ProHoster > Blog > internet nhau > Kuburitswa kweRed Hat Enterprise Linux 8.2 kugovera

Kuburitswa kweRed Hat Enterprise Linux 8.2 kugovera

Red Hat Company yakabudiswa kugovera kit Red Hat Enterprise Linux 8.2. Kuisa magungano akagadzirirwa x86_64, s390x (IBM System z), ppc64le uye Aarch64 zvivakwa, asi inowanikwa nokuti downloads chete kune vakanyoreswa Red Hat Mutengi Portal vashandisi. Iwo masosi eRed Hat Enterprise Linux 8 rpm mapakeji anogoverwa kuburikidza Git repository CentOS. Bazi reRHEL 8.x richatsigirwa kusvika muna 2029.

Pakutanga, chiziviso cheRHEL 8.2 chaive yakabudiswa pawebhusaiti yeRed Hat muna Kubvumbi 21, asi chiziviso chakaitwa nguva isati yakwana uye matura ekuisa zvigadziriso achiripo. vakanga vasina kugadzirira, asi chokwadi kusunungurwa kwakabuda nhasi chete. Bazi re8.x riri kuvandudzwa maererano neshanduko itsva inofanotaurwa, iyo inosanganisira kuumbwa kwezvinoburitswa mwedzi mitanhatu yega yega panguva yakatarwa. New Development cycle Zvigadzirwa zveRHEL zvinotenderera akati wandei, kusanganisira Fedora sechitubu chehunyanzvi hutsva, CentOS Rukova yekuwana mapakeji akagadzirwa kune inotevera yepakati kuburitswa kweRHEL (inotenderedza vhezheni yeRHEL), minimalistic universal base image (UBI, Universal Base Image) yekumhanyisa maapplication mumidziyo yakasarudzika uye. RHEL Developer Kunyoresa kushandiswa kwemahara kweRHEL mukuita kwekusimudzira.

Key change:

  • Secured tsigiro yakazara yekutarisira zviwanikwa uchishandisa hierarchy yakabatana mapoka v2, iyo yaimbove padanho rekuyedza kuita. Π‘groups v2 inogona kushandiswa, semuenzaniso, kudzikamisa ndangariro, CPU uye I / O kushandiswa. Musiyano wakakosha pakati pecgroups v2 uye v1 kushandiswa kweiyo yakajairwa cgroup hierarchy kune ese marudzi ezviwanikwa, pachinzvimbo cheakaparadzana hierarchies yekugovera CPU zviwanikwa, zvekudzora mashandisirwo endangariro, uye yeI/O. Akaparadzana mahierarchies akatungamira kunetsa mukuronga kudyidzana pakati pevabati uye nekuwedzera kernel resource mutengo pakushandisa mitemo yemaitiro anotsanangurwa mune akasiyana hierarchies.
  • Added Shandura2RHEL chishandiso chekushandura masisitimu anoshanda neRHEL-sekugovera, seCentOS uye Oracle Linux, kuenda kuRHEL.
  • Yakawedzera kugona kugadzirisa system-wide cryptographic subsystem policy (crypto-policy), inovhara TLS, IPSec, SSH, DNSSec uye Kerberos protocol. Mutungamiriri anogona ikozvino kutsanangura mutemo wake kana kushandura mamwe maparameter earipo. Yakawedzera mapakeji maviri matsva setools-gui uye setools-console-analyses yekuongorora SELinux marongero uye kuongorora kuyerera kwedata. Yakawedzera nhoroondo yekuchengetedza inoenderana neDISA STIG (Defense Information Systems Agency) kurudziro. Chishandiso chitsva, oscap-podman, chakawedzerwa kuti chitarise zviri mukati memidziyo yemhando dzisina njodzi dzezvirongwa.
  • Identity manejimendi maturusi ikozvino anosanganisira itsva Healthcheck utility iyo inokutendera iwe kuona matambudziko muIdM (Identity Management) nharaunda. Inopa rutsigiro rweAnsible mabasa uye mamodule kurerutsa IdM kuisirwa uye manejimendi.
  • Kugadziriswa kwewebhu webhutori yakashandurwa, iyo yakashandurwa kushandiswa kushandiswa kwePatternFly 4, yakafanana nekugadzirwa kweOpenShift 4. Kushanda kwevashandisi nguva yekupera kwakawedzerwa, mushure mokunge musangano ne web console inoguma. Yakawedzera tsigiro yehuchokwadi uchishandisa setifiketi yemutengi. Zvikamu zvekutarisira kuchengetedza uye chaiwo michina yakagadziridzwa.
  • Iyo interface yekuchinjisa chaiwo madhesiki muGNOME Classic nharaunda yakashandurwa; bhatani rekuchinja raendeswa kukona yezasi yekurudyi uye rakagadzirwa semutsetse une zvigunwe.
  • Iyo DRM (Direct Rendering Manager) graphics subsystem inowiriraniswa neLinux kernel vhezheni 5.1. Vatyairi vemifananidzo vakagadziridzwa kuti vasanganise rutsigiro rweIntel Intel Comet Lake H uye U (HD Graphics 610, 620, 630), Intel Ice Lake U (HD Graphics 910, Iris Plus Graphics 930, 940, 950), AMD Navi 10, Nvidia. Turing TU116,
  • Iyo Wayland-yakavakirwa GNOME chikamu inogoneswa nekusarudzika kune akawanda maGPU (yaimbova X11 yaishandiswa pamasystem ane hybrid graphics).
  • Yakawedzerwa rutsigiro rweLinux kernel paramita ine chekuita nekudzora kuisirwa kwedziviriro kubva kutsva kurwiswa kweCPU yekufungidzira kuuraya michina: mds, tsx, mitigations. Yakawedzerwa parameter
    mem_encrypt kudzora kugonesa kwe AMD SME (Yakachengeteka Memory Encryption) ekuwedzera. Yakawedzera cpuidle.governor parameter kusarudza iyo CPU idle state handler (cpuidle gavhuna). Yakawedzerwa /proc/sys/kernel/panic_print parameter kugadzirisa ruzivo rwunobuda kana system ikaparara (panic state). Yakawedzerwa parameter
    /proc/sys/kernel/threads-max kutsanangura huwandu hwakawanda hweshinda dzinogona kuumbwa nefork() basa. Yakawedzerwa /proc/sys/net/bpf_jit_enable sarudzo yekudzora kana JIT compiler yakagoneswa kuBPF.

