I-ProHoster > Блог > izindaba ze-inthanethi > ukukhishwa komphathi wesistimu ye-253

ukukhishwa komphathi wesistimu ye-253

Ngemva kwezinyanga ezintathu nengxenye zokuthuthukiswa, ukukhululwa komphathi wesistimu systemd 253 kwethulwa.

Phakathi kwezinguquko ekukhishweni okusha:

  • Iphakheji ihlanganisa insiza ye-'ukify', eklanyelwe ukwakha, ukuqinisekisa nokukhiqiza amasignesha ezithombe ze-kernel ezihlanganisiwe (UKI, Isithombe se-Kernel Ehlanganisiwe), ehlanganisa isibambi sokulayisha i-kernel kusuka ku-UEFI (i-UEFI boot stub), isithombe se-Linux kernel kanye imvelo yesistimu elayishwe kumemori initrd, esetshenziselwa ukuqaliswa kokuqala esiteji ngaphambi kokukhweza isistimu yefayela lempande. Insiza ithatha indawo yokusebenza eyayinikezwe ngaphambili umyalo we-'dracut -uefi' futhi iwugcwalise ngamakhono okubala ngokuzenzakalelayo ama-offsets kumafayela e-PE, ukuhlanganisa ama-initrds, ukusayina izithombe ezishumekiwe ze-kernel, ukudala izithombe ezihlanganisiwe nge-sbsign, i-heuristics yokunquma i-kernel uname, ukuhlola isithombe esinesikrini se-splash futhi singeza izinqubomgomo ze-PCR esayiniwe ezikhiqizwe insiza ye-systemd-measure.
  • Usekelo olungeziwe lwezindawo ze-initrd ezingakhawulelwe ngokubeka inkumbulo, lapho kusetshenziswa khona ukunqwabelanisa esikhundleni sama-tmpfs. Ezimweni ezinjalo, i-systemd ayiwasusi wonke amafayela ku-initrd ngemva kokushintsha uhlelo lwefayela lempande.
  • Ipharamitha ye-“OpenFile” yengezwe ezinsizeni zokuvula amafayela angekho emthethweni ohlelweni lwefayela (noma ukuxhuma kumasokhethi e-Unix) nokudlulisa izincazelo zefayela ezihlotshaniswayo kunqubo yethuliwe (isibonelo, uma udinga ukuhlela ukufinyelela kwefayela isevisi engenamalungelo ngaphandle kokushintsha amalungelo okufinyelela kufayela) .
  • Ku-systemd-cryptenroll, lapho ubhalisa okhiye abasha, kungenzeka ukuthi uvule ukwahlukanisa okubethelwe usebenzisa amathokheni e-FIDO2 (--unlock-fido2-device) ngaphandle kokudinga iphasiwedi. Iphinikhodi eshiwo umsebenzisi igcinwa ngosawoti ukuze kube nzima ukutholwa kwe-brute-force.
  • Kwengezwe izilungiselelo ze-ReloadLimitIntervalSec kanye ne-ReloadLimitBurst, kanye nezinketho zomugqa womyalo we-kernel (systemd.reload_limit_interval_sec kanye /systemd.reload_limit_burst) ukuze kukhawulwe ukushuba kwenqubo yasemuva iqala kabusha.
  • Kumayunithi, inketho ye-“MemoryZSwapMax” iye yasetshenziswa ukuze kulungiselelwe isici se-memory.zswap.max, esinquma ubukhulu bosayizi we-zswap.
  • Kumayunithi, inketho ye-“LogFilterPatterns” isetshenzisiwe, ekuvumela ukuthi usethe izinkulumo ezivamile ukuze uhlunge okukhipha ulwazi kulogi (ingasetshenziswa ukuze ukhiphe okukhiphayo okuthile noma ulondoloze idatha ethile kuphela).
  • Amayunithi wobubanzi manje asekela ukulungiselelwa kwe-“OOMPolicy” ukuze usethe ukuziphatha lapho uzama ukukhipha kuqala lapho inkumbulo iphansi (amaseshini okungena ngemvume asethelwe ku-OOMPolicy=qhubeka ukuze umbulali we-OOM angawaqedi ngenkani).
  • Kuchazwe uhlobo olusha lwesevisi - “Type=notify-reload”, olunweba uhlobo lwe-“Type=notify” olunekhono lokulinda isignali yokuqalisa kabusha ukuze iqedele ukucutshungulwa (SIGHUP). Amasevisi e-systemd-networkd.service, systemd-udevd.service kanye ne-systemd-logind adluliselwe ohlotsheni olusha.
  • i-udev isebenzisa isikimu esisha sokuqamba samadivayisi enethiwekhi, umehluko ukuthi kumadivayisi e-USB angaboshelwe ebhasini le-PCI, i-ID_NET_NAME_PATH manje isethelwe ukuqinisekisa amagama abikezelwe kakhudlwana. I-opharetha ethi '-=' isetshenziswe ku-SYMLINK okuguquguqukayo, okushiya izixhumanisi ezingokomfanekiso zingalungiselelwe uma umthetho wokuzingeza ubuchazwe ngaphambilini.
