Inkampani yezigqoko ezibomvu ikhithi yokusabalalisa . Imihlangano yokufaka ilungiselwe i-x86_64, s390x (IBM System z), ppc64le kanye ne-Aarch64 izakhiwo, kodwa ngoba kuphela kubasebenzisi ababhalisiwe be-Red Hat Customer Portal. Imithombo yamaphakheji weRed Hat Enterprise Linux 8 rpm isatshalaliswa I-CentOS. Igatsha le-RHEL 8.x lizosekelwa kuze kube okungenani ngo-2029.
Ekuqaleni, isimemezelo se-RHEL 8.2 sasi kuwebhusayithi ye-Red Hat ngo-Ephreli 21, kodwa isimemezelo senziwe ngaphambi kwesikhathi futhi amaqoqo okufaka izibuyekezo asalokhu , kodwa empeleni ukukhululwa kuphume namuhla kuphela. Igatsha le-8.x liyathuthukiswa ngokuvumelana nomjikelezo omusha wokuthuthukiswa obikezelwayo, obandakanya ukwakhiwa kokukhishwa njalo ezinyangeni eziyisithupha ngesikhathi esinqunyiwe. Okusha Imikhiqizo ye-RHEL ithatha izendlalelo eziningi, kufaka phakathi i-Fedora njengesisekelo samakhono amasha, ukuze kufinyelelwe amaphakheji akhiqizwe ekukhishweni okumaphakathi okulandelayo kwe-RHEL (inguqulo egingqikayo ye-RHEL), isithombe esincane esiyisisekelo se-universal (UBI, Universal Base Image) sokuqalisa izinhlelo zokusebenza ezitsheni ezingazodwa kanye ukusetshenziswa kwamahhala kwe-RHEL kunqubo yokuthuthukisa.
Ukhiye :
- ukwesekwa okugcwele kokuphathwa kwezinsiza kusetshenziswa isigaba esibumbene , ebikade isesigabeni sokuhlola ukuthi kungenzeka yini. Π‘groups v2 ingasetshenziswa, isibonelo, ukukhawulela inkumbulo, CPU kanye ne-I/O ukusetshenziswa. Umehluko oyinhloko phakathi kwamaqoqo v2 kanye ne-v1 ukusetshenziswa kwe-cgroup hierarchy yazo zonke izinhlobo zezinsiza, esikhundleni sezigaba ezihlukene zokwaba izinsiza ze-CPU, zokulawula ukusetshenziswa kwememori, kanye ne-I/O. Izigaba ezihlukene ziholele ebunzimeni ekuhleleni ukusebenzelana phakathi kwabaphathi kanye nasezindlekweni ezengeziwe zensiza ye-kernel lapho kusetshenziswa imithetho yenqubo ebalulwe ezigabeni ezihlukene.
- Ithuluzi le-Convert2RHEL lokuguqula amasistimu asebenzisa ukusatshalaliswa okufana ne-RHEL, njenge-CentOS ne-Oracle Linux, ibe i-RHEL.
- Kwengezwe ikhono lokwenza ngokwezifiso izinqubomgomo zesistimu engaphansi kwe-cryptographic (crypto-izinqubomgomo), ezihlanganisa i-TLS, IPSec, SSH, DNSSec kanye nezivumelwano ze-Kerberos. Manje umlawuli usengakwazi ukuchaza inqubomgomo yakhe noma aguqule imingcele ethile yaleyo ekhona kakade. Kwengezwe amaphakheji amasha ama-setools-gui kanye ne-setools-console-analyses okuhlaziya izinqubomgomo ze-SELinux nokuhlola ukugeleza kwedatha. Kwengezwe iphrofayela yezokuphepha ethobela izincomo ze-DISA STIG (I-Defense Information Systems Agency) Isisetshenziswa esisha, i-oscap-podman, sengeziwe ukuskena okuqukethwe kweziqukathi ukuthola izinguqulo ezisengozini yezinhlelo.
- Amathuluzi okuphatha ubunikazi manje ahlanganisa insiza entsha ye-Healthcheck ekuvumela ukuthi ukhombe izinkinga ezindaweni ze-IdM (Identity Management). Ihlinzeka ngosekelo lwezindima namamojula Ansible ukwenza lula ukufakwa nokuphathwa kwe-IdM.
- Idizayini yekhonsoli yewebhu ishintshiwe, eshintshelwe kusetshenziswa isixhumi esibonakalayo se-PatternFly 4, esifana nedizayini yesixhumi esibonakalayo se-OpenShift 4. Isikhathi sokuvala sokungasebenzi komsebenzisi sengeziwe, ngemva kwalokho iseshini nekhonsoli yewebhu iyanqanyulwa. Kwengezwe usekelo lokuqinisekisa kusetshenziswa isitifiketi seklayenti. Izigaba zokuphatha isitoreji nemishini ebonakalayo zibuyekeziwe.
