ProHoster > Blog > internet nhau > Kuburitswa kweRed Hat Enterprise Linux 9.1 kugovera

Kuburitswa kweRed Hat Enterprise Linux 9.1 kugovera

Red Hat yakaburitsa kuburitswa kweRed Hat Enterprise Linux 9.1 kugovera. Yakagadzirirwa-yakagadzirwa yekuisa mifananidzo inowanikwa kune vakanyoreswa Red Hat Mutengi Portal vashandisi (CentOS Stream 9 iso mifananidzo inogona zvakare kushandiswa kuongorora kushanda). Kuburitswa kwakagadzirirwa x86_64, s390x (IBM System z), ppc64le uye Aarch64 (ARM64) zvivakwa. Iyo kodhi kodhi yeRed Hat Enterprise Linux 9 rpm mapakeji inowanikwa muCentOS Git repository.

Bazi reRHEL 9 riri kugadzirwa nenzira yakavhurika yekuvandudza uye rinoshandisa CentOS Stream 9 package base sehwaro hwayo. kurudzira shanduko dzavo uye kupesvedzera sarudzo dzakaitwa. Zvinoenderana negumi-makore rutsigiro kutenderera kwekugovera, RHEL 10 ichatsigirwa kusvika 9.

Kuchinja kukuru:

  • Updated server uye system mapakeji: firewalld 1.1.1, chrony 4.2, unbound 1.16.2, frr 8.2.2, Apache httpd 2.4.53, opencryptoki 3.18.0, powerpc-utils 1.3.10, libvpd 2.2.9, 1.7.14. 64, ppc2.7-diag 5.3.7, PCP 7.5.13, Grafana 4.16.1, samba XNUMX.
  • Kuumbwa kwacho kunosanganisira mavhezheni matsva evagadziri uye maturusi evagadziri: GCC 11.2.1, GCC Toolset 12, LLVM Toolset 14.0.6, binutils 2.35.2, PHP 8.1, Ruby 3.1, Node.js 18, Rust Toolset 1.62, Go1.18.2set Toolset 3.8. . 17.
  • Kuvandudzwa kwakaitwa muLinux kernels 5.15 uye 5.16 kwaendeswa kune eBPF (Berkeley Packet Filter) subsystem. Semuenzaniso, kune zvirongwa zveBPF, kugona kukumbira uye kugadzirisa zviitiko zvenguva kwaitwa, kugona kugamuchira uye kuseta socket sarudzo dze setsockopt, tsigiro yekufona kernel module mabasa, probabilistic data kuchengetedza chimiro (BPF mepu) bloom sefa yakave. yakatsanangurwa, uye kugona kusunga ma tag kumabasa paramita kwawedzerwa.
  • Iyo seti yezvigamba zvechaiyo-nguva masisitimu anoshandiswa mukernel-rt kernel yakagadziridzwa kune nyika inoenderana ne5.15-rt kernel.
  • Kuitwa kweMPTCP (MultiPath TCP) protocol, inoshandiswa kuronga kushanda kweTCP yekubatanidza nekuendeswa kwemapakiti panguva imwe chete munzira dzakawanda kuburikidza netiweki interfaces, yakagadziridzwa. Shanduko dzakatakurwa kubva kuLinux kernel 5.19 (semuenzaniso, yakawedzera rutsigiro rwekudzosera kumashure MPTCP yekubatanidza kune yakajairwa TCP uye yakurudzira API yekutarisira MPTCP hova kubva munzvimbo yemushandisi).
  • Pane masisitimu ane 64-bit ARM, AMD uye Intel processors, zvinokwanisika kushandura maitiro eiyo Real-Nguva modhi mu kernel panguva yekumhanya nekunyora iyo modhi zita kufaira "/sys/kernel/debug/sched/preempt. ” kana panguva yebhutsu kuburikidza ne kernel parameter β€œpreempt=" (hapana, yekuzvidira uye yakazara modhi inotsigirwa).
  • GRUB boot loader marongero akachinjwa kuti avanze menyu yebhutsu nekusarudzika, ine menyu inoratidza kana bhutsu yapfuura yakundikana. Kuti uratidze menyu panguva yebhutsu, unogona kubata pasi Shift kiyi kana nguva nenguva kudzvanya Esc kana F8 makiyi. Kudzima kuvanza, unogona kushandisa murairo "grub2-editenv - unset menu_auto_hide".
  • Tsigiro yekugadzira chaiyo hardware wachi (PHC, PTP Hardware Clock) yakawedzerwa kune PTP (Precision Time Protocol) mutyairi.
  • Yakawedzerwa modulesync command, iyo inotakura RPM mapakeji kubva kumamodule uye inogadzira repository mudhairekitori rekushanda ine metadata inodiwa pakuisa module mapakeji.
  • Yakarongedzerwa, sevhisi yekutarisa hutano hwehurongwa uye optimize maprofiles ekushanda kwakanyanya zvichibva pamutoro wazvino, inopa kugona kushandisa tuned-profiles-realtime package kuparadzanisa CPU cores uye kupa tambo dzekushandisa nezvose zviripo.
  • NetworkManager inoshandisa shanduro yekubatanidza profiles kubva ku ifcfg settings format (/etc/sysconfig/network-scripts/ifcfg-*) kuita fomati inoenderana nefaira refaira. Kutamisa maprofile, unogona kushandisa iyo "nmcli yekubatanidza migrate" kuraira.
  • Iyo SELinux toolkit yakagadziridzwa kuburitsa 3.4, iyo inovandudza mashandiro ekunyora patsva nekuda kwekufananidzwa kwemashandiro, iyo "-m" ("--checksum") sarudzo yawedzerwa kune semodule utility kuti uwane SHA256 hashes yemamodule, mcstrans. yaendeswa kuPCRE2 library. Zvishandiso zvitsva zvekushanda nemitemo yekuwana zvawedzerwa: sepol_check_access, sepol_compute_av, sepol_compute_member, sepol_compute_relabel, sepol_validate_transition. Yakawedzera SELinux mitemo kuchengetedza ksm, nm-priv-helper, rhcd, stalld, systemd-network-jenareta, targetclid uye wg-kukurumidza masevhisi.
