Inkampani yezigqoko ezibomvu ikhithi yokusabalalisa . Imihlangano yokufaka ilungiselwe i-x86_64, s390x (IBM System z), ppc64le kanye ne-Aarch64 izakhiwo, kodwa ngoba kuphela kubasebenzisi ababhalisiwe be-Red Hat Customer Portal. Imithombo yamaphakheji weRed Hat Enterprise Linux 8 rpm isatshalaliswa I-CentOS. Igatsha le-RHEL 8.x lizosekelwa kuze kube okungenani ngo-2029.
I-Red Hat Enterprise Linux 8.1 kwaba ukukhishwa kokuqala okulungiselelwe ngokuvumelana nomjikelezo omusha wokuthuthukiswa obikezelwayo, okusho ukwakhiwa kokukhishwa njalo ezinyangeni eziyisithupha ngesikhathi esinqunyiwe. Ukuba nolwazi olunembile mayelana nokuthi ukukhishwa okusha kuzoshicilelwa nini kukuvumela ukuthi uvumelanise amashejuli okuthuthukisa amaphrojekthi ahlukahlukene, ulungiselele kusengaphambili ukukhishwa okusha, futhi uhlele ukuthi izibuyekezo zizosetshenziswa nini.
Kuyaphawuleka ukuthi entsha Imikhiqizo ye-RHEL ithatha izendlalelo eziningi, kufaka phakathi i-Fedora njengesisekelo samakhono amasha, ukuze kufinyelelwe amaphakheji adalelwe ukukhishwa okumaphakathi okulandelayo kwe-RHEL (inguqulo ephumayo ye-RHEL),
isithombe esiyisisekelo se-minimalistic universal (UBI, Universal Base Image) sokuqalisa izinhlelo zokusebenza ezitsheni ezingazodwa kanye ukusetshenziswa kwamahhala kwe-RHEL kunqubo yokuthuthukisa.
Ukhiye :
- Ukwesekwa okuphelele kwendlela yokufaka ama-Live patches kunikezwa () ukususa ubungozi ku-Linux kernel ngaphandle kokuqalisa kabusha isistimu nangaphandle kokumisa umsebenzi. Ngaphambilini, i-kpatch yayihlukaniswa njengesici sokuhlola;
- Ngokusekelwe kuhlaka Ikhono lokudala uhlu olumhlophe nolumnyama lwezinhlelo zokusebenza seliqalisiwe, elikuvumela ukuba uhlukanise ukuthi yiziphi izinhlelo ezingaqaliswa ngumsebenzisi futhi ezingakwazi (isibonelo, ukuvimba ukwethulwa kwamafayela asebenzisekayo angaphandle angaqinisekisiwe). Isinqumo sokuvimba noma sokuvumela ukuqaliswa singenziwa ngokusekelwe egameni lesicelo, indlela, i-hashi yokuqukethwe, nohlobo lwe-MIME. Ukuhlola umthetho kwenzeka ngesikhathi sokuvula () kanye ne-exec() izingcingo zesistimu, ngakho-ke kungase kube nomthelela omubi ekusebenzeni;
- Ukwakheka kufaka phakathi amaphrofayili e-SELinux, agxile ekusetshenzisweni neziqukathi ezingazodwa kanye nokuvumela ukulawulwa kwembudumbudu okwengeziwe ekufinyeleleni kwezinsizakalo ezisebenza kuziqukathi zokusingatha izinsiza zesistimu. Ukukhiqiza imithetho ye-SELinux yeziqukathi, kuhlongozwa insiza entsha ye-udica, evumela, kucatshangelwa imininingwane yesitsha esithile, ukunikeza ukufinyelela kuphela ezinsizeni zangaphandle ezidingekayo, njengokugcina, amadivaysi kanye nenethiwekhi. Izinsiza ze-SELinux (i-libsepol, i-libselinux, i-libsemanage, i-policycoreutils, i-checkpolicy, i-mcstrans) zibuyekeziwe ukuze kukhishwe i-2.9, kanye nephakheji ye-SETools ukuze ibe yinguqulo 4.2.2.
Kwengezwe uhlobo olusha lwe-SELinux, i-boltd_t, ekhawulela i-boltd, inqubo yokuphatha amadivayisi we-Thunderbolt 3 (i-boltd manje isebenza esitsheni esikhawulelwe yi-SELinux). Kwengezwe isigaba esisha semithetho ye-SELinux - bpf, elawula ukufinyelela kusihlungi se-Berkeley Packet (BPF) futhi sihlola izicelo ze-eBPF;
- Ifaka isitaki samaphrothokholi omzila (BGP4, MP-BGP, OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SM/MSDP, LDP, IS-IS), ethathe indawo yephakheji ye-Quagga eyayisetshenziswa ngaphambilini (i-FRRouting iyimfoloko ye-Quagga, ngakho-ke ukuhambisana akuzange kuthinteke );
- Ezingxenyeni ezibethelwe ngefomethi ye-LUKS2, ukwesekwa kungeziwe ekubetheleni kabusha amadivaysi e-block on the fly, ngaphandle kokumisa ukusetshenziswa kwawo ohlelweni (isibonelo, manje ungakwazi ukushintsha ukhiye noma i-algorithm yokubethela ngaphandle kokwehlisa ukwahlukanisa);
- Ukusekelwa kohlelo olusha lwe-SCAP 1.3 protocol (Security Content Automation Protocol) yengezwe kuhlaka lwe-OpenSCAP;
- Izinguqulo ezibuyekeziwe ze-OpenSSH 8.0p1, Tuned 2.12, chrony 3.5, samba 4.10.4. Amamojula anamagatsha amasha e-PHP 7.3, Ruby 2.6, Node.js 12 kanye ne-nginx 1.16 engeziwe endaweni yokugcina ye-AppStream (ukubuyekeza amamojula namagatsha adlule kuqhubekile). Amaphakheji ane-GCC 9, LLVM 8.0.1, Rust 1.37 kanye ne-Go 1.12.8 engeziwe Eqoqweni Lesofthiwe;
- Ikhithi yamathuluzi yokulandela umkhondo ye-SystemTap ibuyekeziwe ukuze ibe yigatsha 4.1, futhi ikhithi yamathuluzi yokulungisa iphutha yememori ye-Valgrind iye yabuyekezwa ukuze ibe yinguqulo 3.15;
- Isisetshenziswa esisha sokuhlola impilo sengeziwe kumathuluzi okuthunyelwa kweseva ehlonza (i-IdM, Ukuphathwa Kobunikazi), okwenza kube lula ukuhlonza izinkinga ngokusebenza kwezindawo ngeseva ehlonzayo. Ukufakwa nokucushwa kwezindawo ze-IdM kwenziwa lula, ngenxa yosekelo lwezindima Ezifanelekile kanye nekhono lokufaka amamojula. Ukwesekwa okwengeziwe kwe-Active Directory Trusted Forests okusekelwe ku-Windows Server 2019.
- Isishintshi sedeskithophu esibonakalayo sishintshiwe kuseshini ye-GNOME Classic. Iwijethi yokushintsha phakathi kwamadeskithophu manje isitholakala kwesokudla sephaneli engezansi futhi iklanywe njengomucu onezithonjana zedeskithophu (ukuze ushintshele kwenye ideskithophu, mane uchofoze isithonjana esibonisa okuqukethwe kuso);
- Isistimu engaphansi ye-DRM (Direct Rendering Manager) kanye nezishayeli zezithombe ezisezingeni eliphansi (amdgpu, nouveau, i915, mgag200) zibuyekeziwe ukuze zifane ne-Linux 5.1 kernel. Ukwesekwa okwengeziwe kwe-AMD Raven 2, AMD Picasso, AMD Vega, Intel Amber Lake-Y kanye ne-Intel Comet Lake-U subsystems yevidiyo;
- Ikhithi yamathuluzi yokuthuthukisa i-RHEL 7.6 iye ku-RHEL 8.1 yengeze ukwesekwa kokuthuthukiswa ngaphandle kokufakwa kabusha kwe-ARM64, IBM POWER (i-endian encane) ne-IBM Z. Imodi yokuthuthukisa ngaphambilini yesistimu yengezwe kukhonsoli yewebhu. Kwengezwe i-plugin ye-cockpit-leapp ukuze kubuyiselwe isimo uma kuba nezinkinga ngesikhathi sokubuyekeza. Izikhombisi ze/var kanye /usr zihlukaniswa ngezigaba ezihlukene. Kwengezwe ukwesekwa kwe-UEFI. IN amaphakheji abuyekezwa kusukela ku-Supplementary repository (kuhlanganisa amaphakheji okuphathelene);