  • Iyo dnf-automatic.timer yekumisikidza algorithm yakashandurwa kuti ifonere otomatiki gadziriso yekuisa maitiro. Panzvimbo pekushandisa monotonous timer zvichikonzera activation panguva isingafungidzike mushure mebhutsu, iyo yakataurwa unit ikozvino inotanga pakati pa6 ne7 am. Kana panguva ino iyo system yakadzimwa, asi inotanga mukati meawa mushure mekuibatidza.
  • Mamodule ane matavi matsva ePython 3.8 (aive 3.6) uye Maven 3.6 akawedzerwa kune AppStream repository. Yakagadziridzwa mapakeji neGCC 9.2.1, Clang/LLVM 9.0.1, Rust 1.41 uye Go 1.13.
  • Yakagadziridzwa pasuru shanduro powertop 2.11 (ine rutsigiro EHL, TGL, ICL/ICX mapuratifomu), opencv 3.4.6, tuned 2.13.0, rsyslog 8.1911.0, odhita 3.0-0.14, fapolicyd 0.9.1-2, sudo 1.8.29 - 3.el8,
    firewalld 0.8, tpm2-tools 3.2.1, mod_md (ine ACMEv2 support), grafana 6.3.6, pcp 5.0.2, elfutils 0.178, SystemTap 4.2, 389-ds-base 1.4.2.4,
    samba 4.11.2.

  • Yakawedzera mapakeji matsva whois, graphviz-python3 (yakagoverwa kuburikidza neiyo isiri pamutemo isina kutsigirwa CRB (CodeReady Linux Builder) repository), perl-LDAP, perl-Convert-ASN1.
  • Iyo BIND DNS server yakagadziridzwa kuita vhezheni 9.11.13 uye yakachinjirwa kushandisa GeoIP2 nzvimbo inosunga dhatabhesi mune libmaxminddb fomati panzvimbo yeGeoIP yechinyakare, iyo isingachatsigirwi. Yakawedzera iyo server-stale (stale-mhinduro) kuseta, iyo inokutendera kuti udzorere echinyakare marekodhi eDNS kana zvisingaite kuwana matsva.
  • Iyo omhttp plugin yakawedzerwa kune rsyslog yekudyidzana kuburikidza neHTTP REST interface.
  • Shanduko dzinoenderana neLinux 5.5 kernel dzakaendeswa kune yekuongorora subsystem.
  • Iyo setroubleshoot plugin yakawedzera rutsigiro rwekuongorora kutadza kwekuwana nekuda kwekubuda mundangariro uye kupindura otomatiki kugadzirisa matambudziko akadaro.
  • Vashandisi vanorambidzwa neSELinux vanopihwa kugona kudzora masevhisi ane chekuita nechikamu chemushandisi. Semanage yakawedzera rutsigiro rwekuongorora nekushandura SCTP neDCCP network ports (yaimbova TCP neUDP zvaitsigirwa). Iwo masevhisi lvmdbusd (D-Bus API yeLVM), lldpd, rrdcached, stratisd, timedatex inogadziriswa pasi peSELinux domains.
  • Firewalld yakaendeswa kune libnftables JSON interface kana ichidyidzana nenftables, izvo zvakakonzera kuwedzera kwekuita uye kuvimbika. nftables inowedzera rutsigiro rwemhando dzakasiyana-siyana muIP set, iyo inogona kusanganisira mibatanidzwa uye spans. Mitemo yeFirewalld ikozvino inogona kushandisa zvibatiso kutarisa zvinongedzo zvemasevhisi ari kushanda pane asiri-standard network ports.
  • Iyo tc (Traffic Control) kernel subsystem inopa rutsigiro rwakazara
    eBPF, iyo inokutendera iwe kushandisa iyo tc utility kubatanidza eBPF zvirongwa kurongedza mapaketi uye kugadzirisa mitsara inouya uye inobuda.

  • Tsigiro yakatsiga yeimwe eBPF subsystems yaitwa: iyo BCC (BPF Compiler Collection) turusi rekushandisa uye raibhurari yekugadzira BPF yekutevera uye kugadzirisa zvirongwa, eBPF rutsigiro mutc. Iyo bpftrace uye eXpress Data Path (XDP) zvikamu zvinoramba zviri paTechnology Preview nhanho.
  • Real-time components (kernel-rt) inofananidzwa neseti yezvigamba zve 5.2.21-rt13 kernel.
  • Izvozvi zvinogoneka kumhanya iyo rngd maitiro (daemon yekudyisa entropy mune pseudo-random nhamba jenareta) isina kodzero dzemidzi.
  • LVM yakawedzera rutsigiro rweiyo dm-writecache caching nzira mukuwedzera kune yaimbove iripo dm-cache. Dm-cache cache anonyanya kushandiswa kunyora uye kuverenga mashandiro, uye dm-writecache cache inongonyora mashandiro nekuaisa pekutanga pakukurumidza SSD kana PMEM midhiya uye wozoaendesa kune inononoka dhisiki kumashure.
  • XFS yakawedzera rutsigiro rwecgroup-aware writeback mode.
  • FUSE yakawedzera tsigiro yeiyo copy_file_range () mashandiro, izvo zvinokutendera kuti ukurumidze kukopa data kubva kune imwe faira kuenda kune imwe nekuita oparesheni chete padivi rekernel pasina kutanga waverenga data kuita ndangariro. Iko optimization inoonekwa zvakajeka muGlusterFS.
  • Yakawedzera iyo "--preload" sarudzo kune ine simba linker, ichikubvumidza kuti utaure zvakajeka maraibhurari kuti amanikidzwe kutakurwa nechishandiso. Iyi sarudzo inoita kuti zvikwanise kudzivirira kushandisa iyo LD_PRELOAD nharaunda shanduko, inogarwa nhaka nemaitiro emwana.
  • Iyo KVM hypervisor inopa rutsigiro rwakazara rwekuita nested yemashini chaiwo.
  • Vatyairi vatsva vakawedzerwa, kusanganisira
    gVNIC, Broadcom UniMAC MDIO, Software iWARP, DRM VRAM, cpuidle-haltpoll, stm_ftrace, stm_console,
    Intel Trace Hub, PMEM DAX,
    Intel PMC Core,
    Intel RAPL
    Intel Runtime Average Power Limit (RAPL).

  • Yakaraswa DSA, TLS 1.0 uye TLS 1.1 zvakaremara nekusarudzika uye zvinongowanikwa muLEGACY suite.
  • Yakapihwa kuyedza (Tekinoroji Preview) rutsigiro rwenmstate, AF_XDP, XDP, KTLS, dracut, kexec kukurumidza reboot, eBPF, libbpf, igc, NVMe pamusoro peTCP/IP, DAX mu ext4 uye xfs, OverlayFS, Stratis, DNSSEC, GNOME pane ARM masisitimu. , AMD SEV yeKVM, Intel vGPU

Source: opennet.ru

Voeg