4.9. 文件系统和存储

支持 tmpfs 文件系统的文件系统配额

有了此更新，系统管理员可以实施文件系统配额来限制用户可以在 tmpfs 文件系统上消费的空间或内存，从而防止内存耗尽。

Jira:RHEL-7768^[1]

支持使用 NVMe/TCP 的 NVMe TP 8006 带内身份验证

在 RHEL 9.2 中引入了 NVMe over Fabrics (NVMe-oF)的 NVMe TP 8006 带内身份验证作为技术预览，其被完全支持。此功能为 NVMe-oF 提供了 DH-HMAC-CHAP in-band 验证协议，该协议在 NVMe 技术建议 8006 中定义了。详情请查看 nvme-connect (1) 手册页中的 dhchap-secret 和 dhchap-ctrl-secret 选项描述。

Jira:RHEL-61452

cryptsetup rebase 到版本 2.7

cryptsetup 软件包已 rebase 到版本 2.7。它包含对 libcryptsetup 软件包的改进，以支持启用了 kdump 的系统中 Linux Unified Key Setup (LUKS)加密的设备。

Jira:RHEL-32377^[1]

Ext4 和 XFS 支持 DAX 功能

以前作为技术预览的 Ext4 和 XFS 文件系统的直接访问(dax)功能被完全支持。DAX 可让应用程序将持久内存直接映射到其地址空间中，从而提高了性能。如需更多信息，请参阅在 NVDIMM 上创建文件系统 DAX 命名空间。

Jira:RHELDOCS-19196^[1]

支持 EROFS 文件系统

EROFS 是一个轻量级通用只读文件系统，适用于各种只读用例，如嵌入式设备或容器。它为需要它们的场景提供去重和透明压缩。

如需更多信息，请参阅 erofs 文档。

Jira:RHELDOCS-18451

nvme-cli 和 cryptsetup 现在可用于 NVMe SED 上的 Opal 自动化

NVMe 自助加密驱动器(SED)支持硬件加密技术的 Opal 存储规范，以保护存储在驱动器中的数据。在以前的版本中，对 NVMe SED 的 Opal 支持需要手动交互来管理访问数据的密码。

有了这个更新，您可以使用 nvme-cli 和 cryptsetup 自动化加密管理和驱动器解锁。

运行以下命令，来在 NVMe SSD 上使用 NVMe SED 选项：

要发现 SED Opal 锁定功能：

nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: No
	Locked: No

# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: No
	Locked: No

Copy to Clipboard

Toggle word wrap

要初始化用于锁定的 SED Opal 设备：

nvme sed initialize /dev/nvme0n1
New Password:
Re-enter New Password:
nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: No

# nvme sed initialize /dev/nvme0n1
New Password:
Re-enter New Password:
# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: No

Copy to Clipboard

Toggle word wrap

要锁定一个 SED Opal 设备：

nvme sed lock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: Yes

# nvme sed lock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: Yes

Copy to Clipboard

Toggle word wrap

要解锁一个 SED Opal 设备：

nvme sed unlock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: No

# nvme sed unlock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported: Yes
	Locking Feature Enabled: Yes
	Locked: No

Copy to Clipboard

Toggle word wrap

要更改 SED Opal 设备密码：

nvme sed password /dev/nvme0n1
Password:
New Password:
Re-enter New Password:

# nvme sed password /dev/nvme0n1
Password:
New Password:
Re-enter New Password:

Copy to Clipboard

Toggle word wrap

要从锁定恢复一个 SED Opal 设备：

nvme sed lock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:         Yes
        Locking Feature Enabled:   Yes
        Locked:                    Yes
nvme sed unlock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:         Yes
        Locking Feature Enabled:   Yes
        Locked:                    No
nvme sed revert /dev/nvme0n1

# nvme sed lock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:         Yes
        Locking Feature Enabled:   Yes
        Locked:                    Yes
# nvme sed unlock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:         Yes
        Locking Feature Enabled:   Yes
        Locked:                    No
# nvme sed revert /dev/nvme0n1

Copy to Clipboard

Toggle word wrap

要重置 SED Opal 设备，以禁用具有破坏性恢复的锁定：

nvme sed lock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:       Yes
        Locking Feature Enabled: Yes
        Locked: Yes
nvme sed revert -e /dev/nvme0n1
Destructive revert erases drive data. Continue (y/n)? y
    Are you sure (y/n)? y
    Password:
    # nvme sed discover /dev/nvme0n1
    Locking Features:
        Locking Supported:       Yes
        Locking Feature Enabled: No
        Locked:                  No

