Inkampani ye-Red Hat
Ekuqaleni, isaziso se-RHEL 8.2 sasi
Isitshixo
-
Ikhuselwe inkxaso epheleleyo yolawulo lwezibonelelo kusetyenziswa ulawulo olumanyeneyoamaqela v2 , ebikade ikwinqanaba lokulinga ukwenzeka. Amaqela v2 anokusetyenziswa, umzekelo, ukunciphisa inkumbulo, i-CPU kunye nokusetyenziswa kwe-I/O. Umahluko ophambili phakathi kwe-cgroups v2 kunye ne-v1 kukusetyenziswa kweqela eliqhelekileyo loluhlu lwazo zonke iintlobo zemithombo, endaweni yoluhlu oluhlukeneyo lokwabiwa kwezixhobo ze-CPU, zokulawula ukusetyenziswa kwememori, kunye ne-I / O. Uluhlu olwahlukileyo lukhokelele kubunzima ekuququzeleleni intsebenziswano phakathi kwabaphathi kunye neendleko ezongezelelweyo zemithombo ye-kernel xa kusetyenziswa imithetho yenkqubo ekubhekiselwa kuyo kwii-hierarchies ezahlukeneyo. -
Yongeziwe Isixhobo se-Convert2RHEL sokuguqula iinkqubo ezisebenza ngokusasazwa okufana ne-RHEL, njenge-CentOS kunye ne-Oracle Linux, kwi-RHEL. - Kongezwe ukukwazi ukwenza ngokwezifiso imigaqo-nkqubo ye-cryptographic subsystem (i-crypto-polisi), ehlanganisa i-TLS, i-IPSec, i-SSH, i-DNSSec kunye ne-Kerberos protocol. Umlawuli ngoku unokuchaza umgaqo-nkqubo wakhe okanye atshintshe iiparameters ezithile ezikhoyo. Kongezwe iipakethe ezimbini ezintsha ze-setools-gui kunye ne-setools-console-analyses yokuhlalutya imigaqo-nkqubo ye-SELinux kunye nokuhlola ukuhamba kwedatha. Kongezwe iprofayili yokhuseleko ehambelana ne-DISA STIG (i-Arhente yeeNkqubo zoLwazi lwezoKhuselo) iingcebiso. Isixhobo esitsha, i-oscap-podman, yongezwe ukuskena imixholo yezikhongozelo kwiinguqulelo ezisengozini yeenkqubo.
- Izixhobo zolawulo lwesazisi ngoku zibandakanya into entsha ye-Healthcheck ekuvumela ukuba uchonge iingxaki kwindawo ye-IDM (Ulawulo lwesazisi). Ibonelela ngenkxaso kwiindima eziBalulekileyo kunye neemodyuli ukwenza lula ufakelo nolawulo lwe-IDM.
- Uyilo lwekhonsoli yewebhu luye lwatshintshwa, oluye lwatshintshwa ekusebenziseni i-PatternFly 4 interface, efana noyilo lwe-OpenShift interface 4. Ixesha lokungasebenzi komsebenzisi longezwe, emva koko iseshoni kunye ne-console yewebhu iphelile. Inkxaso eyongeziweyo yokuqinisekisa usebenzisa isatifikethi somthengi. Amacandelo okulawula ukugcinwa kunye noomatshini benyani baye bahlaziywa.
- Ujongano lokutshintsha iidesktop ezinenyani kwimeko-bume yeGNOME yeClassic itshintshiwe; iqhosha lokutshintsha lisusiwe lasiwa kwikona esezantsi ekunene kwaye iyilwe njengoluhlu olunezithonjana.
- I-DRM (uMlawuli oBonelela ngokuthe ngqo) isixokelelwano semizobo sidityaniswa ne-Linux kernel version 5.1. Abaqhubi bemizobo bahlaziywe ukubandakanya inkxaso ye-Intel Intel Comet Lake H kunye ne-U (i-HD Graphics 610, 620, 630), Intel Ice Lake U (HD Graphics 910, Iris Plus Graphics 930, 940, 950), AMD Navi 10, Nvidia I-Turing TU116,
- Iseshoni ye-GNOME esekwe kwi-Wayland yenziwe ngokungagqibekanga kwiinkqubo ezine-GPU ezininzi (ngaphambili i-X11 yayisetyenziswa kwiinkqubo ezinemizobo exutyiweyo).