  • Ku-systemd-boot, ukudluliswa kwembewu yamajeneretha enombolo-mbumbulu ku-kernel kanye ne-backend yediski kusetshenzwe kabusha. Ukwesekwa okwengeziwe kokulayisha i-kernel hhayi kuphela ku-ESP (EFI System Partition), isibonelo, ku-firmware noma ku-QEMU ngqo. Ukuhlukaniswa kwamapharamitha we-SMBIOS kunikezwa ukuze kunqunywe ukuqalisa endaweni yokwenza izinto ezibonakalayo. Kusetshenziswe imodi entsha 'uma-ephephile' lapho isitifiketi se-UEFI Secure Boot silayishwa sisuka ku-ESP kuphela uma sithathwa njengephephile (isebenza ngomshini obonakalayo).
  • Insiza ye-bootctl isebenzisa ukukhiqizwa kwamathokheni wesistimu kuzo zonke izinhlelo ze-EFI, ngaphandle kwezindawo ze-virtualization. Kungezwe imiyalo ethi 'i-kernel-identify' kanye 'ne-kernel-spect' ukuze kuboniswe uhlobo lwesithombe se-kernel nolwazi mayelana nezinketho zomugqa womyalo kanye nenguqulo ye-kernel, 'susa ukuxhumanisa' ukuze kukhishwe ifayela elihlobene nohlobo lokuqala lwamarekhodi okuqalisa, 'cleanup' ukuze ususe konke. amafayela asuka kunkomba ethi "entry-token" ku-ESP naku-XBOOTLDR, engahlotshaniswa nohlobo lokuqala lwamarekhodi okuqalisa. Ukucutshungulwa kokuhluka kwe-KERNEL_INSTALL_CONF_ROOT kuhlinzekiwe.
  • Umyalo we-'systemctl list-dependencies' manje usekela ukucutshungulwa kwezinketho ze-'--type' kanye ne-'--state', futhi umyalo we-'systemctl kexec' wengeza ukusekelwa kwezindawo ngokusekelwe ku-Xen hypervisor.
  • Kumafayela enethiwekhi esigabeni [DHCPv4], usekelo lwe-SocketPriority ne-QuickAck, i-RouteMetric=high|medium|izinketho eziphansi manje seyengeziwe.
  • Izinketho ezingeziwe ze-Systemd-repart “--include-partitions”, “--exclude-partitions” kanye “--defer-partitions” ukuze uhlunge ama-partitions ngohlobo lwe-UUID, okuyinto, ngokwesibonelo, ekuvumela ukuthi wakhe izithombe lapho ingxenye eyodwa ikhona. eyakhelwe ngokusekelwe kokuqukethwe kwesinye isahlukaniso. Kuphinde kwengezwe inketho ethi "--sector-size" ukuze ucacise usayizi womkhakha osetshenziswe uma udala ukwahlukanisa. Kwengezwe usekelo lokwenziwa kwefayela le-erofs. Isilungiselelo esithi Nciphisa sisebenzisa ukucutshungulwa kwevelu “elingcono kakhulu” ukuze ukhethe usayizi omncane ongakhona wesithombe.
  • i-systemd-journal-remote ivumela ukusetshenziswa kwe-MaxUse, KeepFree, MaxFileSize kanye nezilungiselelo ze-MaxFiles ukuze kukhawulwe ukusetshenziswa kwesikhala sediski.
  • i-systemd-cryptsetup yengeza usekelo lokuthumela izicelo ezisebenzayo kumathokheni e-FIDO2 ukuze kunqunywe ubukhona bawo ngaphambi kokuqinisekisa.
  • Amapharamitha amasha we-tpm2-measure-bank kanye ne-tpm2-measure-pcr engeziwe ku-crypttab.
  • i-systemd-gpt-auto-generator isebenzisa ukukhwezwa kwezingxenye ze-ESP ne-XBOOTLDR kumamodi e-“noexec,nosuid,nodev”, futhi yengeza ukubala kwe-rootfstype namapharamitha e-rootflags adluliselwe kulayini womyalo we-kernel.
  • i-systemd-resolved inikeza ikhono lokumisa amapharamitha esixazululi ngokucacisa i-nameserver, isizinda, inethiwekhi.dns kanye nezinketho zenethiwekhi.search_domains emugqeni womyalo we-kernel.
  • Umyalo othi “systemd-analyze plot” manje usunamandla okukhipha ngefomethi ye-JSON lapho ucacisa ifulegi elithi “-json”. Izinketho ezintsha "--table" kanye "-no-legend" nazo zengeziwe ukulawula okukhiphayo.
  • Ngo-2023, sihlela ukuqeda ukusekelwa kwamaqoqo v1 kanye nezigaba zohlu lwemibhalo ezihlukanisiwe (lapho /usr ifakwe ngokuhlukana nempande, noma /bin kanye /usr/bin, /lib kanye /usr/lib bahlukaniswa).

Source: opennet.ru

Engeza amazwana