- Umakhi Wezithombe wengeze usekelo lokwakha izithombe zezindawo zamafu e-Google Cloud kanye ne-Alibaba Cloud. Lapho udala ukugcwaliswa kwesithombe, ikhono lokusebenzisa i-repo.git lengeziwe ukuze lifake amafayela engeziwe asuka kumakhosombe e-Git angenasizathu;
- Ukuhlola okwengeziwe kwengezwe ku-Glibc ukuze i-malloc ithole lapho amabhulokhi enkumbulo abelwe wonakala;
- Iphakheji ye-dnf-utils iqanjwe kabusha ukuze i-yum-utils ukuze ihambisane (ikhono lokufaka i-dnf-utils liyagcinwa, kodwa le phakheji izothathelwa indawo yi-yum-utils);
- Kwengezwe uhlelo olusha lwe-Red Hat Enterprise Linux System Roles, isethi yamamojula nezindima zokuphakela uhlelo lokulawulwa kokucushwa okumaphakathi okusekelwe ku-Ansible kanye nokulungiselela ama-subsystems ukuze kunikwe amandla imisebenzi ethile ehlobene nokugcinwa, ukunethiwekha, ukuvumelanisa isikhathi, imithetho ye-SElinux kanye nokusetshenziswa kwendlela ye-kdump. Isibonelo, indima entsha
isitoreji sikuvumela ukuthi wenze imisebenzi efana nokuphatha izinhlelo zefayela kudiski, ukusebenza namaqembu e-LVM nokuhlukaniswa okunengqondo; - Isitaki senethiwekhi se-VXLAN kanye nemigudu ye-GENEVE sisebenzisa ikhono lokucubungula amaphakethe e-ICMP "Indawo Engafinyeleleki", "Iphakethe Elikhulu Kakhulu" kanye "Nokuqondisa kabusha Umlayezo", okuxazulule inkinga ngokungakwazi ukusebenzisa ukuqondisa kabusha umzila kanye ne-Path MTU Discovery ku-VXLAN ne-GENEVE. .
- Ukuqaliswa kokuhlolwa kwesistimu engaphansi ye-XDP (i-eXpress Data Path), evumela i-Linux ukuthi iqhube izinhlelo ze-BPF ezingeni lomshayeli wenethiwekhi enekhono lokufinyelela ngokuqondile ibhafa yephakethe le-DMA kanye nasesiteji ngaphambi kokuthi isitaki se-skbuff sinikezwe isitaki senethiwekhi, kanye nezingxenye ze-eBPF, ezivumelaniswe ne-Linux 5.0 kernel . Kwengezwe usekelo lokuhlola lwe-AF_XDP kernel subsystem ();
- Usekelo olugcwele lwephrothokholi yenethiwekhi lunikeziwe (I-Transparent Inter-process Communication), eklanyelwe ukuhlela ukuxhumana kwezinqubo phakathi kweqoqo. Iphrothokholi ihlinzeka ngendlela yokuthi izinhlelo zokusebenza zixhumane ngokushesha nangokuthembekile, kungakhathaliseki ukuthi yimaphi ama-node kuqoqo ezisebenza kuwo;
- Imodi entsha yokulondoloza ukulahla okuyisisekelo uma kwenzeka ukwehluleka yengezwe kuma-initramfs - β", ukusebenza ezigabeni zokuqala zokulayisha;
- Kwengezwe ipharamitha entsha ye-kernel ipcmni_extend, enweba umkhawulo we-IPC ID ukusuka ku-32 KB (amabhithi angu-15) ukuya ku-16 MB (amabhithi angu-24), okuvumela izinhlelo zokusebenza ukuthi zisebenzise amasegimenti ememori eyabiwe kakhulu;
- I-Ipset ibuyekeziwe ukuze ikhulule i-7.1 ngokusekelwa kwe-IPSET_CMD_GET_BYNAME kanye nokusebenza kwe-IPSET_CMD_GET_BYINDEX;
- I-rngd daemon, egcwalisa i-entropy pool ye-pseudorandom generator inombolo, ikhululiwe esidingweni sokusebenza njengempande;
- Usekelo olugcwele lunikeziwe (I-Omni-Path Architecture) yemishini ene-Host Fabric Interface (HFI) nokusekelwa okugcwele kwamadivayisi e-Intel Optane DC Persistent Memory.
- Izinhlamvu zokususa iphutha ngokuzenzakalelayo zihlanganisa ukwakhiwa okunomtshina we-UBSAN (Undefined Behavior Sanitizer), esengeza ukuhlola okwengeziwe kukhodi ehlanganisiwe ukuze kutholwe izimo lapho ukuziphatha kohlelo kungachazwanga (isibonelo, ukusetshenziswa kokuguquguquka okungaguquki ngaphambi kokuba kuqaliswe, okuhlukanisayo. izinombolo ngoziro, izinhlobo eziphelele ezisayiniwe ezichichimayo, ukuhoxiswa kwezikhombi ze-NULL, izinkinga zokuqondanisa kwesikhombi, njll.);
- Isihlahla somthombo we-kernel esinezandiso zesikhathi sangempela (kernel-rt) sivunyelaniswa nekhodi eyinhloko ye-RHEL 8 kernel;
- Kwengezwe umshayeli we-ibmvnic wesilawuli senethiwekhi ye-vNIC (Virtual Network Interface Controller) ngokusetshenziswa kobuchwepheshe benethiwekhi ebonakalayo ye-PowerVM. Uma isetshenziswe ngokuhambisana ne-SR-IOV NIC, umshayeli omusha uvumela umkhawulokudonsa kanye nekhwalithi yokulawulwa kwesevisi ezingeni le-adaptha yenethiwekhi ebonakalayo, kunciphisa kakhulu i-virtualization overhead nokunciphisa umthwalo we-CPU;
- Ukwesekwa okwengeziwe Kwezandiso Zobuqotho Bedatha, ezikuvumela ukuthi uvikele idatha emonakalweni lapho ubhalela endaweni yokugcina ngokulondoloza amabhulokhi okulungisa engeziwe;
- Kwengezwe ukwesekwa kokuhlola (Ukuhlola Kuqala Kobuchwepheshe) kwephakheji , ehlinzeka ngomtapo wezincwadi we-nmstatectl kanye nensizakalo yokuphatha izilungiselelo zenethiwekhi nge-API ememezelayo (isimo senethiwekhi sichazwa ngendlela yomdwebo ochazwe ngaphambilini);
- Kwengezwe ukusekelwa kokuhlola kokuqaliswa kwe-kernel-level TLS (KTLS) ngokubethela okusekelwe ku-AES-GCM, kanye nosekelo lokuhlola lwe-OverlayFS, i-cgroup v2, , mdev() kanye ne-DAX (ukufinyelela okuqondile ohlelweni lwefayela ngokudlula inqolobane yekhasi ngaphandle kokusebenzisa izinga ledivayisi yokuvimba) ku-ext4 ne-XFS;
- Ukusekelwa okwehlisiwe kwe-DSA, TLS 1.0 kanye ne-TLS 1.1, ezikhishwe kusethi ye-DEFAULT futhi zayiswa ku-LEGACY (βupdate-crypto-policies βset LEGACYβ);
- Amaphakheji we-389-ds-base-legacy-tools ahoxisiwe.
igunya
ukugcinwa,
igama lomethuleli,
libidn,
net-amathuluzi,
imibhalo yenethiwekhi,
nss-pam-ldapd,
thumela i-imeyili,
yp-amathuluzi
ypbind futhi ypsv. Angase anqanyulwe ekukhishweni okubalulekile okuzayo; - Izikripthi ze-ifup ne-ifdown zithathelwe indawo ngama-wrappers abiza i-NetworkManager nge-nmcli (ukubuyisela imibhalo emidala, udinga ukusebenzisa okuthi βyum install network-scriptsβ).
Source: opennet.ru