ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kweRed Hat Enterprise Linux 8.1 yokuhanjiswa

Ukukhutshwa kweRed Hat Enterprise Linux 8.1 yokuhanjiswa

Inkampani ye-Red Hat ikhutshiwe ikhithi yokuhambisa I-Red Hat Enterprise Linux 8.1. Iindibano zokufakela zilungiselelwe x86_64, s390x (IBM System z), ppc64le kunye ne-Aarch64 izakhiwo, kodwa iyafumaneka kuba Ukhuphelo kuphela kubasebenzisi ababhalisiweyo bePortal yoMthengi weRed Hat. Imithombo yeRed Hat Enterprise Linux 8 rpm packages isasazwa nge Uvimba weGit CentOS. Isebe le-RHEL 8.x liya kuxhaswa kude kube ngu-2029 ubuncinane.

I-Red Hat Enterprise Linux 8.1 yayiyeyokuqala yokukhululwa elungiselelwe ngokuhambelana nomjikelo omtsha wophuhliso oluqikelelwayo, othetha ukusekwa kokukhutshwa rhoqo kwiinyanga ezintandathu ngexesha elimisiweyo. Ukuba nolwazi oluchanekileyo malunga nokuba ukukhutshwa okutsha kuya kupapashwa nini kukuvumela ukuba ungqamanise iishedyuli zophuhliso lweeprojekthi ezahlukeneyo, ulungiselele kwangaphambili ukukhutshwa okutsha, kwaye ucwangcise xa uhlaziyo luya kusetyenziswa.

Kuyaphawuleka ukuba entsha Umnqa wobomi Iimveliso ze-RHEL zithatha iileya ezininzi, kubandakanya i-Fedora njengebhodi yobuchule obutsha, Ukusasazeka kweCentOS ukufikelela kwiipakethe ezenzelwe ukukhutshwa okuphakathi okulandelayo kwe-RHEL (uguqulelo oluqengqelekayo lwe-RHEL),
umfanekiso wesiseko sendalo esisezantsi (UBI, uMfanekiso weSiseko seSiseko seHlabathi) sokuqhuba usetyenziso kwizikhongozeli ezizimeleyo kunye Umrhumo woMphuhlisi we-RHEL ukusetyenziswa kwamahhala kwe-RHEL kwinkqubo yophuhliso.

Isitshixo utshintsho:

  • Inkxaso epheleleyo yomatshini wokufaka amabala eLive inikezelwe (kpatch) ukususa ubuthathaka kwi Linux kernel ngaphandle kokuphinda uqalise inkqubo kwaye ngaphandle kokumisa umsebenzi. Ngaphambili, i-kpatch yahlelwa njengophawu lovavanyo;
  • Ngokusekelwe kwisakhelo i-fapolicy Ikhono lokudala uluhlu olumhlophe kunye nolumnyama lwezicelo luphunyeziwe, olukuvumela ukuba uhlukanise ukuba zeziphi iinkqubo ezinokuthi ziqaliswe ngumsebenzisi kwaye ezingenako (umzekelo, ukuvimba ukuqaliswa kweefayile eziphunyezwayo zangaphandle ezingaqinisekiswanga). Isigqibo sokuvala okanye ukuvumela ukuqaliswa kunokwenziwa ngokusekelwe kwigama lesicelo, indlela, umxholo we-hash, kunye nohlobo lwe-MIME. Uqwalaselo lomthetho lwenzeka ngexesha lokuvula () kunye ne-exec () iminxeba yenkqubo, ngoko ke kunokuba nefuthe elibi ekusebenzeni;
  • Ukuqulunqwa kubandakanya iiprofayili ze-SELinux, ezigxininise ekusetyenzisweni kunye nezikhongozeli ezizimeleyo kunye nokuvumela ulawulo lwegranular ngaphezulu kokufikelela kwiinkonzo ezisebenza kwizikhongozeli zokubamba izixhobo zenkqubo. Ukuvelisa imigaqo ye-SELinux yee-container, i-udica entsha ye-udica iphakanyisiwe, evumela, ngokuqwalasela iinkcukacha zesitya esithile, ukubonelela ngokufikelela kuphela kwizibonelelo zangaphandle eziyimfuneko, ezifana nokugcinwa, izixhobo kunye nenethiwekhi. Izixhobo ze-SELinux (i-libsepol, i-libselinux, i-libsemanage, i-policycoreutils, i-checkpolicy, i-mcstrans) ihlaziywe ukukhulula i-2.9, kunye nephakheji ye-SETools kwinguqulo ye-4.2.2.

