ProHoster > Blog > internet news > Red Hat Enterprise Linux 8.2 distribution release

Red Hat Enterprise Linux 8.2 distribution release

Red Hat Company ΠΎΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π»Π° distribution kit Red Hat Enterprise Linux 8.2. Installation builds are prepared for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 architectures, but available for downloading registered users of the Red Hat Customer Portal only. Red Hat Enterprise Linux 8 rpm packages are distributed via Git repository CentOS. The RHEL 8.x branch will be supported until at least 2029.

RHEL 8.2 was originally announced published on the Red Hat site as early as April 21, but the announcement was made premature and the repositories for installing updates are still were not ready, and in fact the release came out just today. The 8.x branch is evolving in accordance with a new predictable development cycle, which implies the formation of releases every six months at a predetermined time. New development cycle RHEL products span multiple layers, including Fedora as a springboard for new features, CentOS Stream to access packages built for the next RHEL interim release (rolling RHEL), a minimalistic Universal Base Image (UBI, Universal Base Image) for running applications in isolated containers, and RHEL Developer Subscription for free use of RHEL during development.

Key changes:

  • Provided by full support for resource management with a unified hierarchy cgroup v2, which was previously at the experimental stage. Cgroups v2 can be used, for example, to limit memory, CPU, and I/O consumption. The key difference between cgroups v2 and v1 is the use of a common cgroup hierarchy for all resource types, instead of separate hierarchies for CPU resource allocation, memory management, and I/O. Separate hierarchies led to difficulties in organizing interaction between handlers and to additional costs of kernel resources when applying rules for a process mentioned in different hierarchies.
  • Added Convert2RHEL tool for converting to RHEL systems running RHEL-like distributions such as CentOS and Oracle Linux.
  • Added the ability to customize system-wide cryptographic subsystem policies (crypto-policies), covering TLS, IPSec, SSH, DNSSec, and Kerberos protocols. The administrator can now define his own policy or change certain settings of existing ones. Added two new packages settools-gui and setols-console-analyses for analyzing SELinux policies and inspecting data flows. A security profile has been added that complies with DISA STIG (Defense Information Systems Agency) recommendations. A new oscap-podman utility has been added to scan the contents of containers for the use of vulnerable versions of programs.
  • Identity management tools have a new Healthcheck utility that allows you to identify problems in IdM (Identity Management) environments. Support for roles and Ansible modules is provided to simplify the installation and management of IdM.
  • The design of the web console has been changed, which has been switched to using the PatternFly 4 interface, similar to the design of the OpenShift 4 interface. Added a user inactivity timeout, after which the session with the web console is terminated. Added support for authentication using a client certificate. Updated sections for managing storages and virtual machines.
  • The interface for switching virtual desktops in the GNOME Classic environment has been changed, the button for switching has been moved to the lower right corner and is designed as a strip with thumbnails.
  • The graphics subsystem DRM (Direct Rendering Manager) is synchronized with Linux kernel version 5.1. Updated graphics drivers to support Intel Intel Comet Lake H and U (HD Graphics 610, 620, 630), Intel Ice Lake U (HD Graphics 910, Iris Plus Graphics 930, 940, 950), AMD Navi 10, Nvidia Turing TU116,
  • The Wayland-based GNOME session is enabled by default for multi-GPU systems (previously X11 was used on hybrid graphics systems).
  • Added support for new Linux kernel parameters related to controlling the inclusion of protection against new attacks on the CPU speculative execution mechanism: mds, tsx, mitigations. Added option
    mem_encrypt to control whether AMD SME (Secure Memory Encryption) extensions are enabled. Added parameter cpuidle.governor to select CPU idle state handler (cpuidle governor). Added parameter /proc/sys/kernel/panic_print to customize the information printed in the event of a system crash (panic state). Added option
    /proc/sys/kernel/threads-max to determine the maximum number of threads that the fork() function can create. Added parameter /proc/sys/net/bpf_jit_enable to control whether the BPF JIT compiler is enabled.

