ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kokusasazwa kweRed Hat Enterprise Linux 8.2

Ukukhutshwa kokusasazwa kweRed Hat Enterprise Linux 8.2

Inkampani ye-Red Hat ipapashiwe ikhithi yokuhambisa Ishishini lomnqwazi obomvu Linux 8.2. Iindibano zokufakela zilungiselelwe x86_64, s390x (IBM System z), ppc64le kunye ne-Aarch64 izakhiwo, kodwa iyafumaneka kuba Ukhuphelo Ρ‚ΠΎΠ»ΡŒΠΊΠΎ зарСгистрированным ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»ΡΠΌ Red Hat Customer Portal. Π˜ΡΡ…ΠΎΠ΄Π½Ρ‹Π΅ тСксты rpm-ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Red Hat Enterprise Linux 8 Ρ€Π°ΡΠΏΡ€ΠΎΡΡ‚Ρ€Π°Π½ΡΡŽΡ‚ΡΡ Ρ‡Π΅Ρ€Π΅Π· Uvimba weGit CentOS. Π’Π΅Ρ‚ΠΊΠ° RHEL 8.x Π±ΡƒΠ΄Π΅Ρ‚ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΈΠ²Π°Ρ‚ΡŒΡΡ ΠΊΠ°ΠΊ ΠΌΠΈΠ½ΠΈΠΌΡƒΠΌ Π΄ΠΎ 2029 Π³ΠΎΠ΄Π°.

Ekuqaleni, isaziso se-RHEL 8.2 sasi ipapashiwe kwiwebhusayithi ye-Red Hat nge-21 ka-Epreli, kodwa isibhengezo senziwe ngaphambi kwexesha kunye nogcino lokufaka uhlaziyo. bebengekalungeli, kodwa eneneni ukukhululwa kuphume namhlanje kuphela. Isebe le-8.x liphuhliswa ngokuhambelana nomjikelo omtsha wophuhliso oluqikelelwayo, obandakanya ukuqulunqwa kokukhutshwa rhoqo kwiinyanga ezintandathu ngexesha elimisiweyo. Entsha umjikelo wophuhliso Iimveliso ze-RHEL zithatha iileya ezininzi, kubandakanya i-Fedora njengebhodi yobuchule obutsha, CentOS umlambo ukufikelela kwiipakethe ezenzelwe ukukhutshwa okuphakathi okulandelayo kwe-RHEL (uguqulelo oluqengqelekayo lwe-RHEL), umfanekiso osisiseko wehlabathi jikelele (UBI, uMfanekiso weSiseko seSiseko seHlabathi) ukulungiselela usetyenziso olukwizikhongozeli ezizimeleyo kwaye Umrhumo woMphuhlisi we-RHEL ukusetyenziswa kwamahhala kwe-RHEL kwinkqubo yophuhliso.

Isitshixo utshintsho:

  • Ikhuselwe inkxaso epheleleyo yolawulo lwezibonelelo kusetyenziswa ulawulo olumanyeneyo amaqela v2, ebikade ikwinqanaba lokulinga ukwenzeka. Amaqela v2 anokusetyenziswa, umzekelo, ukunciphisa inkumbulo, i-CPU kunye nokusetyenziswa kwe-I/O. Umahluko ophambili phakathi kwe-cgroups v2 kunye ne-v1 kukusetyenziswa kweqela eliqhelekileyo loluhlu lwazo zonke iintlobo zemithombo, endaweni yoluhlu oluhlukeneyo lokwabiwa kwezixhobo ze-CPU, zokulawula ukusetyenziswa kwememori, kunye ne-I / O. Uluhlu olwahlukileyo lukhokelele kubunzima ekuququzeleleni intsebenziswano phakathi kwabaphathi kunye neendleko ezongezelelweyo zemithombo ye-kernel xa kusetyenziswa imithetho yenkqubo ekubhekiselwa kuyo kwii-hierarchies ezahlukeneyo.
  • Yongeziwe инструмСнт Convert2RHEL для прСобразования Π² RHEL систСм Π½Π° ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‚ΡΡ RHEL-ΠΏΠΎΠ΄ΠΎΠ±Π½Ρ‹Π΅ дистрибутивы, Ρ‚Π°ΠΊΠΈΠ΅ ΠΊΠ°ΠΊ CentOS ΠΈ Oracle Linux.
  • Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ кастомизации общСсистСмных ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊ криптографичСских подсистСм (crypto-policies), ΠΎΡ…Π²Π°Ρ‚Ρ‹Π²Π°ΡŽΡ‰ΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹ TLS, IPSec, SSH, DNSSec ΠΈ Kerberos. Администратор Ρ‚Π΅ΠΏΠ΅Ρ€ΡŒ ΠΌΠΎΠΆΠ΅Ρ‚ ΠΎΠΏΡ€Π΅Π΄Π΅Π»ΠΈΡ‚ΡŒ ΡΠΎΠ±ΡΡ‚Π²Π΅Π½Π½ΡƒΡŽ ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊΡƒ ΠΈΠ»ΠΈ ΠΈΠ·ΠΌΠ΅Π½ΠΈΡ‚ΡŒ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Ρ‘Π½Π½Ρ‹Π΅ ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€Ρ‹ ΡΡƒΡ‰Π΅ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΡ…. Π”ΠΎΠ±Π°Π²Π»Π΅Π½Ρ‹ Π΄Π²Π° Π½ΠΎΠ²Ρ‹Ρ… ΠΏΠ°ΠΊΠ΅Ρ‚Π° setools-gui ΠΈ setools-console-analyses для Π°Π½Π°Π»ΠΈΠ·Π° ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊ SELinux ΠΈ инспСктирования ΠΏΠΎΡ‚ΠΎΠΊΠΎΠ² Π΄Π°Π½Π½Ρ‹Ρ…. Π”ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΏΡ€ΠΎΡ„ΠΈΠ»ΡŒ бСзопасности, ΡΠΎΠΎΡ‚Π²Π΅Ρ‚ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΠΉ рСкомСндациям DISA STIG (Defense Information Systems Agency). Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° новая ΡƒΡ‚ΠΈΠ»ΠΈΡ‚Π° oscap-podman для сканирования содСрТимого ΠΊΠΎΠ½Ρ‚Π΅ΠΉΠ½Π΅Ρ€ΠΎΠ² Π½Π° ΠΏΡ€Π΅Π΄ΠΌΠ΅Ρ‚ использования уязвимых вСрсий ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌ.
  • Izixhobo zolawulo lwesazisi ngoku zibandakanya into entsha ye-Healthcheck ekuvumela ukuba uchonge iingxaki kwindawo ye-IDM (Ulawulo lwesazisi). Ibonelela ngenkxaso kwiindima eziBalulekileyo kunye neemodyuli ukwenza lula ufakelo nolawulo lwe-IDM.
  • Uyilo lwekhonsoli yewebhu luye lwatshintshwa, oluye lwatshintshwa ekusebenziseni i-PatternFly 4 interface, efana noyilo lwe-OpenShift interface 4. Ixesha lokungasebenzi komsebenzisi longezwe, emva koko iseshoni kunye ne-console yewebhu iphelile. Inkxaso eyongeziweyo yokuqinisekisa usebenzisa isatifikethi somthengi. Amacandelo okulawula ukugcinwa kunye noomatshini benyani baye bahlaziywa.
  • Ujongano lokutshintsha iidesktop ezinenyani kwimeko-bume yeGNOME yeClassic itshintshiwe; iqhosha lokutshintsha lisusiwe lasiwa kwikona esezantsi ekunene kwaye iyilwe njengoluhlu olunezithonjana.
  • ГрафичСская подсистСма DRM (Direct Rendering Manager) синхронизирована с вСрсиСй ядра Linux 5.1. ΠžΠ±Π½ΠΎΠ²Π»Π΅Π½Ρ‹ графичСскиС Π΄Ρ€Π°ΠΉΠ²Π΅Ρ€Ρ‹, Π² ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… появилась ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Intel Intel Comet Lake H ΠΈ U (HD Graphics 610, 620, 630), Intel Ice Lake U (HD Graphics 910, Iris Plus Graphics 930, 940, 950), AMD Navi 10, Nvidia Turing TU116,
  • Iseshoni ye-GNOME esekwe kwi-Wayland yenziwe ngokungagqibekanga kwiinkqubo ezine-GPU ezininzi (ngaphambili i-X11 yayisetyenziswa kwiinkqubo ezinemizobo exutyiweyo).
  • Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Π½ΠΎΠ²Ρ‹Ρ… ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€ΠΎΠ² ядра Linux, связанных с ΡƒΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ΠΌ Π²ΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΠ΅ΠΌ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ΠΎΡ‚ Π½ΠΎΠ²Ρ‹Ρ… Π°Ρ‚Π°ΠΊ Π½Π° ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ спСкулятивного выполнСния CPU: mds, tsx, mitigations. Π”ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€
    mem_encrypt ukulawula usetyenziso lwe-AMD SME (uKhuseleko lweMemori yokuFihla) izandiso. Kongezwe iparameter ye-cpuidle.governor ukukhetha i-CPU i-idle state handler (irhuluneli ye-cpuidle). Yongezwe /proc/sys/kernel/panic_print parameter ukuqwalasela imveliso yolwazi kwimeko yokuwa kwenkqubo (imeko yoloyiko). Iparamitha eyongeziweyo
    /proc/sys/kernel/threads-max ukuchaza inani eliphezulu lemisonto enokwenziwa yifolokhwe () umsebenzi. Ukongeza /proc/sys/net/bpf_jit_enable ukhetho lokulawula ukuba iJIT compiler yenziwe ukuba iBPF.
