I-ProHoster > Блог > izindaba ze-inthanethi > ukukhishwa komphathi wesistimu ye-242

ukukhishwa komphathi wesistimu ye-242

[:zu]

Ngemva kwezinyanga ezimbili zentuthuko kwethulwe ukukhululwa komphathi wesistimu uhlelo lwe-242. Phakathi kwezinto ezintsha, singaphawula ukusekelwa kwemigudu ye-L2TP, amandla okulawula ukuziphatha kwe-systemd-logind ekuqaliseni kabusha ngokusebenzisa okuguquguqukayo kwemvelo, ukusekelwa kwezingxenye ezinwetshiwe ze-XBOOTLDR zokuqalisa ukukhweza / i-boot, ikhono lokuqalisa ngokuhlukanisa impande kuma-overlayfs, kanye nenani elikhulu lezilungiselelo ezintsha zezinhlobo ezahlukene zamayunithi.

Izinguquko eziyinhloko:

  • i-systemd-networkd inikeza ukusekelwa kwemigudu ye-L2TP;
  • I-sd-boot kanye ne-bootctl inikeza ukusekelwa kwezingxenye ze-XBOOTLDR (I-Extended Boot Loader) eklanyelwe ukufakwa ku-/boot, ngaphezu kwezingxenye ze-ESP ezifakwe ku-/efi noma /boot/efi. Ama-kernel, izilungiselelo, initrd kanye nezithombe ze-EFI manje zingaqalwa kuzo zombili izingxenye ze-ESP ne-XBOOTLDR. Lolu shintsho lukuvumela ukuthi usebenzise i-sd-boot bootloader ezimweni ezilandelanayo, lapho i-bootloader ngokwayo itholakala ku-ESP, futhi ama-kernels alayishiwe kanye nemethadatha ehlobene kubekwa esigabeni esihlukile;
  • Kwengezwe ikhono lokuqalisa ngenketho ethi “systemd.volatile=overlay” edluliselwe ku-kernel, ekuvumela ukuthi ubeke ukuhlukaniswa kwempande kuma-overlayfs futhi uhlele umsebenzi phezu kwesithombe sokufunda kuphela sohlu lwezimpande olunezinguquko ezibhalwe ku- uhla lwemibhalo oluhlukene kuma-tmpfs (izinguquko kulokhu kumisa ziyalahleka ngemva kokuqalisa kabusha) . Ngokufanisa, i-systemd-nspawn yengeze inketho ethi “--volatile=overlay” ukuze isebenzise ukusebenza okufanayo ezitsheni;
  • i-systemd-nspawn yengeze inketho ethi "--oci-bundle" ukuvumela ukusetshenziswa kwezinqwaba zesikhathi sokusebenza ukuze kuhlinzekwe ukwethulwa okukodwa kweziqukathi ezithobelana nokucaciswa kwe-Open Container Initiative (OCI). Ukuze kusetshenziswe kulayini womyalo kanye namayunithi we-nspawn, ukusekelwa kwezinketho ezihlukahlukene ezichazwe ekucacisweni kwe-OCI kuyahlongozwa, isibonelo, okukhethwa kukho okuthi “--inaccessible” kanye “Nokungafinyeleleki” kungasetshenziswa ukuze kungafaki izingxenye zesistimu yefayela, kanye nokuthi “ --console" izinketho zengeziwe ukuze kulungiswe ukusakaza okujwayelekile okukhiphayo kanye "-pipe";
  • Kwengezwe amandla okulawula ukuziphatha kwe-systemd-logind ngokusebenzisa okuguquguqukayo kwemvelo: $SYSTEMD_REBOOT_ TO_FIRMWARE_SETUP,
    $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU kanye
    $SYSTEMD_REBOOT_ TO_BOOT_LOADER_ENTRY. Usebenzisa lezi ziguquko, ungaxhuma izibambi zakho zenqubo yokuqalisa kabusha (/run/systemd/reboot-to-firmware-setup, /run/systemd/reboot-to-boot-loader-menu futhi
    /run/systemd/reboot-to-boot-loader-entry) noma zikhubaze ngokuphelele (uma inani lisethelwe kumanga);

