Ci gaba tare da yanayin ci gaban da ake iya faɗi, bayan watanni 4 na cigaba an bayyana shi ƙaddamar da sabon sigar na Tsarin 248.
A cikin wannan sabon sigar se yana bada tallafi na hoto don fadada kundayen adireshi tsarin, mai amfani systemd-cryptenroll, kazalika da ikon buɗe LUKS2 ta amfani da kwakwalwan TPM2 da alamun FIDO2, ƙaddamar da tuki a cikin keɓance mai gano IPC, da ƙari.
Sabbin fasali na tsarin 248
A cikin wannan sabon sigar an aiwatar da manufar hotunan tsawaita tsarin, wanda za'a iya amfani dashi don faɗaɗa tsarin shugabanci da ƙara ƙarin fayiloli a lokutan aiki, koda kuwa takamaiman kundayen adireshin suna saka-karanta kawai. Lokacin da aka ɗora hoto mai tsarkewa, ana lulluɓe abubuwan da ke ciki a cikin matsayi ta amfani da OverlayFS.
Wani canjin da yayi fice shine se ya gabatar da sabon tsarin amfani-systemse-sysext don haɗawa, cire haɗin, duba da sabunta hotuna extara tsarin, gami da sabis na systemd-sysext.service an ƙara ta don ɗaga hotunan da aka riga aka girka ta atomatik a lokacin taya. Ga raka'a, ana aiwatar da tsarin ExtensionImages, wanda za'a iya amfani dashi don danganta hotunan tsawaita tsarin zuwa tsarin suna na FS na keɓaɓɓun sabis.
Tsarin-cryptsetup yana ƙara ikon cire URI daga alamar PKCS # 11 da kuma maballin ɓoyayyen bayanan daga LUKS2 metadata header a cikin tsarin JSON, wanda bayarda damar bude bayanan abin rufaffen bayanan da za'a shigar dasu cikin na'urar ita kanta ba tare da haɗa fayiloli na waje ba, ƙari bayar da tallafi don buɗe ɓoyayyen ɓoyayyen LUKS2 ta amfani da kwakwalwan TPM2 da alamun FIDO2, ban da alamun PKCS # 11 da aka tallafawa a baya. Ana yin loda libfido2 ta hanyar dlopen (), ma'ana, ana bincika samuwa a kan tashi, ba azaman dogaro mai lamba ba.
Hakanan, a cikin tsarin 248 systemd-networkd ya ƙara tallafi don yarjejeniyar BATMAN na raga («Ingantacciyar Hanyar Sadarwa ta Waya Adhoc), wanda ba ka damar ƙirƙirar hanyoyin sadarwa mara kyau, kowane kumburi inda yake haɗuwa ta hanyar mahaɗan makwabta.
An kuma haskaka cewa aiwatar da tsarin amsawa na farko zuwa mantuwa an daidaita shi akan systemd-oomd system, da kuma DefaultMemoryPressureDurationSec zabin dan saita lokacin jiran fitowar kayan aiki kafin ya shafi drive. Systemd-oomd yana amfani da PSI (Matsa lamba Sanannen Bayani) tsarin kernel da kuma yana ba da damar gano bayyanar jinkiri saboda ƙarancin albarkatu da kuma zaɓar rufe hanyoyin aiwatar da kayan aiki mai ƙarfi a wani mataki inda tsarin har yanzu bai kasance cikin mawuyacin hali ba kuma ba zai fara datse ma'ajin ba da kuma matsar da bayanai zuwa bangaren musayar.
IPara saitin PrivateIPC, cewa ba ka damar saita ƙaddamar da matakai a cikin keɓaɓɓiyar IPC sarari a cikin fayil ɗin naúra tare da abubuwan ganowa da layin sakon. Don haɗa drive zuwa sararin gano IPC wuri, an samar da zaɓi na IPCNamespacePath.
Duk da yake don kernels da ke akwai, an aiwatar da ƙarni na atomatik na teburin kiran kira don matatun seccomp.
Na wasu canje-canje da suka yi fice:
- Mai amfani da systemd-distribu ya ƙara ikon kunna ɓoye ɓoye ta amfani da kwakwalwan TPM2, misali, don ƙirƙirar ɓoyayyen ɓoyayyen / var akan but na farko.
- Ara mai amfani da systemd-cryptenroll don ɗaura alamun TPM2, FIDO2, da PKCS # 11 a cikin sassan LUKS, da kuma buɗewa da duba alamun, ɗaura maɓallin keɓewa, da saita kalmar wucewa ta shiga.
- An kara saitunan ExecPaths da NoExecPaths don amfani da tutar noexec zuwa takamaiman sassan tsarin fayil.
- Edara saitin layin umarni na kwaya - "root = tmpfs", wanda ke ba da damar saka tushen tushen zuwa ajiyar wucin gadi da ke cikin RAM ta amfani da Tmpfs.
- Wani toshe tare da masu canjin yanayi da aka fallasa yanzu za'a iya saita su ta hanyar sabon zaɓi na Yanayin Yanayi a cikin system.conf ko user.conf, ba wai kawai ta layin umarnin kernel da saitunan fayil ɗin naúra ba.
- A lokacin tarawa, zaku iya amfani da tsarin kira na fexecve () maimakon aiwatarwa () don fara aiwatarwa don rage jinkiri tsakanin bincika yanayin tsaro da aiwatar dashi.