  • I-algorithm yokuqaliswa kwe-dnf-automatic.timer iye yatshintshwa ukubiza inkqubo yofakelo lohlaziyo oluzenzekelayo. Endaweni yokusebenzisa isibali-xesha esinemonotonous esikhokelela ekusebenzeni ngexesha elingalindelekanga emva kokuqalisa, iyunithi echaziweyo ngoku iqala phakathi kwe-6 kunye ne-7 am. Ukuba ngeli xesha inkqubo icinyiwe, kodwa iqala ngeyure emva kokuyivula.
  • Iimodyuli ezinamasebe amatsha ePython 3.8 (yayiyi-3.6) kunye ne-Maven 3.6 yongezwe kwindawo yokugcina i-AppStream. Iiphakheji ezihlaziyiweyo nge-GCC 9.2.1, Clang/LLVM 9.0.1, Rust 1.41 kunye neGo 1.13.
  • Iinguqulelo zephakheji ezihlaziyiweyo powertop 2.11 (ngenkxaso EHL, TGL, ICL/ICX amaqonga), opencv 3.4.6, tuned 2.13.0, rsyslog 8.1911.0, audit 3.0-0.14, fapolicyd 0.9.1-2, sudo 1.8.29 - 3.el8,
    firewalld 0.8, tpm2-izixhobo 3.2.1, mod_md (ngenkxaso ACMEv2), grafana 6.3.6, pcp 5.0.2, elfutils 0.178, SystemTap 4.2, 389-ds-base 1.4.2.4,
    isamba 4.11.2.
  • Π”ΠΎΠ±Π°Π²Π»Π΅Π½Ρ‹ Π½ΠΎΠ²Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹ whois, graphviz-python3 (распространяСтся Ρ‡Π΅Ρ€Π΅Π· ΠΎΡ„ΠΈΡ†ΠΈΠ°Π»ΡŒΠ½ΠΎ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΈΠ²Π°Π΅ΠΌΡ‹ΠΉ Ρ€Π΅ΠΏΠΎΠ·ΠΈΡ‚ΠΎΡ€ΠΈΠΉ CRB (CodeReady Linux Builder)), perl-LDAP, perl-Convert-ASN1.
  • Iseva ye-BIND ye-DNS ihlaziywe kuguqulelo 9.11.13 kwaye yatshintshelwa ekusebenziseni i-database ebophelelayo yendawo ye-GeoIP2 kwifomathi ye-libmaxminddb endaweni ye-GeoIP yakudala, engasaxhaswanga. Yongeza i-service-stale (stale-answer) setting, ekuvumela ukuba ubuyisele iirekhodi zeDNS zakudala ukuba akunakwenzeka ukufumana ezintsha.
  • Iplagi ye-omhttp yongezwe kwi-rsyslog ngonxibelelwano ngojongano lwe-HTTP REST.
  • Π’ подсистСму Π°ΡƒΠ΄ΠΈΡ‚Π° пСрСнСсСны измСнСния, ΡΠΎΠΎΡ‚Π²Π΅Ρ‚ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΠ΅ ядру Linux 5.5.
  • I-plugin ye-setroubleshoot yongeze inkxaso yokuhlalutya ukungaphumeleli kokufikelela ngenxa yokuphuma kwimemori kwaye iphendule ngokuzenzekelayo ukusombulula iingxaki ezinjalo.
  • ΠŸΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»ΡΠΌ, ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½Π½Ρ‹ΠΌ ΠΏΡ€ΠΈ ΠΏΠΎΠΌΠΎΡ‰ΠΈ SELinux, прСдоставлСна Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ управлСния сСрвисами, связанными c ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»ΡŒΡΠΊΠΈΠΌ сСансом. Π’ semanage Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΎΡ†Π΅Π½ΠΊΠΈ ΠΈ измСнСния сСтСвых ΠΏΠΎΡ€Ρ‚ΠΎΠ² SCTP ΠΈ DCCP (Ρ€Π°Π½Π΅Π΅ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΈΠ²Π°Π»ΠΈΡΡŒ TCP ΠΈ UDP). ΠžΠ±Π΅ΡΠΏΠ΅Ρ‡Π΅Π½Π° ΠΎΠ±Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° ΠΏΠΎΠ΄ своими Π΄ΠΎΠΌΠ΅Π½Π°ΠΌΠΈ SELinux сСрвисов lvmdbusd (D-Bus API для LVM), lldpd, rrdcached, stratisd, timedatex.