  • Changed the dnf-automatic.timer startup algorithm to call the automatic update installation process. Instead of using a monotonous timer causing it to fire at an unpredictable time after boot, the specified unit now runs between 6 and 7 am. If at this time the system is turned off, but the start is carried out within an hour after being turned on.
  • Modules with new branches of Python 3.8 (was 3.6) and Maven 3.6 have been added to the AppStream repository. Updated packages with GCC 9.2.1, Clang/LLVM 9.0.1, Rust 1.41 and Go 1.13.
  • Updated package versions powertop 2.11 (supporting EHL, TGL, ICL/ICX platforms), opencv 3.4.6, tuned 2.13.0, rsyslog 8.1911.0, audit 3.0-0.14, fapolicyd 0.9.1-2, sudo 1.8.29- 3.el8,
    firewalld 0.8, tpm2-tools 3.2.1, mod_md (with ACMEv2 support), grafana 6.3.6, pcp 5.0.2, elfutils 0.178, SystemTap 4.2, 389-ds-base 1.4.2.4,
    samba 4.11.2.

  • Added new whois packages, graphviz-python3 (distributed via officially unsupported CRB (CodeReady Linux Builder) repository), perl-LDAP, perl-Convert-ASN1.
  • The BIND DNS server has been updated to version 9.11.13 to use the GeoIP2 location binding base in libmaxminddb format instead of the deprecated GeoIP, which is no longer supported. Added serve-stale setting (stale-answer) to return obsolete DNS records if new ones cannot be obtained.
  • Added omhttp plugin to rsyslog for interaction via HTTP REST interface.
  • Changes corresponding to the Linux 5.5 kernel have been moved to the audit subsystem.
  • The setroubleshoot plugin adds support for out-of-memory access failure analysis and automatic response to resolve such issues.
  • Users restricted by SELinux are given the ability to manage services associated with a user session. Added support for estimating and changing SCTP and DCCP network ports to semanage (previously TCP and UDP were supported). Processing of lvmdbusd (D-Bus API for LVM), lldpd, rrdcached, stratisd, timedatex services under their SELinux domains is provided.
  • Firewalld has been migrated to the libnftables JSON interface when interacting with nftables, resulting in performance and reliability improvements. nftables has added support for multidimensional types in the IP set, which can include joins and spans. In firewalld rules, you can now use handlers to track connections for services running on non-standard network ports.
  • Full support is provided in the tc (Traffic Control) kernel subsystem
    eBPF, which allows you to use the tc utility to attach eBPF programs to classify packets and process incoming and outgoing queues.

  • Stable support for some eBPF subsystems has been implemented: the BCC (BPF Compiler Collection) toolkit and library for creating BPF tracing and debugging programs, eBPF support in tc. The bpftrace and eXpress Data Path (XDP) components remain at the Technology Preview stage.
  • The real-time components (kernel-rt) are synchronized with the 5.2.21-rt13 kernel patch set.
  • The ability to run the rngd process (a daemon for feeding the entropy of the pseudo-random number generator) without root rights is provided.
  • LVM adds support for the dm-writecache caching method, in addition to the previously available dm-cache. Dm-cache caches the most commonly used writes and reads, while dm-writecache only caches writes by placing them first on fast SSD or PMEM media and then moving them to a slow disk in the background.
  • XFS adds support for cgroup-aware writeback.
  • FUSE has added support for the copy_file_range() operation, which makes it possible to speed up the copying of data from one file to another by performing the operation only on the kernel side without first reading the data into the process's memory. The optimization is clearly visible in GlusterFS.
  • The "--preload" option has been added to the dynamic linker, allowing you to explicitly specify libraries to be forced to load with the application. The option makes it possible to avoid using the LD_PRELOAD environment variable, which is inherited by child processes.
  • The KVM hypervisor has full support for nested running of virtual machines.
  • Added new drivers, including
    gVNIC, Broadcom UniMAC MDIO, Software iWARP, DRM VRAM, cpuidle-haltpoll, stm_ftrace, stm_console,
    Intel Trace Hub, PMEM DAX,
    Intel PMC Core,
    Intel RAPL
    Intel Runtime Average Power Limit (RAPL).

  • Deprecated by DSA, TLS 1.0 and TLS 1.1, which are disabled by default and only available in the LEGACY set.
  • Provided experimental (Technology Preview) support for nmstate, AF_XDP, XDP, KTLS, dracut, kexec fast reboot, eBPF, libbpf, igc, NVMe over TCP/IP, DAX on ext4 and xfs, OverlayFS, Stratis, DNSSEC, GNOME on ARM systems, AMD SEV for KVM, Intel vGPU

Source: opennet.ru

Add a comment