- Inkxaso eyongeziweyo yeeparamitha ze-Linux kernel ezinxulumene nokulawula ukubandakanywa kokhuseleko kuhlaselo olutsha kwindlela yokubulawa kwe-CPU eqikelelwayo: mds, tsx, ukunciphisa. Iparamitha eyongeziweyo
mem_encrypt ukulawula usetyenziso lwe-AMD SME (uKhuseleko lweMemori yokuFihla) izandiso. Kongezwe iparameter ye-cpuidle.governor ukukhetha i-CPU i-idle state handler (irhuluneli ye-cpuidle). Yongezwe /proc/sys/kernel/panic_print parameter ukuqwalasela imveliso yolwazi kwimeko yokuwa kwenkqubo (imeko yoloyiko). Iparamitha eyongeziweyo
/proc/sys/kernel/threads-max ukuchaza inani eliphezulu lemisonto enokwenziwa yifolokhwe () umsebenzi. Ukongeza /proc/sys/net/bpf_jit_enable ukhetho lokulawula ukuba iJIT compiler yenziwe ukuba iBPF. - I-algorithm yokuqaliswa kwe-dnf-automatic.timer iye yatshintshwa ukubiza inkqubo yofakelo lohlaziyo oluzenzekelayo. Endaweni yokusebenzisa isibali-xesha esinemonotonous esikhokelela ekusebenzeni ngexesha elingalindelekanga emva kokuqalisa, iyunithi echaziweyo ngoku iqala phakathi kwe-6 kunye ne-7 am. Ukuba ngeli xesha inkqubo icinyiwe, kodwa iqala ngeyure emva kokuyivula.
- Iimodyuli ezinamasebe amatsha ePython 3.8 (yayiyi-3.6) kunye ne-Maven 3.6 yongezwe kwindawo yokugcina i-AppStream. Iiphakheji ezihlaziyiweyo nge-GCC 9.2.1, Clang/LLVM 9.0.1, Rust 1.41 kunye neGo 1.13.
- Iinguqulelo zephakheji ezihlaziyiweyo powertop 2.11 (ngenkxaso EHL, TGL, ICL/ICX amaqonga), opencv 3.4.6, tuned 2.13.0, rsyslog 8.1911.0, audit 3.0-0.14, fapolicyd 0.9.1-2, sudo 1.8.29 - 3.el8,
firewalld 0.8, tpm2-izixhobo 3.2.1, mod_md (ngenkxaso ACMEv2), grafana 6.3.6, pcp 5.0.2, elfutils 0.178, SystemTap 4.2, 389-ds-base 1.4.2.4,
isamba 4.11.2. - Kongezwe iipakethe ezintsha whois, graphviz-python3 (isasazwe ngeCRB engaxhaswanga ngokusemthethweni (CodeReady Linux Builder) repository), perl-LDAP, perl-Convert-ASN1.
- Iseva ye-BIND ye-DNS ihlaziywe kuguqulelo 9.11.13 kwaye yatshintshelwa ekusebenziseni i-database ebophelelayo yendawo ye-GeoIP2 kwifomathi ye-libmaxminddb endaweni ye-GeoIP yakudala, engasaxhaswanga. Yongeza i-service-stale (stale-answer) setting, ekuvumela ukuba ubuyisele iirekhodi zeDNS zakudala ukuba akunakwenzeka ukufumana ezintsha.
- Iplagi ye-omhttp yongezwe kwi-rsyslog ngonxibelelwano ngojongano lwe-HTTP REST.
- Utshintsho oluhambelana neLinux 5.5 kernel lukhutshelwe kwisistim yophicotho.
- I-plugin ye-setroubleshoot yongeze inkxaso yokuhlalutya ukungaphumeleli kokufikelela ngenxa yokuphuma kwimemori kwaye iphendule ngokuzenzekelayo ukusombulula iingxaki ezinjalo.
- Abasebenzisi abathintelwe yi-SELinux banikwe amandla okulawula iinkonzo ezinxulumene neseshoni yomsebenzisi. I-Semanage yongeze inkxaso yokuvavanya nokutshintsha izibuko zenethiwekhi ze-SCTP kunye ne-DCCP (ngaphambili i-TCP kunye ne-UDP bezixhaswa). Iinkonzo lvmdbusd (D-Bus API yeLVM), lldpd, rrdcached, stratisd, timedatex zisetyenzwa phantsi kwemimandla yazo ye-SELinux.