  • Yakawedzera kugona kushandisa mutengi weClevis (clevis-luks-systemd) kuti avhure otomatiki dhisiki partitions akavharidzirwa neLUKS uye akaiswa padanho rekupedzisira, pasina chikonzero chekushandisa "systemctl gonesa clevis-luks-askpass.path" murairo.
  • The toolkit yekugadzira mifananidzo yesystem yakawedzerwa kuti ibatanidze tsigiro yekurodha mifananidzo muGCP (Google Cloud Platform), kuisa mufananidzo wacho wakananga muregistry yemidziyo, kugadzirisa saizi ye/boot partition, uye kugadzirisa ma parameter (Blueprint) panguva yekugadzirwa kwemifananidzo. (semuenzaniso, kuwedzera mapakeji uye kugadzira vashandisi).
  • Yakawedzera keylime utility yekupupurira (kutendeseka uye kuenderera mberi kwekutarisa) yekunze sisitimu uchishandisa TPM (Trusted Platform Module) tekinoroji, semuenzaniso, kuratidza huchokwadi hweEdge neIoT zvishandiso zviri munzvimbo isingadzoreki uko kusingatenderwe kupinda kunokwanisika.
  • Iyo RHEL yeEdge edition inopa kugona kushandisa iyo fdo-admin utility kugadzirisa FDO (FIDO Chishandiso Pabhodhi) masevhisi uye kuvagadzirira zvitupa nemakiyi.
  • SSSD (System Security Services Daemon) yakawedzera tsigiro ye caching SID zvikumbiro (semuenzaniso, GID/UID macheki) mu RAM, izvo zvakaita kuti kukurumidza kukopa mashandiro ehuwandu hwemafaira kuburikidza neSamba server. Tsigiro yekubatanidzwa neWindows Server 2022 inopihwa.
  • Π’ OpenSSH ΠΌΠΈΠ½ΠΈΠΌΠ°Π»ΡŒΠ½Ρ‹ΠΉ Ρ€Π°Π·ΠΌΠ΅Ρ€ RSA-ΠΊΠ»ΡŽΡ‡Π΅ΠΉ ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ 2048 Π±ΠΈΡ‚Π°ΠΌΠΈ, Π° Π² Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ°Ρ… NSS ΠΏΡ€Π΅ΠΊΡ€Π°Ρ‰Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΊΠ»ΡŽΡ‡Π΅ΠΉ RSA, Ρ€Π°Π·ΠΌΠ΅Ρ€ΠΎΠΌ ΠΌΠ΅Π½Π΅Π΅ 1023 Π±ΠΈΡ‚. Для настройки собствСнных ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ΠΈΠΉ Π² OpenSSH Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€ RequiredRSASize. Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΌΠ΅Ρ‚ΠΎΠ΄Π° ΠΎΠ±ΠΌΠ΅Π½Π° ΠΊΠ»ΡŽΡ‡Π°ΠΌΠΈ [email inodzivirirwa], inopesana nekubira pamakomputa equantum.
  • Iyo ReaR (Relax-uye-Kudzoreredza) toolkit yakawedzera kugona kuita zvekupokana mirairo isati yatanga uye mushure mekupora.
  • Mutyairi weIntel E800 Ethernet adapters inotsigira iWARP neRoCE protocol.
  • Iyo itsva httpd-core package yawedzerwa, umo mukati meseti yeApache httpd components yakafambiswa, yakakwana kumhanyisa sevha yeHTTP uye yakabatana nenhamba shoma yekutsamira. Iyo httpd package inowedzera mamwe mamodule akadai se mod_systemd uye mod_brotli uye inosanganisira zvinyorwa.
  • Yakawedzera pasuru nyowani xmlstarlet, iyo inosanganisira zvishandiso zvekuparura, kushandura, kusimbisa, kuburitsa data nekugadzirisa mafaera eXML, akafanana negrep, sed, awk, diff, chigamba uye kujoinha, asi yeXML pachinzvimbo chezvinyorwa zvinyorwa.
  • Kugona kwemabasa ehurongwa kwakawedzerwa, semuenzaniso, basa retiweki rakawedzera tsigiro yekumisikidza mirau yekufambisa uye kushandisa nmstate API, basa rekutema matanda rakawedzera rutsigiro rwekusefa nekutaura nguva dzose (startmsg.regex, endmsg.regex), basa rekuchengetedza rakawedzera tsigiro yezvikamu izvo zvakagoverwa zvine simba nzvimbo yekuchengetera ("yakaonda kupa"), kugona kubata kuburikidza /etc/ssh/sshd_config kwawedzerwa kune sshd basa, kunze kwePostfix performance statistics yakawedzerwa kune basa remetrics, kugona kunyora pamusoro pekumisikidzwa kwekare kwaitwa kune firewall basa uye rutsigiro rwekuwedzera, kugadzirisa uye kudzima kwakapihwa masevhisi zvichienderana nenyika.
  • Iyo kiti yekushandisa yekutarisira midziyo yakavharirwa yakagadziridzwa, kusanganisira mapakeji akadai sePodman, Buildah, Skopeo, crun uye runc. Yakawedzera rutsigiro rweGitLab Runner mumidziyo ine runtime Podman. Kugadzirisa mudziyo network subsystem, iyo netavark utility uye Aardvark DNS server inopihwa.
  • Yakawedzera tsigiro yeiyo ap-cheki murairo kune mdevctl kugadzirisa kuendesa mberi kune crypto accelerators kumakina chaiwo.
  • Yakawedzera yekutanga (Tekinoroji Preview) kugona kutendesa vashandisi vachishandisa vekunze vanopa (IdP, identity provider) inotsigira OAuth 2.0 "Device Authorization Grant" protocol yekuwedzera kupa OAuth matokeni ekuwana kumidziyo pasina kushandisa browser.
  • Kune iyo Wayland-yakavakirwa GNOME chikamu, Firefox inovaka iyo inoshandisa Wayland inopihwa. Zvivakwa zvakavakirwa paX11, inoroverwa munzvimbo yeWayland uchishandisa iyo XWayland chikamu, inoiswa mune yakaparadzana package firefox-x11.
  • A Wayland-based session inogoneswa nekusarudzika kune masisitimu ane Matrox GPUs (Wayland yakamboshandiswa neMatrox GPUs nekuda kwekugumira uye nenyaya dzekuita, izvo zvagadziriswa).
  • Tsigiro yeGPUs yakabatanidzwa muchizvarwa chegumi nemaviri Intel Core processors, kusanganisira Intel Core i12 3T - i12100 9KS, Intel Pentium Goridhe G12900 uye G7400T, Intel Celeron G7400 uye G6900T Intel Core i6900-5HX - i12450-9HX - i12950-3 i-Intel-Intel-1220 Core i7-P-1280 iH-6 345P. Yakawedzerwa rutsigiro rwe AMD Radeon RX 00[5]7 uye AMD Ryzen 9/6/689 00[XNUMX]XNUMX GPUs.
  • Kudzora kuisirwa kwedziviriro kubva panjodzi muMMIO (Memory Mapped Input Output) mashandiro, iyo kernel boot parameter "mmio_stale_data" inoitwa, iyo inogona kutora kukosha "kwakazara" (kugonesa kuchenesa mabuffers kana uchienda kunzvimbo yemushandisi uye muVM), "full,nosmt" (se"full" + zvakare inodzima SMT/Hyper-Threads) uye "off" (dziviriro yakaremara).
  • Kuti udzore kubatanidzwa kwekudzivirirwa kubva kuRetbleed vulnerability, kernel boot parameter "retbleed" yakashandiswa, kuburikidza iyo iwe unogona kudzima kuchengetedzwa ("kudzima") kana kusarudza kusagadzikana kwekuvhara algorithm (auto, nosmt, ibpb, unret).
  • Iyo acpi_sleep kernel boot parameter ikozvino inotsigira sarudzo nyowani dzekudzora maitiro ekurara: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, uye nobl.
  • Yakawedzera chikamu chikuru chevatyairi vatsva vetiweki zvishandiso, masisitimu ekuchengetedza uye mapikicha emifananidzo.
  • Kuenderera mberi nekupa kwekuyedza (Tekinoroji Preview) rutsigiro rweKTLS (kernel-level kuita TLS), VPN WireGuard, Intel SGX (Software Guard Extensions), Intel IDXD (Data Streaming Accelerator), DAX (Direct Access) ye ext4 uye XFS, AMD. SEV uye SEV -ES muKVM hypervisor, systemd-yakagadziriswa sevhisi, Stratis yekuchengetedza maneja, Sigstore yekusimbisa midziyo uchishandisa siginecha yedhijitari, pasuru ine GIMP 2.99.8 graphical editor, MPTCP (Multipath TCP) marongero kuburikidza neNetworkManager, ACME (Automated Certificate. Management Environment) maseva, virtio-mem, KVM hypervisor yeARM64.
  • Iyo GTK 2 toolkit nemapakeji ayo anobatanidzwa adwaita-gtk2-theme, gnome-common, gtk2, gtk2-immodules uye hexchat zvakaraswa. X.org Server yakadzikiswa (RHEL 9 inopa Wayland-based GNOME musangano nekusarudzika), iyo yakarongwa kuti ibviswe mubazi guru rinotevera reRHEL, asi icharamba ichigona kumhanyisa X11 zvikumbiro kubva kumusangano weWayland uchishandisa XWayland DDX server.

Source: opennet.ru

Voeg