I-ProHoster > Блог > izindaba ze-inthanethi > ukukhishwa komphathi wesistimu ye-244

ukukhishwa komphathi wesistimu ye-244

Ngemva kwezinyanga ezintathu zentuthuko kwethulwe ukukhululwa komphathi wesistimu uhlelo lwe-244.

Izinguquko eziyinhloko:

  • Ukwesekwa okwengeziwe kwesilawuli sensiza ye-cpuset esekelwe ku-cgroups v2, ehlinzeka ngendlela yezinqubo zokubophezela kuma-CPU athile (ukulungiselelwa kwe-“AllowedCPUs”) kanye namanodi enkumbulo e-NUMMA (ukulungiselelwa kwe-“AllowedMemoryNodes”);
  • Ukwesekwa okungeziwe kokulayisha izilungiselelo kusuka ku-SystemdOptions EFI eguquguqukayo yokucushwa kwe-systemd, okukuvumela ukuthi wenze ngendlela oyifisayo ukuziphatha kwe-systemd ezimeni lapho ukushintsha izinketho zomugqa womyalo we-kernel kuyinkinga futhi ukucushwa kwediski kufundwa sekwephuzile (isibonelo, uma udinga ukulungisa izinketho. okuhlobene nokuhlelwa kweqembu). Ukusetha okuguquguqukayo ku-EFI, ungasebenzisa umyalo 'i-bootctl systemd-efi-options';
  • Kwengezwe ukusekelwa kumayunithi ukuze kulayishwe izilungiselelo ezivela kunkomba ye-“{unit_type}.d/” ehlotshaniswa nezinhlobo zamayunithi (isibonelo, “service.d/”), angasetshenziswa ukwengeza izilungiselelo ezimboza wonke amafayela eyunithi ohlobo oluthile kokuthi kanye;
  • Kumayunithi esevisi, imodi yokuhlukanisa ye-sandbox entsha ye-ProtectKernelLogs yengeziwe, ekuvumela ukuthi unqabele ukufinyelela kohlelo kubhafa yelogi ye-kernel, efinyeleleka ngocingo lwesistimu ye-syslog (akumele kudidaniswe ne-API yegama elifanayo elinikezwe ku-libc). Uma imodi yenziwe yasebenza, ukufinyelela kohlelo lokusebenza ku-/proc/kmsg, /dev/kmsg kanye ne-CAP_SYSLOG kuzovinjelwa;
  • Kumayunithi, isilungiselelo se-RestartKillSignal sihlongozwa, esikuvumela ukuthi uchaze kabusha inombolo yesiginali esetshenziselwa ukunqamula inqubo phakathi nokuqalisa kabusha umsebenzi (ungashintsha ukuziphatha kokumisa inqubo esigabeni sokulungiselela ukuqalisa kabusha);
  • Umyalo we-"systemctl clean" uguqulelwe ukusetshenziswa ne-socket, mount, kanye namayunithi okushintshanisa;
  • Esigabeni sokuqala sokulayisha, imikhawulo ekushubeni kokuphuma kwe-kernel yemiyalezo ngekholi ye-printk iyacishwa, okuvumela amalogi aphelele mayelana nenqubekelaphambili yokulayisha ukuthi aqoqwe ngesikhathi lapho ukugcinwa kwelogi kungakaxhunywanga. inqwabelana ku-kernel ring buffer). Ukusetha imikhawulo yokuphrinta emugqeni womyalo we-kernel kuthatha kuqala futhi kukuvumela ukuthi ukhiphe ukuziphatha kwesistimu. Izinhlelo ze-Systemd ezikhipha ngokuqondile amalogi ku-/dev/kmsg (lokhu kwenziwa ngaphambi kwesikhathi kuphela esigabeni sokuqalisa) zisebenzisa imikhawulo ehlukene yangaphakathi ukuze zivikeleke ku-clog yesigcinalwazi;
  • Umyalo othi 'stop --job-mode=triggering' ungeziwe kuhlelo lokusebenza lwe-systemctl, okuvumela ukuthi umise kokubili iyunithi eshiwo kulayini womyalo kanye nawo wonke amayunithi angayibiza;
  • Ulwazi lwesifunda seyunithi manje luhlanganisa ulwazi mayelana nokushaya kanye namayunithi abizwa;
  • Kungenzeka ukusebenzisa isilungiselelo se-“RuntimeMaxSec” kumayunithi wesikophu (ngaphambilini besisetshenziswa kumayunithi wesevisi kuphela). Isibonelo, "i-RuntimeMaxSec" manje ingasetshenziswa ukukhawulela isikhathi se-PAM ngokusebenzisa ukwakhiwa kweyunithi yesikophu.
    nge-akhawunti yomsebenzisi. Umkhawulo wesikhathi ungasethwa nangenketho ye-systemd.runtime_max_sec kumapharamitha wemojula ye-pam_systemd PAM;

  • Kwengezwe iqembu elisha lamakholi wesistimu okuthi “@pkey”, lapho kukhawulwa iziqukathi namasevisi, okwenza kube lula ukugunyaza amakholi esistimu ahlobene nokuvikelwa kwememori;
  • Kwengezwe ifulegi elithi "w+" kuma-systemd-tmpfiles ukuze abhalwe kumodi yokufaka ifayela;
  • Ulwazi olungeziwe ku-systemd-analyse okukhiphayo mayelana nokuthi ukucushwa kwememori ye-kernel kuyahambisana yini nezilungiselelo ze-systemd (isibonelo, uma uhlelo oluthile lwenkampani yangaphandle luguqule amapharamitha e-kernel);
  • Inketho ethi “--base-time” yengezwe ku-systemd-analyse, lapho kucacisiwe, idatha yekhalenda ibalwa ngokuqhathaniswa nesikhathi esishiwo kule nketho, futhi ayihlobene nesikhathi sesistimu yamanje;
  • I-“journalctl —update-catalog” iqinisekisa ukuvumelana ngokulandelana kwezakhi kokuphumayo (okuwusizo ekuhleleni izakhiwo eziphindaphindwayo);
  • Kwengezwe amandla okucacisa inani elizenzakalelayo lezilungiselelo ze-"WatchdogSec" ezisetshenziswa kumasevisi e-systemd. Ngesikhathi sokuhlanganiswa, inani eliyisisekelo linganqunywa ngenketho ethi "-Dservice-watchdog" (uma isethelwe ekungenalutho, i-watchdog izokhutshazwa);
  • Kwengezwe inketho yokwakha "-Duser-path" ukuze ukhiphe inani elingu-$PATH;
  • Kwengezwe inketho ethi "-u" ("--uuid") ku-systemd-id128 ukuze kukhishwe izihlonzi ezingamabhithi ayi-128 ku-UUID (ukumelwa kwecanonical kwe-UUID);
  • I-Build manje idinga okungenani inguqulo ye-libcryptsetup 2.0.1.

Izinguquko ezihlobene nezilungiselelo zenethiwekhi:

  • I-Systemd-networkd yengeze usekelo lokumisa kabusha isixhumanisi endizeni, lapho imiyalo “yokulayisha kabusha” kanye “nokulungisa kabusha i-DEVICE...” yengezwe ku-networkctl ukuze kuphinde kulayishwe izilungiselelo futhi kumiswe kabusha amadivayisi;
  • I-systemd-networkd iyekile ukudala imizila ezenzakalelayo yezixhumanisi zasendaweni ze-IPv4 ezinamakheli e-intranethi 169.254.0.0/16 (Xhumanisa-yasendaweni). Ngaphambilini, ukudala ngokuzenzakalelayo imizila ezenzakalelayo yezixhumanisi ezinjalo kubangele ukuziphatha okungalindelekile kanye nezinkinga zomzila kwezinye izimo. Ukuze ubuyisele ukuziphatha okudala, sebenzisa isilungiselelo esithi “DefaultRouteOnDevice=yebo”. Ngokufanayo, ukunikezwa kwamakheli e-IPv6 endawo kuyamiswa uma umzila we-IPv6 wendawo ungavunyelwe kusixhumanisi;
  • Ku-systemd-networkd, lapho uxhumeka kumanethiwekhi angenawaya kumodi yesikhangiso, ukucushwa okuzenzakalelayo kusetshenziswa ikheli le-link-local (link-local);
  • Kwengezwe imingcele i-RxBufferSiz kanye ne-TxBufferSize ukuze ulungiselele usayizi wamabhafa owamukelayo nowathumelayo wesixhumi esibonakalayo senethiwekhi;
  • i-systemd-networkd isebenzisa isikhangiso semizila eyengeziwe ye-IPv6, elawulwa ngezinketho ze-Route ne-LifetimeSec kusigaba esithi “[IPv6RoutePrefix]";
  • i-systemd-networkd yengeze ikhono lokumisa imizila “ye-hop elandelayo” usebenzisa izinketho ze-“Gateway” kanye “ne-Id” esigabeni se-[NextHop]”;
  • i-systemd-networkd ne-networkctl ye-DHCP ihlinzeka ngokubuyekezwa okundizayo kokubophezela kwekheli le-IP (ukuqasha), okusetshenziswa ngomyalo 'wokuvuselela i-networkctl';
  • i-systemd-networkd iqinisekisa ukuthi ukucushwa kwe-DHCP kusethwa kabusha ekuqaliseni kabusha (sebenzisa inketho ye-KeepConfiguration ukuze ulondoloze izilungiselelo). Inani elizenzakalelayo lokulungiselelwa kwe-SendRelease lishintshiwe laba “iqiniso”;
  • Iklayenti le-DHCPv4 liqinisekisa ukuthi inani lenketho le-OPTION_INFORMATION_REFRESH_TIME elithunyelwe iseva liyasetshenziswa. Ukuze ucele izinketho ezithile kuseva, ipharamitha ethi “RequestOptions” iyahlongozwa, kanye nokuthumela izinketho kuseva - “SendOption”. Ukuze ulungiselele uhlobo lwesevisi ye-IP ngeklayenti le-DHCP, ipharamitha ye-“IPServiceType” yengeziwe;
  • Ukushintsha uhlu lwamaseva we-SIP (Session Initiation Protocol) kumaseva e-DHCPv4, amapharamitha we-“EmitSIP” kanye “ne-SIP” engeziwe. Ohlangothini lweklayenti, ukuthola amapharamitha e-SIP kusuka kuseva kungavulwa kusetshenziswa isilungiselelo esithi “UseSIP=yebo”;
  • Kwengezwe ipharamitha ethi "PrefixDelegationHint" kuklayenti le-DHCPv6 ukuze ucele isiqalo sekheli;
  • .amafayela enethiwekhi ahlinzeka ngosekelo lokumepha amanethiwekhi angenawaya nge-SSID ne-BSSID, isibonelo ukuhlanganisa igama lephoyinti lokufinyelela nekheli le-MAC. Amanani e-SSID kanye ne-BSSID aboniswa kokuphumayo kwe-networkctl kwezokuxhumana ezingenantambo. Ukwengeza, ikhono lokuqhathanisa ngohlobo lwenethiwekhi engenantambo lengeziwe (ipharamitha ye-WLANInterfaceType);
  • i-systemd-networkd yengeze amandla okumisa iziyalo zolayini ukuze ulawule ithrafikhi usebenzisa amapharamitha amasha Omzali,
    I-NetworkEmulatorDelaySec, NetworkEmulatorDelayJitterSec,
    I-NetworkEmulatorPacketLimit kanye ne-NetworkEmulatorLossRate,
    I-NetworkEmulatorDuplicateRate esigabeni esithi “[TrafficControlQueueingDiscipline]”;