    Yongezwe uhlobo olutsha lwe-SELinux, i-boltd_t, ethintela i-boltd, inkqubo yokulawula izixhobo ze-Thunderbolt 3 (i-boltd ngoku isebenza kwisikhongozeli esilinganiselwe yi-SELinux). Yongeza iklasi entsha yemithetho ye-SELinux - bpf, elawula ukufikelela kwi-Berkeley Packet Filter (BPF) kwaye ihlola izicelo ze-eBPF;

  • Ibandakanya uluhlu lweendlela zokuziphatha UKUQALA (BGP4, MP-BGP, OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SM/MSDP, LDP, IS-IS), eyathatha indawo yephakheji ye-Quagga eyayisetyenziswa ngaphambili (i-FRRouting yifolokhwe yeQuagga, ngoko ukuhambelana akuzange kuchaphazeleke. );
  • Kwizahlulo ezifihliweyo kwifomathi ye-LUKS2, inkxaso yongezwe kwi-encrypting block yezixhobo kwi-fly, ngaphandle kokuyeka ukusetyenziswa kwazo kwinkqubo (umzekelo, ngoku unokutshintsha isitshixo okanye i-algorithm ye-encryption ngaphandle kokunciphisa isahlulelo);
  • Inkxaso yohlelo olutsha lweprotocol ye-SCAP 1.3 (iProtocol yokuSecurity Content Automation Protocol) yongezwe kwisakhelo se-OpenSCAP;
  • Iinguqulelo ezihlaziyiweyo ze-OpenSSH 8.0p1, iTuned 2.12, chrony 3.5, samba 4.10.4. Iimodyuli ezinamasebe amatsha e-PHP 7.3, i-Ruby 2.6, i-Node.js 12 kunye ne-nginx 1.16 yongezwe kwindawo yokugcina i-AppStream (ukuhlaziya iimodyuli kunye namasebe angaphambili kuye kwaqhubeka). Iiphakheji ezine-GCC 9, i-LLVM 8.0.1, i-Rust 1.37 kunye ne-Go 1.12.8 yongezwe kwiNgqokelela yeSoftware;
  • I-Toolkit yokulandelela i-SystemTap ihlaziywe kwisebe le-4.1, kwaye i-toolkit ye-debugging ye-Valgrind memory ihlaziywe kwinguqulo ye-3.15;
  • Isixhobo esitsha sokuhlola impilo yongezwe kwisixhobo sokuchongwa kwe-server (i-IDM, i-Identity Management), eyenza lula ukuchongwa kweengxaki ngokusebenza kweemeko kunye neseva yokuchonga. Ufakelo kunye noqwalaselo lweemekobume ze-IdM zenziwe lula, ngenxa yenkxaso yeendima eziBalulekileyo kunye nokukwazi ukufaka iimodyuli. Inkxaso eyongeziweyo ye-Active Directory Trusted Forests esekwe kwi-Windows Server 2019.
  • Isitshintshi sedesktop enenyani sitshintshiwe kwiseshini yeGNOME Classic. Iwijethi yokutshintsha phakathi kwedesktop ngoku ibekwe kwicala lasekunene leqela lenjongo esezantsi kwaye iyilwe njengoluhlu olunezithonjana zedesktop (ukutshintshela kwenye idesktop, nqakraza nje kwi thumbnail ebonisa imixholo yayo);
  • Inkqubo esezantsi ye-DRM (uMlawuli oBonelela ngokuNgqo) kunye nomgangatho ophantsi wokuqhuba imizobo (amdgpu, nouveau, i915, mgag200) zihlaziyiwe ukuze zihambelane neLinux 5.1 kernel. Inkxaso eyongeziweyo ye-AMD Raven 2, i-AMD Picasso, i-AMD Vega, i-Intel Amber Lake-Y kunye ne-Intel Comet ye-Lake-U ye-subsystems yevidiyo;
  • I-Toolkit yokuphucula i-RHEL 7.6 ukuya kwi-RHEL 8.1 yongeze inkxaso yokuphucula ngaphandle kokufakwa kwakhona kwe-ARM64, i-IBM POWER (i-endian encinci) kunye ne-IBM Z imo yokuphucula kwangaphambili yongezwa kwikhonsoli yewebhu. Yongezwe iplagi ye-cockpit-leapp ukubuyisela imeko kwimeko yeengxaki ngexesha lohlaziyo. Izikhokelo ze/var kunye/usr zohlulwe zibe ngamacandelo ahlukeneyo. Inkxaso eyongeziweyo ye-UEFI. IN Leapp iipakethe zihlaziywa ukusuka kwindawo yokugcina eyoNgezelelweyo (ibandakanya iiphakheji zobunini);
  • Umakhi woMfanekiso wongeze inkxaso yokwakha imifanekiso yeLifu likaGoogle kunye neendawo zamafu eAlibaba. Xa usenza ukuzaliswa komfanekiso, ukukwazi ukusebenzisa i-repo.git yongezwe ukubandakanya iifayile ezongezelelweyo ezivela kwiindawo zokugcina zeGit;
  • Iitshekhi ezongezelelweyo zongeziwe kwi-Glibc ukwenzela ukuba i-malloc ibone xa iibhloko zememori ezabiweyo zonakaliswe;
  • I-package ye-dnf-utils iye yabizwa ngokuba yi-yum-utils ukuze ihambelane (amandla okufaka i-dnf-utils igcinwa, kodwa le phakheji iya kutshintshwa ngokuzenzekelayo yi-yum-utils);
  • Yongezwe uhlelo olutsha lweRed Hat Enterprise Linux Iindima zeNkqubo, ukunika iseti yeemodyuli kunye neendima zokubeka inkqubo yolawulo loqwalaselo olusembindini esekwe kwi-Ansible kunye noqwalaselo lwe-subsystems ukwenza imisebenzi ethile enxulumene nokugcinwa, amandla othungelwano, ungqamaniso lwexesha, imithetho ye-SElinux kunye nokusetyenziswa kwendlela ye-kdump. Umzekelo, indima entsha
    ugcino lukuvumela ukuba wenze imisebenzi efana nokulawula iinkqubo zefayile kwidiski, ukusebenza namaqela e-LVM kunye nezahlulo ezinengqiqo;
  • I-stack yenethiwekhi ye-VXLAN kunye ne-GENEVE i-tunnels iphunyezwe ukukwazi ukucubungula iipakethi ze-ICMP "Indawo yokuFikela engenakufikeleleka", "Ipakethi enkulu kakhulu" kunye ne "Redirect Message", eyasombulula ingxaki yokungakwazi ukusebenzisa iindlela zokuqondiswa kwakhona kunye ne-Path MTU Discovery kwi-VXLAN kunye ne-GENEVE. .
  • Ukuphunyezwa kovavanyo lwe-XDP (i-eXpress Data Path), evumela i-Linux ukuba iqhube iinkqubo ze-BPF kwinqanaba lomqhubi wenethiwekhi ngokukwazi ukufikelela ngokuthe ngqo kwi-packet buffer ye-DMA kwaye kwinqanaba phambi kokuba i-skbuff buffer yabiwe yi-stack yenethiwekhi, kunye namacandelo e-eBPF, adityaniswa neLinux 5.0 kernel . Inkxaso yovavanyo eyongeziweyo ye-AF_XDP kernel subsystem (Indlela yeDatha ye-eXpress);
  • Inkxaso yothungelwano lweprotocol epheleleyo inikezelwe I-TIPC (I-Transparent Inter-process Communication), eyilelwe ukuququzelela unxibelelwano phakathi kwenkqubo kwiqela. Iprothokholi ibonelela ngeendlela zokunxibelelana kwezicelo ngokukhawuleza nangokuthembekileyo, kungakhathaliseki ukuba zeziphi iindawo kwiqela eliqhuba kuzo;
  • Imowudi entsha yokugcina indawo yokulahla ingundoqo kwimeko yokusilela yongezwe kwi-initramfs - “ukulahla kwangoko", ukusebenza kumanqanaba okuqala okulayisha;
  • Yongeza iparamitha entsha ye-kernel ipcmni_extend, eyandisa umda we-ID ye-IPC ukusuka kwi-32 KB (i-15 bits) ukuya kwi-16 MB (ii-bits ezingama-24), ivumela izicelo ukuba zisebenzise amacandelo ememori ekwabelwana ngawo;
  • I-Ipset ihlaziywe ukukhulula i-7.1 ngenkxaso ye-IPSET_CMD_GET_BYNAME kunye nemisebenzi ye-IPSET_CMD_GET_BYINDEX;