  • I-Firewalld ihanjiswe kwi-libnftables JSON interface xa isebenzisana ne-nftables, ebangele ukunyuka komsebenzi kunye nokuthembeka. i-nftables yongeza inkxaso kwiindidi ezininzi kwiseti ye-IP, enokubandakanya iimanyano kunye noluhlu. Imithetho yeFirewalld ngoku ingasebenzisa iziphatho ukujonga uqhakamshelwano lweenkonzo ezisebenza kumazibuko othungelwano olungelulo oluqhelekileyo.
  • Inkqubo esezantsi yekernel ye-tc (Traffic Control) ibonelela ngenkxaso epheleleyo
    I-eBPF, ekuvumela ukuba usebenzise i-tc utility ukuncamathisela iiprogram ze-eBPF ukuhlela iipakethi nokulungisa imigca engenayo naphumayo.
  • Inkxaso ezinzileyo yezinye ii-subsystems ze-eBPF iphunyeziwe: i-BCC (BPF Compiler Collection) isixhobo kunye nethala leencwadi lokudala iinkqubo zokulandela umkhondo kunye nokulungiswa kwe-BPF, inkxaso ye-eBPF kwi-tc. I-bpftrace kunye ne-eXpress Data Path (XDP) amacandelo ahlala kwi-Technology Preview stage.
  • Amacandelo exesha langempela (i-kernel-rt) ilungelelaniswa kunye nesethi yeepatches kwi-5.2.21-rt13 kernel.
  • Ngoku kuyenzeka ukuqhuba inkqubo ye-rngd (i-daemon yokondla i-entropy kwi-pseudo-random number generator) ngaphandle kwamalungelo engcambu.
  • I-LVM yongeze inkxaso yendlela ye-dm-writecache caching ukongeza kwi-dm-cache ekhoyo ngaphambili. I-Dm-cache igcina eyona misebenzi isetyenziswa rhoqo yokubhala nokufunda, kunye ne-dm-writecache cache ibhala imisebenzi ngokuyibeka kuqala kwi-SSD ekhawulezayo okanye kwimidiya ye-PMEM kwaye emva koko ihambise kwidiski ecothayo ngasemva.
  • I-XFS yongeze inkxaso kwimowudi yokubhala yolwazi lweqela.
  • I-FUSE yongeze inkxaso ye-copy_file_range () yokusebenza, ekuvumela ukuba ukhawuleze ukukopisha idatha ukusuka kwifayile enye ukuya kwenye ngokwenza umsebenzi kuphela kwicala le-kernel ngaphandle kokuqala ukufunda idatha kwimemori yenkqubo. Ukulungiswa kubonakala ngokucacileyo kwi-GlusterFS.
  • Yongeza i "--preload" ukhetho kwikhonkco eliguquguqukayo, elikuvumela ukuba ucacise ngokucacileyo amathala eencwadi ukuba anyanzelwe ukuba alayishwe ngesicelo. Olu khetho lwenza kube lula ukuphepha ukusebenzisa i-LD_PRELOAD eguquguqukayo yemeko-bume, ezuzwe njengeenkqubo zomntwana.
  • I-hypervisor ye-KVM ibonelela ngenkxaso epheleleyo yokusebenza kwendlwane koomatshini ababonakalayo.
  • Abaqhubi abatsha bongeziwe, kuquka
    gVNIC, Broadcom UniMAC MDIO, Software iWARP, DRM VRAM, cpuidle-haltpoll, stm_ftrace, stm_console,
    Intel Trace Hub, PMEM DAX,
    I-Intel PMC Core,
    Intel RAPL
    Intel Runtime Average Power Limit (RAPL).
  • I-DSA eyehliweyo, i-TLS 1.0 kunye ne-TLS 1.1 zivaliwe ngokungagqibekanga kwaye zifumaneka kuphela kwi-LEGACY suite.
  • ΠžΠ±Π΅ΡΠΏΠ΅Ρ‡Π΅Π½Π° ΡΠΊΡΠΏΠ΅Ρ€ΠΈΠΌΠ΅Π½Ρ‚Π°Π»ΡŒΠ½Π°Ρ (Technology Preview) ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° nmstate, AF_XDP, XDP, KTLS, dracut, kexec fast reboot, eBPF, libbpf, igc, NVMe over TCP/IP, DAX Π² ext4 ΠΈ xfs, OverlayFS, Stratis, DNSSEC, GNOME Π½Π° систСмах ARM, AMD SEV для KVM, Intel vGPU

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster