Table of Contents

• Title and Copyright Information
• Preface
  • Documentation License
  • Conventions
  • Documentation Accessibility
  • Access to Oracle Support for Accessibility
  • Diversity and Inclusion
• 1 About Oracle Linux 10
  • System Requirements and Limitations
  • Available Architectures
  • Shipped Kernels
  • About the Unbreakable Enterprise Kernel
  • User Space Compatibility
  • Obtaining Installation Images
  • Preparing Installation Media
    • USB Flash Drive
    • DVD or CD
  • Upgrading From Previous Oracle Linux Releases
• 2 New Features and Changes
  • Installation and Boot
    • Image Builder Disk Images Have Predictable Network Interface Names
    • New Users Made Administrators by Default in the Installer
    • NVMe Over Fabrics Devices Available in Installer
    • Remote Desktop Protocol Replaces Virtual Network Computing
    • Enhanced Kickstart Provides Encrypted DNS Configuration
    • Disk Images Can Have Consistent Default Locale and Timezone
    • grub2 Released at Version 2.12
  • Operating System and Software Management
    • dnf-plugins-core Released at Version 4.7.0
    • Filelists Metadata No Longer Downloaded
    • Consolidation of PGP Key Verification in DNF and RPM
    • createrepo_c Package Added
    • Improved Package Upgrades With DNF and Related Tools
    • RPM Database Moved for Simplified System Snapshots
    • Enhanced Control Over Stale Processes With the --exclude-services Flag
  • Shells and Command Line Tools
    • ksh Released at Version 1.0.10 (93u+m)
    • Systemd Released at Version 257
    • ReaR Released at Version 2.9
    • Automatic tmux Session Startup at Boot Time for Specific Users
    • Changes to polkit-rules Directory Visibility and Permissions
  • Compilers and Development Tools
    • GCC Released at Version 14.2
    • GCC Released at 14 x86-64-v3 Default
    • annobin Released at Version 12.55
    • binutils Released at Version 2.41
    • Gnu ld linker --section-ordering-file option
    • glibc Released at Version 2.39
    • glibc AMD Zen 3 and 4 Optimizations
    • glibc Intel APX-enabled Dynamic Linking of Functions
    • GDB Released at Version 14.2
    • elfutils Released at Version 0.192
    • SystemTap Released at Version 5.2
    • Valgrind Released at Version 3.24.0
    • Dyninst Version 12.3.0 Available
    • libabigail Released at Version 2.6
    • LLVM Toolset Released at Version 19.1.7
    • llvm-doc Package Update
    • Rust Toolset Released at Version 1.84
    • Go Toolset Released at Version 1.23
    • PCP Released at Version 6.3.2
    • Grafana-PCP Plugin Update
    • Valkey Replaces Redis
    • zlib-ng-compat Replaces zlib
    • SWIG Released at Version 4.2.1
    • OpenJDK Released at Version 21
    • debugedit Version 5.1
    • cmake 3.30.5
    • .NET 9.0 and 8.0
  • Dynamic Programming Languages, Web and Database Servers
    • Python Released at Version 3.12
    • Perl Released at Version 5.40
    • Ruby Released at Version 3.3.7
    • Node.js Released at Version 22
    • MySQL Released at Version 8.4
  • File Systems and Storage
    • cryptsetup Released at Version 2.7
    • Snapshot Manager
    • device-mapper-multipath Released at Version 0.9.9
    • dm-vdo Module for RHCK
    • NVMe SED Available
    • NFS with TLS Support
    • Atomic Write
  • High Availability and Clusters
    • Pacemaker Released at Version 2.1.8
    • pcs status wait Command Added
    • --output-format Option Available for pcs Commands
    • HA Cluster Management Web UI
    • pcs Validation on Resource Creation and Update
    • pcs Confirmation Option For Destructive Actions
    • pcs Command to Query the Status of Resources
    • Deleting Several Resources With a Single pcs Command
    • Creating Globally Unique Cluster Resource Clones
    • Updated Date Specification and Duration Options in Pacemaker Rules
  • Infrastructure Services
    • cups-browsed Daemon Not Configured by Default
    • tuned-ppd Available
    • Root GECOS Field Is Super User
    • dnsconfd Added
    • Kea DHCP Server
  • Networking
    • Enable Duplicate Address Detection for IPv4 in NetworkManager
    • xdp-tools Released at Version 1.5.1
    • nftables Released at Versions 1.1.1
    • iptables Released at Version 1.8.11
    • firewalld Released at Version 2.3.0
    • nmstate Includes the require-id-on-certificate Setting for Libreswan Configuration
    • Automatic Reset for Problematic SR-IOV Virtual Functions in i40e Driver for RHCK
  • Security
    • keylime-agent-rust Released at Version 0.2.7
    • Libreswan Released at Version 5.2
    • Libreswan Improved Adding Connection Speed
    • OpenSSH Released at Version 9.9
    • libkcapi Released at Version 1.5.0
    • p11-kit Released at Version 0.25.5
    • setools Released at Version 4.5.0
    • NSS Released at Version 3.101
    • gnutls Released at Version 3.8.9
    • clevis Released at Version 21
    • jose Released at Version 14
    • openCryptoki Released at Version 3.24.0
    • SELinux Userspace Component Updated in Version 3.8
    • polkit Released at Version 125
    • SCAP Security Guide Released at Version 0.1.76
    • OpenSCAP Released at Version 1.4.1
    • libssh Released at Version 0.11.1
    • OpenSC Released at Version 0.26.1
    • Rsyslog Released at Version 8.2412.0
    • setroubleshoot Released at Version 3.3.35
    • Keylime Released at Version 7.12
    • nettle Library Released at Version 3.10.1
    • OpenSSL pkcs11-provider Hardware Tokens
    • pkcs11-provider New Custom Configurations
    • /var/run = /run in SELinux Policy
    • Stricter SSH Host Key Permissions
    • pkeyutl Encapsulation and Decapsulation
    • OpenSSL New no-atexit Option
    • OpenSSL FIPS-Compliant PKCS #12 Files
    • GnuTLS Certificate Compression
    • DEFAULT Cryptographic Policy Includes New Scopes
    • FIPS Mode OpenSSH Generates RSA Keys by Default
    • NSS FIPS-Compliant PKCS #12 Files
    • New SELinux Policy libvirt Services Rules
    • SELinux Policy Confinement for More Services
    • dmesg Hardening for Administrator Privileges
    • Flatpak Applications can now use Smart Card Functionality (opensc)
    • tpm2-openssl New Package
    • Enhanced Audit Event Filtering and Forwarding
    • Optimized SELinux Policy Packaging for EPEL
    • Group Merging Added in authselect
    • authselect Is a Required Component of PAM
    • authselect Local Profile Replaces SSSD Files Provider
    • New SSSD exop_force Option
    • SSSD can Run With Reduced Privileges
    • KnownHostsCommand Added to SSSD
  • Cockpit Web Console
    • cockpit-files Package Added
  • Containers
    • Podman Released at Version 5.4
    • Buildah Artifact Manifests
    • Disable Podman Healthcheck Events
    • Persistent Changes to Resources
    • Default Settings for Podman Version 5.0
    • Handling Compatible Volumes
    • podman pod inspect Returns a JSON Array
    • Customizable Healthcheck Output in Podman
    • Container Storage Configuration File Moved
  • Support
    • sos is Updated
• 3 Deprecated Features
  • Installation
    • Cockpit Composer
    • SquashFS
    • Gdisk
    • Module Kickstart Command
    • Inst.gpt Boot Option
  • Compilers and Development Tools
    • Utmp and Utmpx Interfaces
    • Nodejs 18 Deprecation
  • Networking
    • Ipset
  • Security
    • ENGINE API in OpenSSL
    • Crypto Policies
    • HMAC-SHA-1 in FIPS Mode
  • File Systems and Storage
    • SquashFS
  • High Availability and Clusters
    • Deprecated High Availability Add-On Features
  • Containers
    • Runc Container Runtime
    • Tzdata Package
    • Podman v5.0 Deprecations
  • Virtualization
    • Virt Manager
    • Libvirtd
    • SecureBoot Image Verification
    • Virtual Floppy Driver
    • Qcow2-v2 Image Format
  • Deprecated Packages
• 4 Removed Features
  • Installer and Image Creation
    • Authconfig Commands
    • Inst.xdriver and Inst.usefbx Options
    • Capturing Screenshots from the Anaconda GUI
    • Removed Boot Options
    • Automatic Bug Reporting System
    • Timezone Kickstart Command Options
    • Logging Kickstart Command Parameter
    • Support for %anaconda Kickstart Command
    • Pwpolicy Kickstart Command
    • Support for Adding Additional Repositories from GUI
    • Support for LUKS Version Selection from Anaconda
    • Initial-Setup Package
    • Anaconda Built-in Help
    • Teaming Options from the Network Kickstart Command
    • NVDIMM Reconfiguration Support during the Installation Process
    • Options from %packages
  • Security
    • Scap-Workbench
    • Oscap-Anaconda-Addon
    • DSA and SEED Algorithms
    • Fips-Mode-Setup
    • /etc/system-fips
    • TLS HeartBeat
    • SRP Authentication
    • Keylime HTTP
    • DEFAULT Cryptographic Policy
    • Ca-Certificates Trust Store
    • LEGACY Cryptographic Policy
    • Pam_Ssh_Agent_Auth
    • OpenSSL SHA-1 in TLS
    • Stunnel OpenSSL ENGINE API
    • OpenSSL Engines
    • Libsss_Simpleifp Subpackage
    • SSSD Files Provider
    • Ad-Allow-Remote-Domain-Local-Groups Option
    • Reconnection_Retries Option
  • Software Management
    • Libreport Library
    • Dnf Debug Plug-in
    • Numberless %patch Syntax
  • Infrastructure Services
    • Removed Packages
    • Rename of Gpsd
    • ISC Kea DHCP Server Solution
  • Networking
    • ATM Encapsulation
    • Dhcp-Client Package
    • Mlx4 Driver
  • Kernel
    • Kexec_Load System Call
    • Crash --log Dumpfile Option
  • File Systems and Storage
    • Support for NVMe Devices in lsscsi and sg3_utils
    • VDO Sysfs Parameters
    • Support for GFS2 File Systems
    • Support for Block Translation Table Driver
    • Nvme_Core.Multipath Parameter
    • Md-Faulty and Md-Multipath Modules
  • High Availability and Clusters
    • pcsd Web UI
    • Removed and Updated Pacemaker CIB Elements
  • Compilers and Development Tools
    • Linking against 32-bit Packages
    • Perl(Mail::Sender) Module
  • Containers
    • Runc Container Runtime
    • Cgroupv1
• 5 Known Issues
  • Installation Issues
    • RDP Install Error
  • Kernel Issues
    • Console Font Loading Failure Messages During systemd-vconsole-setup With UEK 8
• 6 Package Changes From the Upstream Release
  • Changes to Binary Packages
    • Added Binary Packages for BaseOS by Oracle
    • Added Binary Packages for AppStream by Oracle
    • Added Binary Packages for CodeReady Linux Builder by Oracle
    • Modified BaseOS Binary Packages
    • Modified Binary Packages for CodeReady Linux Builder by Oracle
    • Modified AppStream Binary Packages
    • Removed BaseOS Binary Packages
    • Removed AppStream Binary Packages
    • Removed CodeReady Linux Builder Binary Packages
  • Changes to Source Packages
    • Added Source Packages for BaseOS by Oracle
    • Added Source Packages for AppStream by Oracle
    • Modified BaseOS Source Packages
    • Modified AppStream Source Packages
    • Removed BaseOS Source Packages
    • Removed AppStream Source Packages