ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Red Hat Enterprise Linux 9.1 faib tawm

Red Hat Enterprise Linux 9.1 faib tawm

Red Hat tau tshaj tawm qhov tso tawm Red Hat Enterprise Linux 9.1 faib. Cov duab npaj ua tiav yog muaj rau cov neeg siv npe Red Hat Customer Portal (CentOS Stream 9 iso dluab kuj tuaj yeem siv los ntsuas kev ua haujlwm). Qhov kev tso tawm yog tsim los rau x86_64, s390x (IBM System z), ppc64le thiab Aarch64 (ARM64) architectures. Lub hauv paus code rau Red Hat Enterprise Linux 9 rpm pob muaj nyob rau hauv CentOS Git repository.

RHEL 9 ceg yog tsim los nrog cov txheej txheem qhib ntau dua thiab siv CentOS Stream 9 pob hauv paus raws li nws lub hauv paus. CentOS Stream tau muab tso rau hauv qhov project ntws rau RHEL, tso cai rau cov neeg tuaj koom thib peb los tswj kev npaj cov pob khoom rau RHEL, tshaj tawm lawv cov kev hloov pauv thiab cuam tshuam cov kev txiav txim siab tau ua. Raws li 10-xyoo kev txhawb nqa lub voj voog rau kev faib khoom, RHEL 9 yuav txhawb nqa txog xyoo 2032.

Cov kev hloov pauv tseem ceeb:

  • Hloov tshiab cov neeg rau zaub mov thiab cov pob khoom: firewalld 1.1.1, chrony 4.2, unbound 1.16.2, frr 8.2.2, Apache httpd 2.4.53, opencryptoki 3.18.0, powerpc-utils 1.3.10, libvpd 2.2.9, lsvppd 1.7.14, ppc64-diag 2.7, PCP 5.3.7, Grafana 7.5.13, samba 4.16.1.
  • Cov muaj pes tsawg leeg muaj xws li tshiab versions ntawm compilers thiab cov cuab yeej rau developers: GCC 11.2.1, GCC Toolset 12, LLVM Toolset 14.0.6, binutils 2.35.2, PHP 8.1, Ruby 3.1, Node.js 18, Rust Toolset 1.62, Go Toolset 1.18.2 . 3.8, Maven 17, java-11-openjdk (java-1.8.0-openjdk thiab java-7.0-openjdk kuj tseem xa nkoj), .NET 10.2, GDB 3.19, Valgrind 4.7, SystemTap 12.1.0, Dyninst, 0.187til. XNUMX ib.
  • Kev txhim kho siv hauv Linux kernels 5.15 thiab 5.16 tau raug xa mus rau eBPF (Berkeley Packet Filter) subsystem. Piv txwv li, rau BPF cov kev pab cuam, muaj peev xwm thov thiab cov txheej txheem timer txheej xwm tau siv, muaj peev xwm tau txais thiab teeb tsa cov kev xaiv qhov (socket) rau setsockopt, kev txhawb nqa rau kev hu xov tooj rau cov module ua haujlwm, cov ntaub ntawv pov thawj cov ntaub ntawv khaws cia (BPF daim ntawv qhia) tawg lim tau. thov, thiab muaj peev xwm los khi cov cim npe rau kev ua haujlwm tsis tau ntxiv.
  • Cov txheej ntawm thaj ua rau thaj rau lub sijhawm tiag tiag siv hauv kernel-rt kernel tau hloov kho mus rau lub xeev sib raug rau 5.15-rt kernel.
  • Kev ua raws li MPTCP (MultiPath TCP) raws tu qauv, siv los npaj kev ua haujlwm ntawm TCP kev sib txuas nrog kev xa cov pob ntawv ib txhij ntawm ntau txoj hauv kev los ntawm kev sib txawv network interfaces, tau hloov kho. Cov kev hloov pauv tau dhau los ntawm Linux ntsiav 5.19 (piv txwv li, ntxiv kev txhawb nqa rau dov rov qab MPTCP kev sib txuas rau TCP li niaj zaus thiab tau thov ib qho API rau kev tswj hwm MPTCP kwj los ntawm cov neeg siv qhov chaw).
  • Ntawm cov tshuab nrog 64-ntsis ARM, AMD thiab Intel cov txheej txheem, nws tuaj yeem hloov pauv tus cwj pwm ntawm Real-Time hom hauv cov ntsiav ntawm lub sijhawm ua haujlwm los ntawm kev sau cov npe hom rau cov ntaub ntawv "/sys/kernel/debug/sched/preempt ” los yog thaum lub sij hawm khau raj ntawm lub kernel parameter "preempt =" (tsis muaj, yeem thiab tag nrho cov qauv yog txaus siab).
  • GRUB khau raj loader teeb tsa tau hloov pauv los nkaum cov ntawv qhia khau raj los ntawm lub neej ntawd, nrog cov ntawv qhia zaub mov qhia yog tias khau raj yav dhau los ua tsis tiav. Txhawm rau tso saib cov ntawv qhia zaub mov thaum lub sijhawm khau raj, koj tuaj yeem tuav tus yuam sij Hloov lossis nias lub khawm Esc lossis F8 ib ntus. Txhawm rau lov tes taw zais, koj tuaj yeem siv cov lus txib "grub2-editenv - unset menu_auto_hide".
  • Kev them nyiaj yug rau kev tsim virtual kho vajtse moos (PHC, PTP Hardware Clocks) tau ntxiv rau PTP (Precision Time Protocol) tsav tsheb.
  • Ntxiv modulesync hais kom ua, uas thauj cov pob ntawv RPM los ntawm cov modules thiab tsim ib lub chaw cia rau hauv cov chaw ua haujlwm nrog cov metadata tsim nyog rau kev txhim kho cov pob khoom.
  • Tuned, ib qho kev pabcuam rau kev saib xyuas cov kab ke kev noj qab haus huv thiab kev ua kom zoo tshaj plaws rau kev ua haujlwm siab tshaj plaws raws li kev thauj khoom tam sim no, muab lub peev xwm los siv cov pob tuned-profiles-realtime los cais CPU cores thiab muab cov ntawv thov xov nrog txhua qhov chaw muaj.
  • NetworkManager siv cov kev txhais lus ntawm kev sib txuas profiles los ntawm ifcfg teeb tsa hom (/etc/sysconfig/network-scripts/ifcfg-*) rau hauv ib hom ntawv raws li cov ntaub ntawv keyfile. Txhawm rau hloov pauv cov ntaub ntawv, koj tuaj yeem siv cov lus txib "nmcli txuas migrate".
  • Cov khoom siv SELinux tau raug hloov kho kom tso tawm 3.4, uas txhim kho kev ua haujlwm ntawm kev rov tsim dua vim kev ua haujlwm sib luag, qhov kev xaiv "-m" ("--checksum") tau ntxiv rau cov khoom siv semodule kom tau txais SHA256 hashes ntawm modules, mcstrans tau pauv mus rau lub tsev qiv ntawv PCRE2. Cov khoom siv tshiab rau kev ua haujlwm nrog cov cai nkag tau ntxiv: sepol_check_access, sepol_compute_av, sepol_compute_member, sepol_compute_relabel, sepol_validate_transition. Ntxiv SELinux cov cai los tiv thaiv ksm, nm-priv-helper, rhcd, stalld, systemd-network-generator, targetclid thiab wg-ceev cov kev pabcuam.
  • Ntxiv lub peev xwm los siv Clevis tus neeg siv khoom (clevis-luks-systemd) kom tau txais kev qhib disk partitions encrypted nrog LUKS thiab mounted ntawm lub caij khau raj lig, tsis tas yuav tsum siv "systemctl pab clevis-luks-askpass.path" hais kom ua.
  • Lub peev xwm ntawm cov cuab yeej siv rau kev npaj cov duab kab ke tau nthuav dav, uas tam sim no txhawb nqa upload cov duab rau GCP (Google Cloud Platform), muab cov duab ncaj qha rau hauv lub thawv sau npe, kho qhov loj ntawm / khau raj muab faib, thiab kho qhov tsis sib xws (Blueprint) thaum lub sij hawm tsim duab (piv txwv li, ntxiv cov pob khoom thiab cov neeg siv tsim).
  • Ntxiv cov nqi hluav taws xob tseem ceeb rau kev lees paub (kev lees paub thiab kev saib xyuas kev ruaj ntseg txuas ntxiv) ntawm kev siv sab nraud siv TPM (Trusted Platform Module) thev naus laus zis, piv txwv li, txhawm rau txheeb xyuas qhov tseeb ntawm Edge thiab IoT cov khoom siv nyob rau hauv qhov chaw tsis muaj kev tswj xyuas qhov twg tsis muaj kev tso cai tuaj yeem ua tau.
  • RHEL rau Edge tsab muaj peev xwm siv fdo-admin utility los teeb tsa FDO (FIDO Device Onboard) cov kev pabcuam thiab tsim daim ntawv pov thawj thiab cov yuam sij rau lawv.
  • SSSD (System Security Services Daemon) ntxiv kev txhawb nqa rau caching SID thov (piv txwv li, GID / UID checks) hauv RAM, uas ua rau nws muaj peev xwm ua kom ceev cov ntawv luam ntawm ntau cov ntaub ntawv los ntawm Samba server. Kev them nyiaj yug rau kev koom ua ke nrog Windows Server 2022 yog muab.
  • Π’ OpenSSH ΠΌΠΈΠ½ΠΈΠΌΠ°Π»ΡŒΠ½Ρ‹ΠΉ Ρ€Π°Π·ΠΌΠ΅Ρ€ RSA-ΠΊΠ»ΡŽΡ‡Π΅ΠΉ ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ 2048 Π±ΠΈΡ‚Π°ΠΌΠΈ, Π° Π² Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ°Ρ… NSS ΠΏΡ€Π΅ΠΊΡ€Π°Ρ‰Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΊΠ»ΡŽΡ‡Π΅ΠΉ RSA, Ρ€Π°Π·ΠΌΠ΅Ρ€ΠΎΠΌ ΠΌΠ΅Π½Π΅Π΅ 1023 Π±ΠΈΡ‚. Для настройки собствСнных ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ΠΈΠΉ Π² OpenSSH Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€ RequiredRSASize. Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΌΠ΅Ρ‚ΠΎΠ΄Π° ΠΎΠ±ΠΌΠ΅Π½Π° ΠΊΠ»ΡŽΡ‡Π°ΠΌΠΈ [email tiv thaiv], tiv thaiv hacking ntawm quantum computers.
  • Cov cuab yeej siv ReaR (Nyem-thiab-Rov qab) ntxiv lub peev xwm los ua kom tiav cov lus txib ua ntej thiab tom qab rov qab.
  • Tus tsav tsheb rau Intel E800 Ethernet adapters txhawb nqa iWARP thiab RoCE raws tu qauv.
  • Ib pob httpd-core tshiab tau ntxiv, rau hauv uas cov txheej txheem tseem ceeb ntawm Apache httpd Cheebtsam tau tsiv mus, txaus los khiav HTTP server thiab cuam tshuam nrog tsawg kawg ntawm kev vam khom. Lub pob httpd ntxiv cov qauv ntxiv xws li mod_systemd thiab mod_brotli thiab suav nrog cov ntaub ntawv.
  • Ntxiv ib pob tshiab xmlstarlet, uas suav nrog cov khoom siv rau parsing, transforming, validating, extracting data and editing XML files, similar to grep, sed, awk, diff, patch and join, tab sis rau XML es tsis txhob ntawm cov ntawv nyeem.
  • Lub peev xwm ntawm lub luag haujlwm ntawm lub luag haujlwm tau nthuav dav, piv txwv li, lub luag haujlwm hauv lub network tau ntxiv kev txhawb nqa rau kev teeb tsa cov cai tswjfwm thiab siv nmstate API, lub luag haujlwm nkag teb chaws tau ntxiv kev txhawb nqa rau kev lim dej los ntawm cov lus tsis tu ncua (startmsg.regex, endmsg.regex), lub luag haujlwm khaws cia tau ntxiv kev txhawb nqa rau ntu uas dynamically faib qhov chaw cia ("thin provisioning"), lub peev xwm los tswj ntawm /etc/ssh/sshd_config tau ntxiv rau lub luag hauj lwm sshd, export ntawm Postfix kev ua tau zoo txheeb cais tau ntxiv rau lub metrics lub luag hauj lwm, lub peev xwm los overwrite lub yav dhau los configuration tau siv rau lub firewall lub luag hauj lwm thiab kev txhawb nqa ntxiv, hloov kho thiab tshem tawm tau muab kev pab cuam nyob ntawm lub xeev.
  • Cov khoom siv rau kev tswj cov thawv cais tau raug kho tshiab, suav nrog cov pob khoom xws li Podman, Buildah, Skopeo, crun thiab runc. Ntxiv kev txhawb nqa rau GitLab Runner hauv ntim nrog runtime Podman. Txhawm rau teeb tsa lub thawv network subsystem, netavark utility thiab Aardvark DNS server tau muab.
  • Ntxiv kev txhawb nqa rau ap-check hais kom ua rau mdevctl los teeb tsa kev xa mus rau crypto accelerators rau cov tshuab virtual.
  • Ntxiv Kev Tshawb Fawb Txog Kev Tshawb Fawb muaj peev xwm los txheeb xyuas cov neeg siv khoom siv sab nraud (IdP, tus kws kho mob tus kheej) uas txhawb nqa OAuth 2.0 raws tu qauv txuas ntxiv "Device Authorization Grant" los muab OAuth nkag tokens rau cov khoom siv yam tsis tas siv browser.
  • Rau Wayland-based GNOME kev sib ntsib, Firefox tsim uas siv Wayland tau muab. Tsim raws li X11, raug tua nyob rau hauv Wayland ib puag ncig siv XWayland tivthaiv, muab tso rau hauv ib lub pob cais firefox-x11.
  • Lub rooj sib tham Wayland tau qhib los ntawm lub neej ntawd rau cov tshuab nrog Matrox GPUs (Wayland yav dhau los tsis tau siv nrog Matrox GPUs vim muaj kev txwv thiab teeb meem kev ua haujlwm, uas tam sim no tau daws lawm).
  • Kev them nyiaj yug rau GPUs koom ua ke rau hauv 12 tiam Intel Core processors, suav nrog Intel Core i3 12100T - i9 12900KS, Intel Pentium Gold G7400 thiab G7400T, Intel Celeron G6900 thiab G6900T Intel Core i5-12450HX - i9-12950H- thiab Intel Core i3-1220 7p ib. Ntxiv kev txhawb nqa rau AMD Radeon RX 1280 [6] 345 thiab AMD Ryzen 00/5/7 9 [6] 689 GPUs.
  • Txhawm rau tswj kev ua kom muaj kev tiv thaiv qhov tsis zoo hauv MMIO (Memory Mapped Input Output) mechanism, kernel boot parameter "mmio_stale_data" yog siv, uas tuaj yeem siv qhov tseem ceeb "tag nrho" (pab kom tsis tu ncua thaum hloov mus rau tus neeg siv qhov chaw thiab VM. ), "tag nrho, nosmt" (raws li "tag nrho" + SMT / Hyper-Threads yog ntxiv tsis siv) thiab "tawm" (kev tiv thaiv yog neeg xiam).
  • Txhawm rau tswj kev ua kom muaj kev tiv thaiv ntawm Retbleed vulnerability, "retbleed" kernel boot parameter tau raug siv, los ntawm qhov koj tuaj yeem lov tes taw kev tiv thaiv ("tawm") lossis xaiv qhov tsis zoo thaiv cov algorithm (auto, nosmt, ibpb, unret).
  • acpi_sleep kernel boot parameter txhawb kev xaiv tshiab los tswj kev pw tsaug zog: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, thiab nobl.
  • Ntxiv ib feem loj ntawm cov tsav tsheb tshiab rau cov khoom siv hauv lub network, cov tshuab khaws cia thiab cov duab kos.
  • Txuas ntxiv muab kev sim (Technology Preview) kev txhawb nqa rau KTLS (kernel-theem kev siv TLS), VPN WireGuard, Intel SGX (Software Guard Extensions), Intel IDXD (Data Streaming Accelerator), DAX (Direct Access) rau ext4 thiab XFS, AMD SEV thiab SEV -ES hauv KVM hypervisor, kev daws teeb meem daws teeb meem, Stratis cia tus thawj coj, Sigstore rau kev txheeb xyuas cov ntim khoom siv kos npe digital, pob nrog GIMP 2.99.8 graphical editor, MPTCP (Multipath TCP) nqis ntawm NetworkManager, ACME (Automated Certificate Management Environment) servers, virtio-mem, KVM hypervisor rau ARM64.
  • Cov khoom siv GTK 2 thiab nws cov pob khoom txuam nrog adwaita-gtk2-cov ntsiab lus, gnome-common, gtk2, gtk2-immodules thiab hexchat tau raug txiav tawm. X.org Server tau raug tshem tawm (RHEL 9 muaj Wayland-raws li GNOME kev sib tham los ntawm lub neej ntawd), uas tau npaj yuav raug tshem tawm hauv cov ceg loj tom ntej ntawm RHEL, tab sis yuav tuav lub peev xwm los khiav X11 daim ntawv thov los ntawm Wayland kev sib tham siv lub XWayland DDX server.

Tau qhov twg los: opennet.ru

Ntxiv ib saib