- Isixhumi esibonakalayo sokushintsha amadeskithophu abonakalayo endaweni ye-GNOME Classic sishintshiwe; inkinobho yokushintsha ihanjiswe ekhoneni elingezansi kwesokudla futhi yakhelwe njengomucu onezithonjana.
- Uhlelo olungaphansi lwemifanekiso ye-DRM (Isiphathi Sokunikezwa Okuqondile) sivunyelaniswa nenguqulo ye-Linux kernel 5.1. Abashayeli bezithombe babuyekeziwe ukuze bafake ukusekelwa kwe-Intel Comet Lake H ne-U (HD Graphics 610, 620, 630), Intel Ice Lake U (HD Graphics 910, Iris Plus Graphics 930, 940, 950), AMD Navi 10, Nvidia I-Turing TU116,
- Iseshini ye-GNOME esekwe Wayland inikwe amandla ngokuzenzakalela kumasistimu anama-GPU amaningi (ngaphambilini i-X11 yayisetshenziswa kumasistimu anezithombe ezixubile).
- Ukwesekwa okwengeziwe kwamapharamitha e-Linux kernel amasha ahlobene nokulawula ukufakwa kwesivikelo ekuhlaselweni okusha kumshini wokubulala oqagelayo we-CPU: mds, tsx, mitigations. Kwengezwe ipharamitha
mem_encrypt ukuze ulawule ukunika amandla izandiso ze-AMD SME (Secure Memory Encryption). Kwengezwe ipharamitha ye-cpuidle.governor ukuze ukhethe isibambi sesimo sokungenzi lutho se-CPU (i-cpuidle governor). Kwengezwe ipharamitha ethi /proc/sys/kernel/panic_print ukuze ulungiselele okukhiphayo kolwazi esimweni sokuphahlazeka kwesistimu (isimo sokwethuka). Kwengezwe ipharamitha
/proc/sys/kernel/threads-max ukuchaza inani eliphezulu lemicu engenziwa umsebenzi wefork(). Kwengezwe /proc/sys/net/bpf_jit_enable inketho yokulawula ukuthi isihlanganisi se-JIT sinikwe amandla ku-BPF. - I-algorithm yokuqalisa ye-dnf-automatic.timer ishintshiwe ukuze kushayelwe inqubo yokufaka isibuyekezo esizenzakalelayo. Esikhundleni sokusebenzisa isibali-sikhathi esingalawuleki esiholela ekusebenzeni ngesikhathi esingalindelekile ngemva kokuqaliswa, iyunithi eshiwo manje iqala phakathi kuka-6 no-7 am. Uma ngalesi sikhathi isistimu ivaliwe, kodwa iqala phakathi nehora ngemva kokuyivula.
- Amamojula anamagatsha amasha e-Python 3.8 (yayingu-3.6) kanye ne-Maven 3.6 engeziwe endaweni yokugcina ye-AppStream. Amaphakheji abuyekeziwe ane-GCC 9.2.1, Clang/LLVM 9.0.1, Rust 1.41 kanye ne-Go 1.13.
- Izinguqulo zephakheji ezibuyekeziwe ze-powertop 2.11 (ngosekelo lwezingxenyekazi ze-EHL, TGL, ICL/ICX), i-opencv 3.4.6, ishuniwe 2.13.0, rsyslog 8.1911.0, audit 3.0-0.14, fapolicyd 0.9.1-2, sudo 1.8.29 - 3.el8,
firewalld 0.8, tpm2-tools 3.2.1, mod_md (nokusekelwa kwe-ACMEv2), grafana 6.3.6, pcp 5.0.2, elfutils 0.178, SystemTap 4.2, 389-ds-base 1.4.2.4,
i-samba 4.11.2. - Kwengezwe amaphakheji amasha i-whois, i-graphviz-python3 (asakazwe ngendawo yokugcina ye-CRB engasekelwe (CodeReady Linux Builder), perl-LDAP, perl-Convert-ASN1.
- Iseva ye-BIND DNS ibuyekezelwe kunguqulo 9.11.13 futhi yashintshelwa ekusebenziseni isizindalwazi esibophezelayo sendawo ye-GeoIP2 ngefomethi ye-libmaxminddb esikhundleni se-GeoIP ephelelwe yisikhathi, engasasekelwa. Kwengezwe izilungiselelo ze-serve-stale (stale-answer), ezikuvumela ukuthi ubuyisele amarekhodi e-DNS aphelelwe yisikhathi uma kungenakwenzeka ukuthola amasha.
- I-omhttp plugin yengezwe ku-rsyslog ukuze kusetshenziswe isixhumi esibonakalayo se-HTTP REST.
- Izinguquko ezihambisana ne-Linux 5.5 kernel zidluliselwe kusistimu engaphansi yokuhlola.
- I-plugin ye-setroubleshoot yengeze usekelo lokuhlaziya ukwehluleka kokufinyelela ngenxa yokuphuma kwememori nokuphendula ngokuzenzekelayo ukuze kuxazululwe izinkinga ezinjalo.