  • I-rngd daemon, egcwalisa ichibi le-entropy ye-pseudorandom yejenereyitha yenombolo, ikhululiwe kwimfuno yokubaleka njengengcambu;
  • Inkxaso epheleleyo inikezelwe Intel OPA (I-Omni-Path Architecture) yezixhobo kunye ne-Host Fabric Interface (i-HFI) kunye nenkxaso epheleleyo ye-Intel Optane DC ye-Persistent Memory device.
  • Iinkozo zokulungisa ngokungagqibekanga ziquka ukwakhiwa nge UBSAN (Undefined Behavior Sanitizer) detector, eyongeza iitshekhi ezongezelelweyo kwikhowudi ehlanganisiweyo ukufumanisa iimeko xa ukuziphatha kweprogram kungachazwanga (umzekelo, ukusetyenziswa kwezinto eziguquguqukayo ezingezizo-static phambi kokuba ziqaliswe, ukwahlula ii-integers ngo-zero, kuphuphuma kwiintlobo ezipheleleyo ezisayiniweyo, ukushenxiswa kwezalathisi ezi-NULL, iingxaki ngolungelelwaniso lwesalathisi, njl. njl.);
  • Umthi womthombo we-kernel kunye nokwandiswa kwexesha langempela (i-kernel-rt) ihambelana nekhowudi ye-kernel ye-RHEL ephambili ye-8;
  • Umqhubi we-ibmvnic wongeziweyo we-vNIC (umlawuli wenethiwekhi ye-Virtual Network Interface) kunye nokuphunyezwa kwe-PowerVM ye-virtual network technology. Xa isetyenziswe ngokubambisana ne-SR-IOV NIC, umqhubi omtsha uvumela i-bandwidth kunye nomgangatho wolawulo lwenkonzo kwinqanaba le-adapter yenethiwekhi ye-virtual, ukunciphisa kakhulu i-virtualization overhead kunye nokunciphisa umthwalo we-CPU;
  • Inkxaso eyongeziweyo yoLwandiso lweNgqibelelo yeDatha, ekuvumela ukuba ukhusele idatha kumonakalo xa ubhala ukugcinwa ngokugcina iibhloko ezongezelelweyo zokulungisa;
  • Inkxaso yovavanyo eyongeziweyo (i-Technology Preview) yephakheji nmstate, ebonelela ngelayibrari ye-nmstatectl kunye nenkonzo yokulawula izicwangciso zenethiwekhi ngokusebenzisa i-API echazayo (i-network state ichazwe ngendlela yeskimu esichazwe ngaphambili);
  • Inkxaso yovavanyo eyongeziweyo yokuphunyezwa kwe-kernel-level TLS (KTLS) kunye ne-AES-GCM-based encryption, kunye nenkxaso yovavanyo ye-OverlayFS, i-cgroup v2, Stratis, mdev (Intel vGPU) kunye neDAX (unikezelo oluthe ngqo kwisixokelelwano sefayile ngokugqitha indawo efihlakeleyo yephepha ngaphandle kokusebenzisa umphakamo wecebo lebhloko) kwi ext4 kunye ne XFS;
  • Ukuxhaswa kwe-DSA, i-TLS 1.0 kunye ne-TLS 1.1, eziye zasuswa kwi-DEFAULT iseti kwaye zasiwa kwi-LEGACY ("update-crypto-policies -set LEGACY");
  • Iiphakheji ze-389-ds-base-legacy-tools ziye zarhoxiswa.
    ubungqina
    ugcino,
    igama lomamkeli,
    libidn,
    izixhobo zomnatha,
    imibhalo yenethiwekhi,
    nss-pam-ldapd,
    thumela i-imeyile,
    yp-izixhobo
    ypbind kunye neypsv. Basenokuyekwa ekukhululweni okubalulekileyo kwexesha elizayo;
  • Izikripthi ze-ifup kunye ne-ifdown zitshintshwe ngezisongelo ezifowunela i-NetworkManager nge-nmcli (ukubuyisela izikripthi ezindala, kufuneka usebenzise "yum ukufaka inethiwekhi-scripts").

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster