd-event.h API yengeza usekelo lwe-Linux kernel subsystem "pidfd" ukuze isingathe isimo sokuphinda sisetshenziswe i-PID (i-pidfd ihlotshaniswa nenqubo ethile futhi ayishintshi, kuyilapho i-PID ingahlotshaniswa nenye inqubo ngemva kwenqubo yamanje. okuhlotshaniswa nayo kuphuma kule PID). Zonke izingxenye zesistimu ngaphandle kwe-PID 1 ziguqulelwe ukuze zisebenzise ama-pidfd uma isistimu engaphansi isekelwa i-kernel yamanje.
- i-systemd-logind inikeza amasheke okufinyelela okusebenza kokushintsha kwetheminali ebonakalayo nge-PolicyKit. Ngokuzenzakalelayo, izimvume zokushintsha itheminali esebenzayo zinikezwa kuphela abasebenzisi abaqale iseshini kutheminali yendawo okungenani kanye.
- Ukwenza kube lula ukudala izithombe ze-initrd nge-systemd, isibambi se-PID 1 manje sithola ukuthi i-initrd iyasetshenziswa futhi kulesi simo silayisha ngokuzenzakalelayo initrd.target esikhundleni se-default.target. Ngale ndlela, izithombe ze-initrd neziyinhloko zesistimu zingahluka kuphela phambi kwefayela /etc/initrd-release.
- Kwengezwe ipharamitha yomugqa womyalo omusha we-kernel - "systemd.cpu_affinity", okulingana nenketho ye-CPUAffinity ku-/etc/systemd/system.conf futhi ikuvumela ukuthi ulungiselele imaski ye-CPU yokuhambisana ye-PID 1 nezinye izinqubo.
- Kunikwe amandla ukulayishwa kabusha kwesizindalwazi se-SELinux kanye nokuqalisa kabusha i-PID 1 ngemiyalo efana ne-"systemctl daemon-reload".
- Isilungiselelo esithi “systemd.show-status=error” sengezwe kusibambi se-PID 1, uma sisethiwe, imilayezo yephutha kuphela nokubambezeleka okuphawulekayo phakathi nokulayisha okuboniswa kukhonsoli.
- ama-systemd-sysusers angeze usekelo lokudala abasebenzisi abanegama leqembu eliyinhloko elihlukile kunegama lomsebenzisi.
- i-systemd-growfs yethula usekelo lokunwetshwa kwengxenye ye-XFS ngenketho yokukhweza ye-x-systemd.growfs ku-/etc/fstab, ngaphezu kokunwetshwa kwesahlukaniso esisekelwe ngaphambilini nge-Ext4 kanye ne-Btrfs.
- Kwengezwe inketho ye-x-initrd.attach ku-/etc/crypttab ukuchaza ukwahlukanisa okubethelwe kakade kuvuliwe esigabeni sokuqala.
- i-systemd-cryptsetup yengeza usekelo (inketho pkcs11-uri in /etc/crypttab) yokuvula izingxenye ezibethelwe kusetshenziswa ama-smartcards e-PKCS#11, isibonelo sokunamathisela ukubethela kokuhlukanisa ku-YubiKeys.
- Izinketho ezintsha zokukhweza "x-systemd.required-by" kanye "x-systemd.wanted-by" zengezwe ku-/etc/fstab ukuze kumiswe ngokusobala amayunithi achaza imisebenzi yokukhweza okumele ibizwe esikhundleni se-local-fs.target kanye nesilawuli kude. -fs .thagethi.
- Inketho entsha ye-sandboxing yesevisi yengeziwe - I-ProtectClock, ekhawulela ukubhala ewashi lesistimu (ukufinyelela kuvinjiwe ezingeni le-/dev/rtc, izingcingo zesistimu kanye nezimvume ze-CAP_SYS_TIME/CAP_WAKE_ALARM).