- Abasebenzisi abakhawulelwe yi-SELinux banikezwa amandla okulawula amasevisi ahlotshaniswa neseshini yomsebenzisi. I-Semanage yengeze ukwesekwa kokuhlola nokushintsha izimbobo zenethiwekhi ze-SCTP ne-DCCP (ngaphambilini i-TCP ne-UDP bezisekelwa). Amasevisi lvmdbusd (D-Bus API for LVM), lldpd, rrdcached, stratisd, timedatex acutshungulwa ngaphansi kwezizinda zawo ze-SELinux.
- I-Firewalld iyiswe kusixhumi esibonakalayo se-libnftables JSON lapho isebenzisana nama-nfttables, okubangele ekwenyukeni kokusebenza nokuthembeka. I-nftables yengeza usekelo lwezinhlobo ze-multidimensional kusethi ye-IP, engafaka izinyunyana nobubanzi. Imithetho ye-Firewalld manje ingasebenzisa izibambi ukuqapha ukuxhumeka kumasevisi asebenza ezimbobeni zenethiwekhi ezingajwayelekile.
- I-tc (Traffic Control) i-kernel subsystem inikeza ukwesekwa okuphelele
I-eBPF, ekuvumela ukuthi usebenzise insiza ye-tc ukunamathisela izinhlelo ze-eBPF ukuze uhlukanise amaphakethe futhi ucubungule olayini abangenayo nabaphumayo. - Ukwesekwa okuzinzile kwamanye amasistimu angaphansi kwe-eBPF sekuqalisiwe: ikhithi yamathuluzi ye-BCC (BPF Compiler Collection) nomtapo wolwazi wokudala izinhlelo ze-BPF zokulandela nokulungisa amaphutha, ukusekelwa kwe-eBPF ku-tc. Izingxenye ze-bpftrace ne-eXpress Data Path (XDP) zisala esigabeni sokubuka kuqala ubuchwepheshe.
- Izingxenye zesikhathi sangempela (i-kernel-rt) zivunyelaniswa nesethi yeziqephu ze-5.2.21-rt13 kernel.
- Manje sekungenzeka ukuqalisa inqubo ye-rngd (i-daemon yokondla i-entropy ibe igenerator yenombolo-mbumbulu) ngaphandle kwamalungelo ezimpande.
- I-LVM yengeze usekelo lwendlela yokulondoloza isikhashana ye-dm-writecache ngaphezu kwe-dm-cache eyayitholakala ngaphambilini. I-Dm-cache igcina imisebenzi esetshenziswa kakhulu yokubhala nokufunda, futhi i-dm-writecache inqolobane ibhala kuphela imisebenzi ngokuyibeka kuqala ku-SSD esheshayo noma kumidiya ye-PMEM bese iyihambisa kudiski enensayo ngemuva.
- I-XFS yengeze usekelo lwemodi yokubhala emuva eqaphela i-cgroup.
- I-FUSE yengeze ukusekelwa komsebenzi we-copy_file_range(), okuvumela ukuthi usheshise ukukopisha idatha kusuka kwelinye ifayela kuya kwelinye ngokwenza umsebenzi ohlangothini lwe-kernel ngaphandle kokuqala ukufunda idatha kumemori yenqubo. Ukulungiselelwa kubonakala ngokucacile ku-GlusterFS.
- Kwengezwe inketho ethi β--preloadβ kusixhumi esiguqukayo, okukuvumela ukuthi ucacise ngokusobala amalabhulali azophoqwa ukuthi alayishwe ngohlelo lokusebenza. Le nketho yenza kube nokwenzeka ukugwema ukusebenzisa okuguquguqukayo kwemvelo kwe-LD_PRELOAD, okuzuzwa izinqubo zezingane.
- I-hypervisor ye-KVM inikeza ukwesekwa okugcwele kokusebenza kwemishini ebonakalayo.
- Abashayeli abasha bengeziwe, kuhlanganise
gVNIC, Broadcom UniMAC MDIO, Software iWARP, DRM VRAM, cpuidle-haltpoll, stm_ftrace, stm_console,
I-Intel Trace Hub, i-PMEM DAX,
I-Intel PMC Core,
Intel RAPL
I-Intel Runtime Average Power Limit (RAPL). - I-DSA, i-TLS 1.0 ne-TLS 1.1 eyehlisiwe akhutshaziwe ngokuzenzakalela futhi atholakala kuphela ku-LEGACY suite.
- Kunikezwe usekelo lokuhlola (I-Technology Preview) lwe-nmstate, AF_XDP, XDP, KTLS, dracut, kexec reboot fast, eBPF, libbpf, igc, NVMe over TCP/IP, DAX in ext4 and xfs, OverlayFS, Stratis, DNSSEC, GNOME kumasistimu e-ARM , AMD SEV ye-KVM, Intel vGPU
Source: opennet.ru