3 New Features and Changes
The following new features and changes are included in Oracle Linux 7.7 (aarch64).
For details about the new features and changes in the initial release of Oracle Linux 7, see Oracle Linux 7: Release Notes for Oracle Linux 7. Note that support for the 64-bit Arm platform started with the Oracle Linux 7: Release Notes for Oracle Linux 7.6 (aarch64) release. Changes that are described in this document are subsequent to the changes that are described in the release notes for that initial release.
Graphical Installation Program Enhancement
In Oracle Linux 7.7 (aarch64), the graphical installation program has been enhanced to detect whether Simultaneous Multithreading (SMT) is enabled on the system. If the feature is enabled, a message is displayed at the bottom of the Installation Summary screen. SMT enables the execution of multiple threads on a single physical CPU core, which can improve performance. Note that the use of SMT is only possible where the CPU is SMT-capable.
DTrace
DTrace is enabled for 64-bit Arm platforms and ports of the DTrace code are available in UEK R5. Refer to Unbreakable Enterprise Kernel: Release Notes for Unbreakable Enterprise Kernel Release 5 Update 2 (4.14.35-1902) for more information.
The DTrace user-space code in the dtrace-utils
package has also all been
ported to run on 64-bit Arm platforms to fully enable DTrace for Oracle Linux 7.7 (aarch64)
Developer and Compiler Tools
The following developer tools, features, and enhancements are included in this update:
-
gcc-libraries
packages updated to version 8.3.1This version of the GNU Compiler Collection (GCC) introduces several bug fixes and enhancements over the previous GCC version.
-
linuxptp
packages updated to version 2.0This version of the
linuxptp
compiler tool introduces several bug fixes and improvements over the previous version. -
Python version 3.6 available
This update includes
python3
packages, which provide the Python 3.6 interpreter and thepip
andsetuptools
tools. Previously, these packages were only available as a part of software collections.
Developer Toolchain
The Oracle Linux 7.7 (aarch64) release includes a toolchain that provides a solid
developer toolset to build code for 64-bit Arm platforms and
compile modules against the provided kernel. The toolchain
includes version 7.3 of the gcc
compiler,
which is used to build the aarch64 version of UEK R5.
Developer tools are released as a software collection that can
be found in the /addons/Oscl
directory
repository on the provided ISO. You can install the
oracle-armtoolset-1
software collection by
using the yum command:
sudo yum install scl-utils oracle-armtoolset-1
After the oracle-armtoolset-1
software
collection is installed, enable it by running the following
command:
sudo scl enable oracle-armtoolset-1 bash
The oracle-armtoolset-1
software collection is released as an addition to
the Software Collection Library for Oracle Linux and is only available on aarch64 platforms.
Note:
The oracle-armtoolset-1
software collection is required if you need to
build kernel modules from source.
Networking
The following networking features, bug fixes, and enhancements are included in this update:
-
NetworkManager includes capability for VLAN filtering on bridge interfaces
This enhancement enables you to configure virtual LAN (VLAN) filtering on bridge interfaces in the corresponding
NetworkManager
connection profiles, as well as define VLANs directly on bridge ports. -
NetworkManager includes capability for configuring policy routing rules
This enhancement enables you to configure rules as part of a connection profile,which means that
NetworkManager
now adds the rules when the profile is activated and removes the rules when the profile is deactivated. Previously, you would have had to set up policy routing rules outside ofNetworkManager
by using the dispatcher script provided in theNetworkManager-dispatcher-routing-rules
package.
Security
The following security features, bug fixes, and enhancements are included in this update:
-
Network Security Services (NSS) package updates
This update introduces several NSS changes, including several bug fixes, security enhancements, and improvements over the previous NSS version.
Notably, the NSS code and Certificate Authority (CA) list now meets the recommendations that are published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI).
-
SCAP Security Guide enhancement to include Universal Base Image containers and images
The security policies in the SCAP Security Guide been enhanced to include Universal Base Image (UBI) containers and UBI images, which also includes
ubi-minimal
images. This enhancement enables the configuration compliance scanning of UBI containers and images by using the atomic scan command. UBI containers and images can now be scanned against any profile that is shipped in the SCAP Security Guide, with only those rules that are relevant to the secure configuration of UBI being evaluated. Any rules that are inapplicable to UBI images and containers are automatically skipped. -
scap-security-guide packages updated to version 0.1.43
As of this update, the
scap-security-guide
packages are updated to version 0.1.43 in this update. This version of thescap-security-guide
packages provides several bug fixes and enhancements over the previous version. -
shadow-utils packages updated to version 4.6
The
shadow-utils
packages have been updated to version 4.6 in this update. This version of theshadow-utils
packages provides several bug fixes and enhancements over the previous version, including the new newuidmap and newgidmap commands for manipulating name space mapping for UID and GID. -
tangd_port_t SElinux type added
Oracle Linux 7.7 (aarch64) includes the
tangd_port_t
SELinux type. This SELinux type enables thetangd
service to run as confined while in SELinux enforcing mode, which simplifies the configuration of a Tang server to enable listening on a user-defined port, while preserving the security level that SELinux provides when in enforcing mode.
Infrastructure Services
The following server and services features, bug fixes, and enhancements are included in this update:
Tuned Updates
As of this update, the tuned
packages are
updated to version 2.11. This version of Tuned provides
several bug fixes and enhancements over the previous version,
including the following: added support for the boot loader
specification, an updated virtual-host
profile, the addition of a range feature for CPU exclusion,
and other important improvements.
Chrony Updates
As of this update, the chrony
packages are
updated to version 3.4. This version of Chrony provides
several bug fixes and enhancements over the previous version,
including the following: hardware time-standing improvements,
extended polling interval ranges, the addition of the burst
and filter options to NTP sources, and other important
improvements.
Technology Preview
The following information is specific to features in Oracle Linux 7.7 (aarch64) that are not supported, but may be made available under technology preview.
Note:
Features that are currently under technology preview when using UEK R5 are described in Unbreakable Enterprise Kernel: Release Notes for Unbreakable Enterprise Kernel Release 5 Update 2 (4.14.35-1902).
Oracle makes available an Oracle Linux 7.7 (aarch64) disk image for use on Raspberry Pi™ 3 Model B+ hardware as a technology preview for developer use only. Oracle does not provide support for the disk image or the hardware. Developers are encouraged to visit the Oracle Linux for Arm community forum at https://community.oracle.com/community/technology_network_community/server_%26_storage_systems/linux/oracle-linux-for-arm for further assistance.