- Ukucaciswa kanye ne-systemd-gpt-auto-generator yengeze ukutholwa kokuhlukanisa
/var kanye /var/tmp. - Ku-"systemctl list-unit-files", lapho kuboniswa uhlu lwamayunithi, kuvele ikholomu entsha ebonisa isimo sokunika amandla esinikezwa ekusethweni kwangaphambili komkhiqizi kulolu hlobo lweyunithi.
- Inketho ethi "-with-dependencies" yengezwe ku-"systemctl", uma ifakiwe, imiyalo efana ne-"systemctl status" kanye ne-"systemctl cat" izobonisa hhayi kuphela wonke amayunithi ahambisanayo, kodwa namayunithi ancike kuwo.
- Ku-systemd-networkd, ukulungiselelwa kwe-qdisc kungeze ikhono lokumisa amapharamitha we-TBF (Token Bucket Filter), SFQ (Stochastic Fairness Queuing), CoDel (Controlled-Delay Active Queue Management) kanye nemingcele ye-FQ (Fair Queue).
- i-systemd-networkd ingeze ukwesekwa kwamadivayisi enethiwekhi ye-IFB ().
- I-Systemd-networkd isebenzisa ipharamitha ye-MultiPathRoute esigabeni esithi [Umzila] ukuze ilungiselele imizila enemizila eminingi.
- Ku-systemd-networkd yeklayenti le-DHCPv4, inketho ye-SendDecline yengeziwe, uma icacisiwe, ngemva kokuthola impendulo ye-DHCP enekheli, ukuhlolwa kwekheli okuyimpinda kuyenziwa futhi uma kutholwa ukungqubuzana kwekheli, ikheli elikhishiwe liyanqatshwa. Inketho ye-RouteMTUBytes nayo yengeziwe kuklayenti le-DHCPv4, okukuvumela ukuthi unqume usayizi we-MTU wemizila ekhiqizwe ekubopheni ikheli le-IP (ukuqashisa).
- Isilungiselelo se-PrefixRoute esigabeni esithi [Ikheli] samafayela enethiwekhi sihoxisiwe. Ithathelwe indawo isilungiselelo esithi “AddPrefixRoute”, esinencazelo ephambene.
- Emafayeleni .network, usekelo lwevelu entsha “_dhcp” lwengezwe kusilungiselelo se-Gateway esigabeni esithi “[Umzila]”, uma kusethiwe, umzila omile uyakhethwa ngokusekelwe kusango elilungiselelwe nge-DHCP.
- Izilungiselelo zivele kumafayela enethiwekhi esigabeni esithi “[RoutingPolicyRule]”
Umsebenzisi kanye ne-SuppressPrefixLength ukuze ucacise umzila womthombo ngokusekelwe kububanzi be-UID nosayizi wesiqalo. - Ku-networkctl, umyalo "wesimo" unikeza amandla okubonisa amalogi ngokuhlobene nesixhumi esibonakalayo senethiwekhi ngayinye.
- i-systemd-networkd-wait-online yengeza usekelo lokusetha isikhathi esiphezulu sokulinda isixhumi esibonakalayo ukuthi sisebenze futhi silinde isixhumi esibonakalayo ukuthi sehle.
- Kumiswe ukucubungula amafayela athi .link kanye namafayela enethiwekhi anesigaba esingenalutho noma esiphawulwe ngokuthi “[Match]”.
- Kumafayela we-.link kanye nokuthi .network, esigabeni esithi "[Match]", isilungiselelo esithi "PermanentMACAddress" sengezwe ukuze kuhlolwe ikheli le-MAC elingunaphakade lamadivayisi esimweni sokusebenzisa i-MAC engahleliwe ekhiqizwe.
- Isigaba esithi “[TrafficControlQueueingDiscipline]” kumafayela enethiwekhi siqanjwe kabusha ukuze sithi “[I-NetworkEmulator]”, futhi isiqalo esithi “NetworkEmulator” sikhishiwe emagameni ezilungiselelo ezihambisanayo.
- i-systemd-resolved ye-DNS-over-TLS yengeza usekelo lokuhlola i-SNI.
Source: opennet.ru