i-systemd 248 iza nokuthuthuka kokuvula amathokheni, ukwesekwa kwesithombe sokwandisa izinkomba nokuningi

Darkcrizt

Imizuzu ye-4

uhlelo-245

Ukuqhubeka nomjikelezo wentuthuko ongaqagelwa, ngemuva kwezinyanga ezi-4 zentuthuko ivezwe ukwethulwa kwenguqulo entsha ye uhlelo 248.

Kule nguqulo entsha se inikeza ukusekelwa kwesithombe kwezinkomba zokwandisa system, insiza systemd-cryptenroll, kanye ne ikhono lokuvula i-LUKS2 usebenzisa ama-TPM2 chips namathokheni we-FIDO2, qalisa ukushayela endaweni eyisikhombi ye-IPC, nokuningi okuningi.

Izici ezintsha eziyinhloko ze-systemd 248

Kule nguqulo entsha umqondo wezithombe zesandiso wohlelo usetshenzisiwe, engasetshenziswa ukunweba isikhundla senkomba futhi ingeze amafayela angeziwe ngezikhathi zokuqalisa, noma ngabe izinkomba ezicacisiwe zifakwe ukufundwa kuphela. Lapho isithombe sesandiso sesistimu sifakiwe, okuqukethwe kwaso kunamekwe esigabeni sabaphathi kusetshenziswa i-OverlayFS.

Olunye ushintsho oluvelele yilolo sU-e uphakamise uhlelo olusha lokusetshenziswa kwesistimu-ukuxhuma, ukunqamula, ukubuka nokuvuselela izithombe izandiso zesistimu, kanye ne-systemd-sysext.service service ingeziwe ukufaka ngokuzenzakalela izithombe esezivele zifakiwe ngesikhathi sokuqalisa. Okwezinyunithi, ukumiswa kwe-ExtensionImages kuyasetshenziswa, okungasetshenziswa ukuxhumanisa izithombe zokunweba kwesistimu kubaphathi besikhala segama le-FS bezinsizakalo ezizimele.

I-Systemd-cryptsetup ingeza ikhono lokukhipha i-URI ethokheni le-PKCS # 11 nokhiye obetheliwe osuka kunhlokweni yemethadatha ye-LUKS2 ngefomethi ye-JSON, okuyi ivumela imininingwane evulekile yedivayisi ebethelwe ukuthi ihlanganiswe nedivayisi uqobo ngaphandle kokubandakanya amafayela angaphandle, ngokungeziwe inikeza ukusekelwa kokuvula ukwahlukanisa okubethelwe kwe-LUKS2 kusetshenziswa ama-TPM2 chips namathokheni we-FIDO2, ngaphezu kwamathokheni we-PKCS # 11 asekelwa phambilini. Ukulayisha i-libfido2 kwenziwa nge-dlopen (), i.e. ukutholakala kuhlolwe endizeni, hhayi njengokuncika okunekhodi eqinile.

Futhi, ku-systemd 248 i-systemd-networkd ingeze ukusekelwa kwe-BATMAN mesh protocol («Indlela Engcono Yokuxhumana nge-Mobile Adhoc), okuyi ikuvumela ukuthi udale amanethiwekhi asemthethweni, i-node ngayinye lapho ixhuma khona ngezindawo ezingomakhelwane.

Kubuye kuqhakanjiswe lokho ukuqaliswa kwendlela yokuphendula kusenesikhathi ekukhohlweni sekuzinzile ohlelweni lwe-systemd-oomd, kanye nenketho ye-DefaultMemoryPressureDurationSec ukusetha isikhathi sokulinda ukukhishwa kwezinsizakusebenza ngaphambi kokuthinta idrayivu. ISystemd-oomd isebenzisa i-PSI (Pressure Stall Information) kernel subsystem kanye ivumela ukuthola ukuvela kokubambezeleka ngenxa yokushoda kwezinsizakusebenza futhi ngokukhetha ukuvala izinqubo ezisebenzisa kakhulu izinsiza esiteji lapho isistimu ingakabi sesimweni esibucayi futhi ingaqali ukusika kakhulu inqolobane bese ihambisa idatha kusihlukanisi esishintshanayo.

Kungezwe ipharamitha ye-PrivateIPC, ukuthi ikuvumela ukuthi ulungiselele ukwethulwa kwezinqubo esikhaleni se-IPC esikude kufayela leyunithi ngezihlonzi zayo nolayini womyalezo. Ukuxhuma idrayivu esikhaleni sesikhombi se-IPC esivele sakhiwe, kunikezwa inketho ye-IPCNamespacePath.

Ngesikhathi ngezinhlamvu ezitholakalayo, ukwenziwa okuzenzakalelayo kwamatafula wezingcingo ohlelo kusetshenzisiwe okokuhlunga kwe-seccomp.

Of ezinye izinguquko ezigqamile:

  • Insiza ye-systemd-distribu ingeze ikhono lokusebenzisa ukwahlukanisa okubethelwe kusetshenziswa ama-TPM2 chips, ngokwesibonelo, ukudala ukwahlukanisa okubethelwe / kwe-var ebhuthini lokuqala.
  • Kungezwe insiza ye-systemd-cryptenroll yokubopha i-TPM2, FIDO2, ne-PKCS # 11 amathokheni kuhlukaniso lwe-LUKS, kanye nokuphini nokubuka amathokheni, ukubopha okhiye bokugcina, nokusetha iphasiwedi yokufinyelela.
  • Izilungiselelo ze-ExecPaths ne-NoExecPaths zengezwe ukusebenzisa ifulegi le-noexec ezingxenyeni ezithile zohlelo lwefayela.
  • Kungezwe ipharamitha yomugqa womyalo we-kernel - "root = tmpfs", evumela ukuthi ukwahlukaniswa kwezimpande kubekwe kwisitoreji sesikhashana esise-RAM kusetshenziswa ama-Tmpfs.
  • Ibhlokhi enokuhlukahluka kwemvelo okuveziwe manje selungalungiswa ngokusebenzisa inketho entsha yeMenenja Yemvelo kusistimu.conf noma umsebenzisi.conf, hhayi nje ngomugqa womyalo we-kernel nezilungiselelo zefayela yeyunithi.
  • Ngesikhathi sokuhlanganisa, ungasebenzisa ikholi yohlelo ye-fexecve () esikhundleni se-execve () ukuqala izinqubo zokunciphisa ukubambezeleka phakathi kokubheka umongo wokuphepha nokuwusebenzisa.

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.