Emva kweenyanga ezintlanu zophuhliso ukukhutshwa kwenguqulelo entsha ye-systemd 252 kwabhengezwa, uguqulelo apho utshintsho olungundoqo kuguqulelo olutsha yaba ludibaniso lwe Inkxaso ye inkqubo yokuqalisa yangoku, evumela ukuqinisekiswa kungekuphela nje i-kernel kunye ne-bootloader, kodwa kunye namalungu ommandla wenkqubo ephantsi usebenzisa utyikityo lwedijithali.
Indlela ecetywayo ibandakanya ukusetyenziswa komfanekiso wekernel odityanisiweyo we-UKI (Umfanekiso odityanisiweyo we kernel) kumthwalo, odibanisa umqhubi wokulayisha i kernel esuka kwi UEFI (UEFI boot stub), umfanekiso we Linux kernel, kunye nemeko yenkqubo ye initrd elayishwe kwinkumbulo, esetyenziselwa uqalo lokuqala kwinqanaba langaphambili ukuya kwingcambu ye FS ingcambu. .
Ngokukodwa, iinzuzo i-systemd-cryptsetup, i-systemd-cryptenroll kunye ne-systemd-creds ilungisiwe ukusebenzisa olu lwazi, ngoko unokuqinisekisa ukuba izahlulelo zediski ezifihliweyo zibotshelelwa kwikernel esayiniweyo ngokwamanani (kulo mzekelo, ufikelelo kulwahlulo olufihliweyo lunikezelwa kuphela ukuba umfanekiso weUKI udlulise utyikityo lwedijithali olusekwe kuqinisekiso). kwi TPM).
Ukongeza, into eluncedo ye-systemd-pcrphase ibandakanyiwe, ekuvumela ukuba ulawule ukubophelela kwezigaba zokuqalisa ezahlukeneyo ukuya kwiparameters ezibekwe kwinkumbulo yi-cryptoprocessors exhasa i-TPM 2.0 yokucaciswa (umzekelo, ungenza isitshixo sokwahlulahlula i-LUKS2 ifumaneka kuphela kumfanekiso we-initrd kwaye uvimbele ukufikelela kuwo ekukhutshelweni okulandelayo).
Ezona mpawu ziphambili zenkqubo ye-252
Olunye utshintsho olugqamayo kwi-systemd 252, kukuba se uqinisekise indawo ehlala ikho yi C.UTF-8 ukuba akukho ndawo yimbi ekhankanyiweyo kuqwalaselo.
Ukongeza kuyo kwi-systemd 252 nayo kuphunyezwe ukukwazi ukwenza inkonzo epheleleyo yokusebenza kwangaphambili ("systemctl preset") ngexesha lokuqala lokuqala. Ukwenza useto lwangaphambili ngexesha lokuqala kufuna ulwakhiwo ngo "-Dfirst-boot-full-preset" ukhetho, kodwa kucwangciswe ukuba yenziwe ngokungagqibekanga kukhupho oluzayo.
Kwiiyunithi zolawulo lwabasebenzisi sebenzisa isilawuli sezixhobo ze-CPU, okwenza kube lula ukuqinisekisa ukuba i-CPUWeight setting isetyenziswe kuzo zonke iiyunithi ze-slice ezisetyenziselwa ukwahlula inkqubo ibe ngamacwecwe (i-app.slice, i-background.slice, i-session.slice) ukuhlukanisa izixhobo phakathi kweenkonzo ezahlukeneyo zomsebenzisi, ukukhuphisana nezixhobo ze-CPU. I-CPUWeight ikwaxhasa ixabiso "elingasebenziyo" ukuqala indlela efanelekileyo yokuqeshisa.
Kwelinye icala, kwinkqubo yokuqalisa (PID 1), yongeza amandla okungenisa iziqinisekiso ezivela kwimimandla ye-SMBIOS (Uhlobo lwe-11, "amatyathanga ababoneleli be-OEM") kunye nokuwachaza ngeqemu_fwcfg, eyenza lula unikezelo lweziqinisekiso koomatshini benyani kunye nokuphelisa imfuno yezixhobo zomntu wesithathu ezifana nefu -init kunye nokutshisa.
Ngexesha lokuvalwa, ingqiqo yokunganyuki kweenkqubo zefayile yenyani (proc, sys) yatshintshwa, kwaye ulwazi malunga neenkqubo ezithintela inkqubo yefayile ukuhla zigcinwa kwilog.
