Ngemuva kwezinyanga ezinhlanu zentuthuko inguqulo entsha yeSystemd 246 yethulwe, lapho inguqulo entsha kufaka phakathi ukusekelwa kokuqandisa kweyunithi, ikhono lokuqinisekisa isithombe sediski ngesiginesha yedijithali, ukusekelwa kokucindezelwa kwerejista nokulahla okuyisisekelo usebenzisa i-algorithm yeZSTD, phakathi kwezinye izinto.
Kulabo abangajwayele i-systemd, kufanele ukwazi lokho lokhu kuyisethi yamademoni okuphatha uhlelo, imitapo yolwazi namathuluzi aklanywe njengokulawulwa okuphakathi nendawo yesikhulumi sokusebenzisana ne-kernel yohlelo lwe-GNU / Linux Operating System.
Yini okusha ku-Systemd 246?
Kule nguqulo entsha kugqanyiswa izinguquko eziningana futhi enye yazo isilawuli sezinsizakusebenza ngokususelwa kumaqembu we-v2, engikwaziyo ngakho ingamisa izinqubo futhi ikhulule izinsiza ezithile okwesikhashana ukwenza eminye imisebenzi. Ukubanda nokuncibilikisa kwamayunithi kulawulwa umyalo omusha othi "systemctl freeze" noma nge-D-Bus.
Olunye ushintsho olugqamile olusha ungeze ukusekelwa ukuqinisekisa isithombe sediski ngesiginesha yedijithali. Ukuqinisekiswa kwenziwa kusetshenziswa izilungiselelo ezintsha kumayunithi esevisi: I-RootHash ne-RootHashSignature.
Kumadrayivu we- * .mount, ukusethwa kwe-ReadWriteOnly kuyasetshenziswa, evimbela ukufaka ukwahlukanisa kumodi yokufunda kuphela uma kungakwazi ukukhwezwa ukuze kufundwe nokubhala.
Okokushayela kwe-* .socket, isilungiselelo se-PassPacketInfo sengeziwe, evumela i-kernel ukuthi ingeze imethadatha eyengeziwe yephakethe ngalinye elifundwe kusokhethi.
Kumasevisi, ukucushwa okuhlongozwayo yiCoredumpFilter kanye ne-TimeoutStartFailureMode / TimeoutStopFailureMode lapho ukuphela kwesikhathi kwenzeka lapho uqala noma umisa insiza).
Ngaphezu kwakho, futhi igqamisa izilungiselelo ezintsha zefayela ledrayivu ezingeziwe: IsimoPathIsEncrypted ne-AssertPathIsEncrypted ukubheka indawo yendlela ebekiwe kudivayisi ye-block usebenzisa ukubethela (dm-crypt / LUKS), i-ConditionEnvelo ne-AssertEnvelo ukubheka okuguquguqukayo kwemvelo (ngokwesibonelo, kusethwe yi-PAM noma lapho kulungiswa iziqukathi).
Kumapharamitha ahlukahlukeneAma-Command line s namafayela wokumisa ahlobene nokumisa okhiye noma izitifiketi, ikhono lokucacisa indlela eya kumasokhethi e-Unix liyasetshenziswa (AF_UNIX) ukudlulisa okhiye nezitifiketi ngezingcingo eziya ezinsizakalweni ze-IPC, lapho kungathandeki ukubeka izitifiketi kwizitori zediski ezingabhalwanga.
Futhi, insizakalo ye-systemd-homed ithole ikhono elengeziwe lokuvula izinkomba zasekhaya kusetshenziswa amathokheni we-FIDO2 futhi nge-backend encryption backend I-LUKS ingeza ukusekelwa kokubuyisa ngokuzenzakalela amabhulokhi wesistimu yefayela angenalutho ekupheleni kweseshini.
Futhi ungeze imingcele emisha yomugqa we-kernel: systemd.hostname ukusetha igama lomethuleli esigabeni sokuqala sokuqalisa
- udev.blockdev_read_only ukuvimbela wonke amadivayisi we-block ahlotshaniswa namadrayivu angokwenyama kumodi yokufunda kuphela (ungasebenzisa umyalo "blockdev -setrw" ukukhansela ngokukhetha)
- systemd.shintsha ukukhubaza ukusebenza okuzenzakalelayo kokuhlukaniswa kokushintshaniswa
- systemd.clock-usec ukusetha iwashi lohlelo kuma-microseconds
- i-systemd.condition-needs-update and systemd.condition-first-boot Ukweqa ukuhlolwa kwe-ConditionNeedsUpdate ne-ConditionFirstBoot.
Kwezinye izinguquko lezo aveza:
- Ku-systemd-networkd, esigabeni se- [DHCPv4], isilungiselelo se-UseGateway sesingeziwe ukukhubaza ukusetshenziswa kwemininingwane yesango etholwe nge-DHCP.
- Ku-systemd-networkd, ezingxenyeni ze- [DHCPv4] ne- [DHCPServer], isethingi ye-SendVendorOption ingeziwe ukusetha nokucubungula izinketho zabanye abahlinzeki.
- ISystemd-networkd inesethi entsha ye-EmitPOP3 / POP3, EmitSMTP / SMTP kanye nezinketho ze-EmitLPR / LPR kusigaba se- [DHCPServer] ukufaka imininingwane mayelana namaseva we-POP3, SMTP ne-LPR.
- Kuqanjwe kabusha ukulungiselelwa kusuka ku-BlackList kuya ku-DenyList (ngokuhambisana nokubuyela emuva, ukuphatha igama lakudala kuyagcinwa).
- I-Systemd-networkd ingeze ingxenye enkulu yezilungiselelo ezihlobene ze-IPv6 ne-DHCPv6.
- Kungezwe ukusekelwa kokuhlolwa kwe-SNI ku-DNS ngokuqaliswa kwe-TLS.
- Ku-systemd ixazululiwe, amandla wokumisa ukuqondiswa kabusha kwamagama we-DNS anelebula elilodwa (wegama lomethuleli) engeziwe.
Ekugcineni uma ufuna ukwazi irekhodi eliphelele wezinguquko nezindaba ezilethwe kulokhu kukhishwa okusha kwe-systemd 246, ungabonisana nabo Kulesi sixhumanisi esilandelayo.
i-systemd iyabamba !!