# nvme sed lock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
        Locking Supported:       Yes
        Locking Feature Enabled: Yes
        Locked: Yes
# nvme sed revert -e /dev/nvme0n1
Destructive revert erases drive data. Continue (y/n)? y
    Are you sure (y/n)? y
    Password:
    # nvme sed discover /dev/nvme0n1
    Locking Features:
        Locking Supported:       Yes
        Locking Feature Enabled: No
        Locked:                  No

Copy to Clipboard

Toggle word wrap

注意：使用没有 -e 参数的 nvme sed revert ，以避免删除 NVMe 磁盘上的数据。

设备可以是 NVMe 字符设备（如 /dev/nvme0）、NVMe 块设备（如 /dev/nvme0n1），或格式为 mctp:<net>,<eid>[:ctrl-id] 的 mctp 地址。

在 RHEL 10 上通过 nvme-cli 使用 NVMe OPAL 设备的命令示例：

初始化、锁定和解锁 NVMe 磁盘，并验证解锁后磁盘上的数据是否保持不变：

mount /dev/nvme0n1p1 /mnt/
dd if=/dev/urandom of=/mnt/test.file bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 3.65616 s, 294 MB/s
md5sum /mnt/test.file
57edc80dab5bf803d0944e281bf2e9dd  /mnt/test.file
umount /dev/nvme0n1p1
nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported:         Yes
	Locking Feature Enabled:   No
	Locked:                    No
nvme sed initialize /dev/nvme0n1
New Password:
Re-enter New Password:
nvme sed lock /dev/nvme0n1
nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported:         Yes
	Locking Feature Enabled:   Yes
	Locked:                    Yes
mount /dev/nvme0n1p1 /mnt/
mount: /mnt: can't read superblock on /dev/nvme0n1p1.
       dmesg[8] may have more information after a failed mount system call.
nvme sed unlock /dev/nvme0n1
mount /dev/nvme0n1p1 /mnt/
md5sum /mnt/test.file
57edc80dab5bf803d0944e281bf2e9dd  /mnt/test.file
umount /dev/nvme0n1p1
nvme sed discover /dev/nvme0n1
Locking Features:
    Locking Supported:         Yes
    Locking Feature Enabled:   Yes
    Locked:                    No
nvme sed revert /dev/nvme0n1
Password:
nvme sed discover /dev/nvme0n1
Locking Features:
    Locking Supported:         Yes
    Locking Feature Enabled:   No
    Locked:                    No

# mount /dev/nvme0n1p1 /mnt/
# dd if=/dev/urandom of=/mnt/test.file bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 3.65616 s, 294 MB/s
# md5sum /mnt/test.file
57edc80dab5bf803d0944e281bf2e9dd  /mnt/test.file
# umount /dev/nvme0n1p1
# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported:         Yes
	Locking Feature Enabled:   No
	Locked:                    No
# nvme sed initialize /dev/nvme0n1
New Password:
Re-enter New Password:
# nvme sed lock /dev/nvme0n1
# nvme sed discover /dev/nvme0n1
Locking Features:
	Locking Supported:         Yes
	Locking Feature Enabled:   Yes
	Locked:                    Yes
# mount /dev/nvme0n1p1 /mnt/
mount: /mnt: can't read superblock on /dev/nvme0n1p1.
       dmesg[8] may have more information after a failed mount system call.
# nvme sed unlock /dev/nvme0n1
# mount /dev/nvme0n1p1 /mnt/
# md5sum /mnt/test.file
57edc80dab5bf803d0944e281bf2e9dd  /mnt/test.file
# umount /dev/nvme0n1p1
# nvme sed discover /dev/nvme0n1
Locking Features:
    Locking Supported:         Yes
    Locking Feature Enabled:   Yes
    Locked:                    No
# nvme sed revert /dev/nvme0n1
Password:
# nvme sed discover /dev/nvme0n1
Locking Features:
    Locking Supported:         Yes
    Locking Feature Enabled:   No
    Locked:                    No

Copy to Clipboard

Toggle word wrap

Jira:RHEL-18186

4.9. 文件系统和存储

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links