I-sd bootloader yongeze ukukwazi ukuqala kwimo exutyiweyo, usebenzisa i-64-bit Linux kernel ukusuka kwi-32-bit ye-UEFI firmware. Kongezwe isakhono sokulinga ukusebenzisa ngokuzenzekelayo izitshixo ze-SecureBoot kwiifayile ezibekwe kwi-ESP (i-EFI System Partition).
Kongezwe ukhetho olutsha kwi-bootctl utility "-all-architectures" ukufaka iibhinary kuzo zonke ii-architecture ze-EFI ezixhaswayo, «-ingcambu=" kunye "-umfanekiso=» ukusebenza ngoluhlu okanye umfanekiso wedisk, «--fakela-umthombo=»ukuchaza ifonti ekufuneka uyifake, «--efi-boot-option-description=»ukulawula amagama amangeno esiqalo.
Olunye utshintsho ephuma kwi-systemd 252:
- i-systemd-nspawn ivumela ukusetyenziswa kweendlela zefayile ezizalanayo kwi-“-bind=" kunye no-“-overlay=" okukhethwa kukho. Inkxaso eyongeziweyo yokhetho lwe 'rootidmap' ku-"–bhind=" ukhetho lokubophelela i-ID yomsebenzisi oyingcambu kwisikhongozeli kumnini wolawulo olunyusiweyo kwicala longinginya.
- I-systemd-esonjululwe isebenzisa iphakheji ye-OpenSSL njenge-encryption yangasemva ngokungagqibekanga (inkxaso ye-gnutls igcinwa njengokhetho). I-algorithms ye-DNSSEC engaxhaswanga ngoku iphathwa njengengakhuselekanga endaweni yokubuyisela imposiso (SERVFAIL).
- i-systemd-sysusers, i-systemd-tmpfiles, kunye ne-systemd-sysctl iphumeza ukukwazi ukudlula uqwalaselo ngendlela yokugcina ubungqina.
- Kongezwe umyalelo 'wokuthelekisa iinguqulelo' ku-systemd-analyze ukuthelekisa imitya enamanani enguqulelo (efana ne-'rpmdev-vercmp' kunye ne-'dpkg -compare-versions').
- Yongezwe ukukwazi ukucoca iidrive ngemaski kumyalelo 'we-systemd-analyze dump'.
- Xa ukhetha imowudi yokulala enemigangatho emininzi (lala emva koko ulale phantsi, ulale phantsi emva kokulala), ixesha elichithwe kwimowudi yokulinda ngoku likhethiwe ngokusekelwe kuqikelelo oluseleyo lobomi bebhetri.
- Utshintsho olukhawulezileyo kwimowudi yokulala lwenziwa xa kukho intlawulo yebhetri engaphantsi kwe-5%.
Kukwafanelekile ukukhankanya loo nto ngo-2024, izicwangciso ze-systemd zokuyeka ukuxhasa i-cgroup v1 resource capping mechanism, irhoxisiwe kuguqulelo lwama-248 lwe-systemd. Abalawuli bayacetyiswa ukuba banakekele iinkonzo ezihambayo ezixhunywe kwi-cgroup v1 ukuya kwi-cgroup v2 kwangaphambili.
Umahluko ophambili phakathi kwamaqela v2 kunye ne-v1 kusetyenziso lweqela eliqhelekileyo leqela kuzo zonke iindidi zoovimba, kunoluhlu oluhlukeneyo lolwabiwo lwezixhobo ze-CPU, ulawulo lwenkumbulo, kunye ne-I/O. Uluhlu oluhlukeneyo lukhokelela kubunzima ekuququzeleleni intsebenziswano phakathi kwabaqhubi kunye neendleko ezongezelelweyo zemithombo ye-kernel xa usebenzisa imithetho yenkqubo egama layo kwii-hierarchies ezahlukeneyo.
Kwisiqingatha sesibini sika-2023, kucwangciswe ukuyeka ukuxhasa uluhlu lwemigaqo yokwahlulahlula, xa / usr inyuswe ngokwahlukileyo kwingcambu, okanye / bin kunye / usr / bin, / lib kunye / usr / lib abalawuli bahluliwe.
inkunkuma eninzi evela kwi-lennart..
Umfo ngumsebenzi…kwaye ungumqeshwa olungileyo…uthobelana ngokugqibeleleyo nomphathi wakhe.