  • Izinketho ezingeziwe "-boot-load-menu=" kanye
    “—boot-loader-entry=”, okukuvumela ukuthi ukhethe into ethile yemenyu yokuqalisa noma imodi yokuqalisa ngemva kokuqalisa kabusha;

  • Kwengezwe umyalo omusha wokuhlukanisa we-sandbox othi “RestrictSUIDSGID=”, esebenzisa i-seccomp ukuvimbela ukudalwa kwamafayela anamafulegi e-SUID/SGID;
  • Kuqinisekiswe ukuthi imikhawulo ye-“NoNewPrivileges” kanye ne-“RestrictSUIDSGID” isetshenziswa ngokuzenzakalelayo kumasevisi ngemodi yokukhiqiza i-ID yomsebenzisi enamandla (“DynamicUser” inikwe amandla);
  • Ukulungiselelwa okuzenzakalelayo kwe-MACAddressPolicy=persistent kumafayela we-.link kushintshiwe ukuze kufakwe amadivayisi amaningi. Ukuxhumana kwamabhuloho enethiwekhi, amathaneli (tun, tap) nezixhumanisi ezihlanganisiwe (ibhondi) azizivezi ngaphandle kwegama lesixhumi esibonakalayo senethiwekhi, ngakho leli gama manje selisetshenziswa njengesisekelo sokubopha amakheli e-MAC ne-IPv4. Ngaphezu kwalokho, isilungiselelo se-“MACAddressPolicy=random” sengeziwe, esingasetshenziswa ukuhlanganisa amakheli e-MAC kanye ne-IPv4 kumadivayisi ngendlela engahleliwe;
  • Amafayela eyunithi ".device" akhiqizwe nge-systemd-fstab-generator awasafaki amayunithi ahambisanayo ".mount" njengokuncika esigabeni "Wants=". Ukuxhuma kalula kudivayisi akusaqalisi ngokuzenzakalelayo iyunithi ukukhwezwa, kodwa amayunithi anjalo asengaqaliswa ngenxa yezinye izizathu, njengengxenye ye-local-fs.target noma njengokuncika kwamanye amayunithi ancike ku-local-fs.target. ;
  • Kwengezwe usekelo lwamamaski (“*”, njll.) kumiyalo ethi “networkctl list/status/lldp” ukuze kuhlungwe amaqembu athile okusebenzelana kwenethiwekhi ngengxenye yegama lawo;
  • I-$PIDFILE eguquguqukayo yemvelo manje isethwe kusetshenziswa indlela ephelele elungiselelwe ezinkonzweni ngepharamitha ye-"PIDFile=;".
  • Iziphakeli ze-Cloudflare zomphakathi (1.1.1.1) zengezwe enanini lamaseva e-DNS ayisipele asetshenziswa uma i-DNS eyinhloko ingachazwanga ngokucacile. Ukuchaza kabusha uhlu lwamaseva e-DNS ayisipele, ungasebenzisa inketho ethi “-Ddns-servers=";
  • Uma ithola ubukhona besilawuli Sedivayisi ye-USB, isibambi esisha se-usb-gadget.target siqaliswa ngokuzenzakalelayo (uma isistimu isebenza kudivayisi yocingo lwe-USB);
  • Kumafayela eyunithi, isilungiselelo esithi “CPUQuotaPeriodSec=” senziwe, esinquma isikhathi esihlobene nesilinganiso sesikhathi se-CPU esilinganiswa ngaso, sisethwe ngokulungiselelwa kwe-“CPUQuota=”;
  • Kumafayela eyunithi, isilungiselelo esithi “ProtectHostname=” senziwe, esivimbela amasevisi ekuguquleni ulwazi olumayelana negama lomsingathi, ngisho noma enezimvume ezifanele;
  • Kumafayela eyunithi, isilungiselelo esithi “NetworkNamespacePath=” senziwe, esikuvumela ukuthi ubophe indawo yegama kumasevisi noma amayunithi esokhethi ngokucacisa indlela eya kufayela le-namespace ku-pseudo-FS/proc;
  • Kwengezwe ikhono lokukhubaza ukushintshwa kwezinto eziguquguqukayo zemvelo ngezinqubo eziqaliswe kusetshenziswa isilungiselelo se-“ExecStart=” ngokungeza uhlamvu oluthi “:” ngaphambi komyalo wokuqala;
  • Okwezibali sikhathi (.timer units) amafulegi amasha athi “OnClockChange=" kanye
    “OnTimezoneChange=", ongalawula ngayo ucingo lweyunithi lapho kushintsha isikhathi sohlelo noma indawo yesikhathi;