- I-Firewalld ihanjiswe kwi-libnftables JSON interface xa isebenzisana ne-nftables, ebangele ukunyuka komsebenzi kunye nokuthembeka. i-nftables yongeza inkxaso kwiindidi ezininzi kwiseti ye-IP, enokubandakanya iimanyano kunye noluhlu. Imithetho yeFirewalld ngoku ingasebenzisa iziphatho ukujonga uqhakamshelwano lweenkonzo ezisebenza kumazibuko othungelwano olungelulo oluqhelekileyo.
- Inkqubo esezantsi yekernel ye-tc (Traffic Control) ibonelela ngenkxaso epheleleyo
I-eBPF, ekuvumela ukuba usebenzise i-tc utility ukuncamathisela iiprogram ze-eBPF ukuhlela iipakethi nokulungisa imigca engenayo naphumayo. - Inkxaso ezinzileyo yezinye ii-subsystems ze-eBPF iphunyeziwe: i-BCC (BPF Compiler Collection) isixhobo kunye nethala leencwadi lokudala iinkqubo zokulandela umkhondo kunye nokulungiswa kwe-BPF, inkxaso ye-eBPF kwi-tc. I-bpftrace kunye ne-eXpress Data Path (XDP) amacandelo ahlala kwi-Technology Preview stage.
- Amacandelo exesha langempela (i-kernel-rt) ilungelelaniswa kunye nesethi yeepatches kwi-5.2.21-rt13 kernel.
- Ngoku kuyenzeka ukuqhuba inkqubo ye-rngd (i-daemon yokondla i-entropy kwi-pseudo-random number generator) ngaphandle kwamalungelo engcambu.
- I-LVM yongeze inkxaso yendlela ye-dm-writecache caching ukongeza kwi-dm-cache ekhoyo ngaphambili. I-Dm-cache igcina eyona misebenzi isetyenziswa rhoqo yokubhala nokufunda, kunye ne-dm-writecache cache ibhala imisebenzi ngokuyibeka kuqala kwi-SSD ekhawulezayo okanye kwimidiya ye-PMEM kwaye emva koko ihambise kwidiski ecothayo ngasemva.
- I-XFS yongeze inkxaso kwimowudi yokubhala yolwazi lweqela.
- I-FUSE yongeze inkxaso ye-copy_file_range () yokusebenza, ekuvumela ukuba ukhawuleze ukukopisha idatha ukusuka kwifayile enye ukuya kwenye ngokwenza umsebenzi kuphela kwicala le-kernel ngaphandle kokuqala ukufunda idatha kwimemori yenkqubo. Ukulungiswa kubonakala ngokucacileyo kwi-GlusterFS.
- Yongeza i "--preload" ukhetho kwikhonkco eliguquguqukayo, elikuvumela ukuba ucacise ngokucacileyo amathala eencwadi ukuba anyanzelwe ukuba alayishwe ngesicelo. Olu khetho lwenza kube lula ukuphepha ukusebenzisa i-LD_PRELOAD eguquguqukayo yemeko-bume, ezuzwe njengeenkqubo zomntwana.
- I-hypervisor ye-KVM ibonelela ngenkxaso epheleleyo yokusebenza kwendlwane koomatshini ababonakalayo.
- Abaqhubi abatsha bongeziwe, kuquka
gVNIC, Broadcom UniMAC MDIO, Software iWARP, DRM VRAM, cpuidle-haltpoll, stm_ftrace, stm_console,
Intel Trace Hub, PMEM DAX,
I-Intel PMC Core,
Intel RAPL
Intel Runtime Average Power Limit (RAPL). - I-DSA eyehliweyo, i-TLS 1.0 kunye ne-TLS 1.1 zivaliwe ngokungagqibekanga kwaye zifumaneka kuphela kwi-LEGACY suite.
- Kubonelelwe ngenkxaso yovavanyo (Technology Preview) ye-nmstate, AF_XDP, XDP, KTLS, dracut, kexec fast reboot, eBPF, libbpf, igc, NVMe phezu kweTCP/IP, DAX kwi ext4 kunye xfs, OverlayFS, Stratis, DNSSEC, GNOME kwiinkqubo zeARM , AMD SEV ye-KVM, Intel vGPU
umthombo: opennet.ru