  • i-systemd-resolved inikeza ukuqinisekiswa kwamakheli e-IP ezitifiketini uma wakha nge-GnuTLS.

izinguquko ezihlobene ne-udev:

  • I-Systemd-udevd isuse isikhathi sokuvala sesibili esiyi-30 ukuze iphoqe izibambi ezibambekile ukuthi zinqamule. I-Systemd-udevd manje ilinde ukuqedwa kwezibambi lapho imizuzwana engu-30 ayenganele ukuqedela imisebenzi ngokuvamile ekufakweni okukhulu (isibonelo, ukuphela kwesikhathi kungase kuphazamise ukuqaliswa komshayeli phakathi nenqubo yokushintsha ukwahlukanisa okukhweziwe kusistimu yefayela lempande). Uma usebenzisa i-systemd, isikhathi sokuvala i-systemd-udevd esizosilinda ngaphambi kokuphuma singasethwa ngesilungiselelo se-TimeoutStopSec ku-systemd-udevd.service. Uma isebenza ngaphandle kwe-systemd, ukuphela kwesikhathi kulawulwa ipharamitha ethi udev.event_timeout;
  • Kwengezwe uhlelo lwe-fido_id lwe-udev, olukhomba amathokheni e-FIDO CTAP1
    (“U2F”)/CTAP2 esekelwe kudatha emayelana nokusetshenziswa kwazo kwangaphambilini futhi ibonisa okuguquguqukayo kwemvelo okudingekayo (uhlelo lukuvumela ukuba wenze ngaphandle kohlu lwangaphandle olumhlophe lwawo wonke amathokheni aziwayo abesetshenziswa ngaphambilini);

  • Kusetshenziswe ukukhiqizwa okuzenzakalelayo kwemithetho ye-udev autosuspend yamadivayisi asuka ohlwini olumhlophe olungeniswe lusuka ku-Chromium OS (ushintsho lukuvumela ukuthi unwebe ukusetshenziswa kwamamodi okonga amandla kumadivayisi engeziwe);
  • Isilungiselelo esisha esithi "CONST{key}=value" sengezwe ku-udev ukuze kuvunyelwe ukumepha kwamanani angaguquki esistimu ngaphandle kokusebenzisa izibambi zokuhlola ezihlukene. Okwamanje kuphela okhiye be-"arch" kanye "no-virt" abasekelwayo;
  • I-CDROM inikwe amandla ukuthi ivuleke ngemodi engakhethekile lapho yenza isicelo sezindlela ezisekelwayo (ushintsho luxazulula izinkinga ngezinhlelo ezifinyelela ku-CDROM futhi lunciphisa ubungozi bokuphazamiseka kwezinhlelo zokubhala idiski ezingasebenzisi imodi yokufinyelela ekhethekile).

Source: opennet.ru

Engeza amazwana