  • Kungezwe izilungiselelo ezintsha “ConditionMemory=” kanye “ConditionCPUs=”, ezinquma izimo zokubiza iyunithi kuye ngosayizi wememori kanye nenani lama-CPU cores (isibonelo, isevisi edinga izinsizakusebenza ingaqaliswa kuphela uma inani elidingekayo RAM iyatholakala);
  • Kwengezwe iyunithi entsha ye-time-set.target eyamukela isikhathi sesistimu esimisiwe, ngaphandle kokusebenzisa ukubuyisana neziphakeli zesikhathi zangaphandle kusetshenziswa iyunithi ye-time-sync.target. Iyunithi entsha ingasetshenziswa amasevisi adinga ukunemba kwamawashi endawo angavumelanisiwe;
  • Inketho ethi “--show-transaction” yengezwe ku-“systemctl start” futhi imiyalo efanayo, lapho icacisiwe, isifinyezo sayo yonke imisebenzi engezwe kulayini ngenxa yokusebenza okuceliwe siyaboniswa;
  • i-systemd-networkd isebenzisa incazelo yesimo esisha 'sokugqilazwa', esisetshenziswa esikhundleni sokuthi 'eyehlisiwe' noma 'inkampani yenethiwekhi' ekuxhumaneni kwenethiwekhi okuyingxenye yezixhumanisi ezihlanganisiwe noma amabhuloho enethiwekhi. Ezixhunyweni eziyinhloko, uma kuba nezinkinga ngesixhumanisi esisodwa esiyinhlanganisela, isimo 'sesithwali esehlisiwe' sengeziwe;
  • Kwengezwe inketho ethi “IgnoreCarrierLoss=" kumayunithi wenethiwekhi ukuze ulondoloze izilungiselelo zenethiwekhi uma kulahleka uxhumano;
  • Ngesilungiselelo esithi “RequiredForOnline=” kumayunithi .network, ungakwazi manje ukusetha ubuncane besimo sokuxhumanisa esamukelekayo esidingekayo ukuze udlulisele isixhumi esibonakalayo senethiwekhi “ku-inthanethi” bese ucupha isibambi se-systemd-networkd-wait-online;
  • Kwengezwe inketho ethi “--any” ku-systemd-networkd-wait-online ukuze ulinde ukulungela kwanoma iyiphi indawo yenethiwekhi eshiwo esikhundleni sakho konke, kanye nenketho ethi “--operational-state=” yokunquma isimo senethiwekhi. isixhumanisi esibonisa ukulungela;
  • Kwengezwe izilungiselelo ze-“UseAutonomousPrefix=” kanye nethi “UseOnLinkPrefix=” kumayunithi we-.network, angasetshenziswa ukuziba iziqalo lapho uthola.
    isimemezelo esivela kumzila we-IPv6 (i-RA, Isikhangiso Somzila);

  • Kumayunithi .network, izilungiselelo ze-“MulticastFlood=”, “NeighborSuppression=” kanye nethi “Learning=” zengezwe ukuze kushintshwe amapharamitha okusebenza ebhuloho lenethiwekhi, kanye nesilungiselelo se-“TripleSampling=” ukushintsha imodi ye-TRIPLE-SAMPLING. kokuxhumana okubonakalayo kwe-CAN;
  • Izilungiselelo ze-“PrivateKeyFile=” kanye “ne-PresharedKeyFile=” zengezwe kumayunithi e-.netdev, ongacacisa ngawo okhiye abayimfihlo nababelwe (PSK) bezixhumanisi ze-WireGuard VPN;
  • Kwengezwe izinketho ezifanayo-cpu-crypt kanye nokuthumela-kusuka-ku-crypt-cpus kuya ku-/etc/crypttab, elawula ukuziphatha komhleli lapho ethutha umsebenzi ohlobene nokubethela phakathi kwama-CPU cores;
  • I-systemd-tmpfiles ihlinzeka ngokucutshungulwa kwefayela lokukhiya ngaphambi kokwenza imisebenzi kuzinkomba ezinamafayili esikhashana, okukuvumela ukuthi ukhubaze umsebenzi wokuhlanza amafayela aphelelwe yisikhathi phakathi nesikhathi sezenzo ezithile (isibonelo, lapho ukhipha inqolobane ye-tar ku/tmp, amafayela amadala kakhulu angase abe. evuliwe engakwazi ukususwa ngaphambi kokuphela kwesenzo nabo);
  • Umyalo othi "systemd-analyze cat-config" unikeza ikhono lokuhlaziya ukucushwa okuhlukaniswe ngamafayela amaningana, isibonelo, ukusetha ngaphambilini komsebenzisi nesistimu, okuqukethwe kwe-tmpfiles.d ne-sysusers.d, imithetho ye-udev, njll.
  • Kwengezwe inketho ethi "--cursor-file=" ku-"journalctl" ukuze ucacise ifayela elizolayishwa futhi lilondoloze ikhesa yendawo;
  • Incazelo eyengeziwe ye-ACRN hypervisor kanye nesistimu engaphansi ye-WSL (i-Windows Subsystem ye-Linux) ukuze i-systemd-detect-virt ye-branching elandelayo kusetshenziswa isisebenzisi esinemibandela esithi “ConditionVirtualization”;
  • Ngesikhathi sokufakwa kwe-systemd (lapho kusetshenziswa "ukufakwa kwe-ninja"), ukudalwa kwezixhumanisi ezingokomfanekiso kumafayela systemd-networkd.service, systemd-networkd.socket,
    systemd-resolved.service, remote-cryptsetup.target, remote-fs.target,
    i-systemd-networkd-wait-online.service kanye ne-systemd-timesyncd.service. Ukuze udale lawa mafayela, manje udinga ukusebenzisa umyalo othi “systemctl preset-all”.

Umthomboopennet.ru

[: zu]

Ngemva kwezinyanga ezimbili zentuthuko kwethulwe ukukhululwa komphathi wesistimu uhlelo lwe-242. Phakathi kwezinto ezintsha, singaphawula ukusekelwa kwemigudu ye-L2TP, amandla okulawula ukuziphatha kwe-systemd-logind ekuqaliseni kabusha ngokusebenzisa okuguquguqukayo kwemvelo, ukusekelwa kwezingxenye ezinwetshiwe ze-XBOOTLDR zokuqalisa ukukhweza / i-boot, ikhono lokuqalisa ngokuhlukanisa impande kuma-overlayfs, kanye nenani elikhulu lezilungiselelo ezintsha zezinhlobo ezahlukene zamayunithi.

Izinguquko eziyinhloko:

  • i-systemd-networkd inikeza ukusekelwa kwemigudu ye-L2TP;
  • I-sd-boot kanye ne-bootctl inikeza ukusekelwa kwezingxenye ze-XBOOTLDR (I-Extended Boot Loader) eklanyelwe ukufakwa ku-/boot, ngaphezu kwezingxenye ze-ESP ezifakwe ku-/efi noma /boot/efi. Ama-kernel, izilungiselelo, initrd kanye nezithombe ze-EFI manje zingaqalwa kuzo zombili izingxenye ze-ESP ne-XBOOTLDR. Lolu shintsho lukuvumela ukuthi usebenzise i-sd-boot bootloader ezimweni ezilandelanayo, lapho i-bootloader ngokwayo itholakala ku-ESP, futhi ama-kernels alayishiwe kanye nemethadatha ehlobene kubekwa esigabeni esihlukile;
  • Kwengezwe ikhono lokuqalisa ngenketho ethi “systemd.volatile=overlay” edluliselwe ku-kernel, ekuvumela ukuthi ubeke ukuhlukaniswa kwempande kuma-overlayfs futhi uhlele umsebenzi phezu kwesithombe sokufunda kuphela sohlu lwezimpande olunezinguquko ezibhalwe ku- uhla lwemibhalo oluhlukene kuma-tmpfs (izinguquko kulokhu kumisa ziyalahleka ngemva kokuqalisa kabusha) . Ngokufanisa, i-systemd-nspawn yengeze inketho ethi “--volatile=overlay” ukuze isebenzise ukusebenza okufanayo ezitsheni;
  • i-systemd-nspawn yengeze inketho ethi "--oci-bundle" ukuvumela ukusetshenziswa kwezinqwaba zesikhathi sokusebenza ukuze kuhlinzekwe ukwethulwa okukodwa kweziqukathi ezithobelana nokucaciswa kwe-Open Container Initiative (OCI). Ukuze kusetshenziswe kulayini womyalo kanye namayunithi we-nspawn, ukusekelwa kwezinketho ezihlukahlukene ezichazwe ekucacisweni kwe-OCI kuyahlongozwa, isibonelo, okukhethwa kukho okuthi “--inaccessible” kanye “Nokungafinyeleleki” kungasetshenziswa ukuze kungafaki izingxenye zesistimu yefayela, kanye nokuthi “ --console" izinketho zengeziwe ukuze kulungiswe ukusakaza okujwayelekile okukhiphayo kanye "-pipe";
  • Kwengezwe amandla okulawula ukuziphatha kwe-systemd-logind ngokusebenzisa okuguquguqukayo kwemvelo: $SYSTEMD_REBOOT_ TO_FIRMWARE_SETUP,
    $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU kanye
    $SYSTEMD_REBOOT_ TO_BOOT_LOADER_ENTRY. Usebenzisa lezi ziguquko, ungaxhuma izibambi zakho zenqubo yokuqalisa kabusha (/run/systemd/reboot-to-firmware-setup, /run/systemd/reboot-to-boot-loader-menu futhi
    /run/systemd/reboot-to-boot-loader-entry) noma zikhubaze ngokuphelele (uma inani lisethelwe kumanga);

  • Izinketho ezingeziwe "-boot-load-menu=" kanye
    “—boot-loader-entry=”, okukuvumela ukuthi ukhethe into ethile yemenyu yokuqalisa noma imodi yokuqalisa ngemva kokuqalisa kabusha;

  • Kwengezwe umyalo omusha wokuhlukanisa we-sandbox othi “RestrictSUIDSGID=”, esebenzisa i-seccomp ukuvimbela ukudalwa kwamafayela anamafulegi e-SUID/SGID;
  • Kuqinisekiswe ukuthi imikhawulo ye-“NoNewPrivileges” kanye ne-“RestrictSUIDSGID” isetshenziswa ngokuzenzakalelayo kumasevisi ngemodi yokukhiqiza i-ID yomsebenzisi enamandla (“DynamicUser” inikwe amandla);
  • Ukulungiselelwa okuzenzakalelayo kwe-MACAddressPolicy=persistent kumafayela we-.link kushintshiwe ukuze kufakwe amadivayisi amaningi. Ukuxhumana kwamabhuloho enethiwekhi, amathaneli (tun, tap) nezixhumanisi ezihlanganisiwe (ibhondi) azizivezi ngaphandle kwegama lesixhumi esibonakalayo senethiwekhi, ngakho leli gama manje selisetshenziswa njengesisekelo sokubopha amakheli e-MAC ne-IPv4. Ngaphezu kwalokho, isilungiselelo se-“MACAddressPolicy=random” sengeziwe, esingasetshenziswa ukuhlanganisa amakheli e-MAC kanye ne-IPv4 kumadivayisi ngendlela engahleliwe;
  • Amafayela eyunithi ".device" akhiqizwe nge-systemd-fstab-generator awasafaki amayunithi ahambisanayo ".mount" njengokuncika esigabeni "Wants=". Ukuxhuma kalula kudivayisi akusaqalisi ngokuzenzakalelayo iyunithi ukukhwezwa, kodwa amayunithi anjalo asengaqaliswa ngenxa yezinye izizathu, njengengxenye ye-local-fs.target noma njengokuncika kwamanye amayunithi ancike ku-local-fs.target. ;
  • Kwengezwe usekelo lwamamaski (“*”, njll.) kumiyalo ethi “networkctl list/status/lldp” ukuze kuhlungwe amaqembu athile okusebenzelana kwenethiwekhi ngengxenye yegama lawo;
  • I-$PIDFILE eguquguqukayo yemvelo manje isethwe kusetshenziswa indlela ephelele elungiselelwe ezinkonzweni ngepharamitha ye-"PIDFile=;".
  • Iziphakeli ze-Cloudflare zomphakathi (1.1.1.1) zengezwe enanini lamaseva e-DNS ayisipele asetshenziswa uma i-DNS eyinhloko ingachazwanga ngokucacile. Ukuchaza kabusha uhlu lwamaseva e-DNS ayisipele, ungasebenzisa inketho ethi “-Ddns-servers=";
  • Uma ithola ubukhona besilawuli Sedivayisi ye-USB, isibambi esisha se-usb-gadget.target siqaliswa ngokuzenzakalelayo (uma isistimu isebenza kudivayisi yocingo lwe-USB);
  • Kumafayela eyunithi, isilungiselelo esithi “CPUQuotaPeriodSec=” senziwe, esinquma isikhathi esihlobene nesilinganiso sesikhathi se-CPU esilinganiswa ngaso, sisethwe ngokulungiselelwa kwe-“CPUQuota=”;
  • Kumafayela eyunithi, isilungiselelo esithi “ProtectHostname=” senziwe, esivimbela amasevisi ekuguquleni ulwazi olumayelana negama lomsingathi, ngisho noma enezimvume ezifanele;
  • Kumafayela eyunithi, isilungiselelo esithi “NetworkNamespacePath=” senziwe, esikuvumela ukuthi ubophe indawo yegama kumasevisi noma amayunithi esokhethi ngokucacisa indlela eya kufayela le-namespace ku-pseudo-FS/proc;
  • Kwengezwe ikhono lokukhubaza ukushintshwa kwezinto eziguquguqukayo zemvelo ngezinqubo eziqaliswe kusetshenziswa isilungiselelo se-“ExecStart=” ngokungeza uhlamvu oluthi “:” ngaphambi komyalo wokuqala;
  • Okwezibali sikhathi (.timer units) amafulegi amasha athi “OnClockChange=" kanye
    “OnTimezoneChange=", ongalawula ngayo ucingo lweyunithi lapho kushintsha isikhathi sohlelo noma indawo yesikhathi;

  • Kungezwe izilungiselelo ezintsha “ConditionMemory=” kanye “ConditionCPUs=”, ezinquma izimo zokubiza iyunithi kuye ngosayizi wememori kanye nenani lama-CPU cores (isibonelo, isevisi edinga izinsizakusebenza ingaqaliswa kuphela uma inani elidingekayo RAM iyatholakala);
  • Kwengezwe iyunithi entsha ye-time-set.target eyamukela isikhathi sesistimu esimisiwe, ngaphandle kokusebenzisa ukubuyisana neziphakeli zesikhathi zangaphandle kusetshenziswa iyunithi ye-time-sync.target. Iyunithi entsha ingasetshenziswa amasevisi adinga ukunemba kwamawashi endawo angavumelanisiwe;
  • Inketho ethi “--show-transaction” yengezwe ku-“systemctl start” futhi imiyalo efanayo, lapho icacisiwe, isifinyezo sayo yonke imisebenzi engezwe kulayini ngenxa yokusebenza okuceliwe siyaboniswa;
  • i-systemd-networkd isebenzisa incazelo yesimo esisha 'sokugqilazwa', esisetshenziswa esikhundleni sokuthi 'eyehlisiwe' noma 'inkampani yenethiwekhi' ekuxhumaneni kwenethiwekhi okuyingxenye yezixhumanisi ezihlanganisiwe noma amabhuloho enethiwekhi. Ezixhunyweni eziyinhloko, uma kuba nezinkinga ngesixhumanisi esisodwa esiyinhlanganisela, isimo 'sesithwali esehlisiwe' sengeziwe;
  • Kwengezwe inketho ethi “IgnoreCarrierLoss=" kumayunithi wenethiwekhi ukuze ulondoloze izilungiselelo zenethiwekhi uma kulahleka uxhumano;
  • Ngesilungiselelo esithi “RequiredForOnline=” kumayunithi .network, ungakwazi manje ukusetha ubuncane besimo sokuxhumanisa esamukelekayo esidingekayo ukuze udlulisele isixhumi esibonakalayo senethiwekhi “ku-inthanethi” bese ucupha isibambi se-systemd-networkd-wait-online;
  • Kwengezwe inketho ethi “--any” ku-systemd-networkd-wait-online ukuze ulinde ukulungela kwanoma iyiphi indawo yenethiwekhi eshiwo esikhundleni sakho konke, kanye nenketho ethi “--operational-state=” yokunquma isimo senethiwekhi. isixhumanisi esibonisa ukulungela;
  • Kwengezwe izilungiselelo ze-“UseAutonomousPrefix=” kanye nethi “UseOnLinkPrefix=” kumayunithi we-.network, angasetshenziswa ukuziba iziqalo lapho uthola.
    isimemezelo esivela kumzila we-IPv6 (i-RA, Isikhangiso Somzila);

  • Kumayunithi .network, izilungiselelo ze-“MulticastFlood=”, “NeighborSuppression=” kanye nethi “Learning=” zengezwe ukuze kushintshwe amapharamitha okusebenza ebhuloho lenethiwekhi, kanye nesilungiselelo se-“TripleSampling=” ukushintsha imodi ye-TRIPLE-SAMPLING. kokuxhumana okubonakalayo kwe-CAN;
  • Izilungiselelo ze-“PrivateKeyFile=” kanye “ne-PresharedKeyFile=” zengezwe kumayunithi e-.netdev, ongacacisa ngawo okhiye abayimfihlo nababelwe (PSK) bezixhumanisi ze-WireGuard VPN;
  • Kwengezwe izinketho ezifanayo-cpu-crypt kanye nokuthumela-kusuka-ku-crypt-cpus kuya ku-/etc/crypttab, elawula ukuziphatha komhleli lapho ethutha umsebenzi ohlobene nokubethela phakathi kwama-CPU cores;
  • I-systemd-tmpfiles ihlinzeka ngokucutshungulwa kwefayela lokukhiya ngaphambi kokwenza imisebenzi kuzinkomba ezinamafayili esikhashana, okukuvumela ukuthi ukhubaze umsebenzi wokuhlanza amafayela aphelelwe yisikhathi phakathi nesikhathi sezenzo ezithile (isibonelo, lapho ukhipha inqolobane ye-tar ku/tmp, amafayela amadala kakhulu angase abe. evuliwe engakwazi ukususwa ngaphambi kokuphela kwesenzo nabo);
  • Umyalo othi "systemd-analyze cat-config" unikeza ikhono lokuhlaziya ukucushwa okuhlukaniswe ngamafayela amaningana, isibonelo, ukusetha ngaphambilini komsebenzisi nesistimu, okuqukethwe kwe-tmpfiles.d ne-sysusers.d, imithetho ye-udev, njll.
  • Kwengezwe inketho ethi "--cursor-file=" ku-"journalctl" ukuze ucacise ifayela elizolayishwa futhi lilondoloze ikhesa yendawo;
  • Incazelo eyengeziwe ye-ACRN hypervisor kanye nesistimu engaphansi ye-WSL (i-Windows Subsystem ye-Linux) ukuze i-systemd-detect-virt ye-branching elandelayo kusetshenziswa isisebenzisi esinemibandela esithi “ConditionVirtualization”;
  • Ngesikhathi sokufakwa kwe-systemd (lapho kusetshenziswa "ukufakwa kwe-ninja"), ukudalwa kwezixhumanisi ezingokomfanekiso kumafayela systemd-networkd.service, systemd-networkd.socket,
    systemd-resolved.service, remote-cryptsetup.target, remote-fs.target,
    i-systemd-networkd-wait-online.service kanye ne-systemd-timesyncd.service. Ukuze udale lawa mafayela, manje udinga ukusebenzisa umyalo othi “systemctl preset-all”.

Source: opennet.ru

[:]

Engeza amazwana