3.16 Virtualization

Oracle Linux 8 introduces the following virtualization features, enhancements, and changes:

  • 5-level paging added to KVM.  In Oracle Linux 8, Kernel-based Virtual Machine (KVM) virtualization enables the 5-level paging feature for hardware that can support this feature. This enhancement significantly increases the physical and virtual address space that the host and guest systems can use.

  • UMIP added to KVM.  Oracle Linux 8 includes the addition of the User Mode Instruction Prevention (UMIP) feature for KVM virtualization. This security enhancement assists in preventing user-space applications from accessing system-wide settings, resulting in a reduction in the potential vectors for privilege escalation attacks.

  • Additional information included in KVM guest crash reports.  In this release, the crash information that KVM hypervisor generates if a guest terminates unexpectedly or becomes unresponsive includes additional information, which makes it easier to diagnose and fix problems when using KVM virtualization.

  • qemu-kvm updated to version 2.12.  Oracle Linux 8 provides the qemu-kvm 2.12 package. This version of qemu-kvm includes numerous bug fixes and improvements over the previously supported 1.5.3 version.

  • NVIDIA vGPU compatible with the VNC console.  As of Oracle Linux 8, you can use the VNC console to display the visual output of the guest when using the NVIDIA virtual GPU (vGPU) feature.

  • Virtualization for Ceph added.  In this release, Ceph storage is supported by KVM virtualization on all CPU architectures that are supported by Oracle Linux.

  • Virtualization for Q35 machine type added.  Oracle Linux 8 provides the Q35 machine type, which is a more modern PCI Express-based machine type. Feature changes include a wide variety of improvements and performance enhancements for virtual devices, which ensure that a wider range of modern devices are compatible with virtualization features. Note that any virtual machines (VMs) that you create in Oracle Linux 8 are set to use the Q35 machine type by default.

  • QEMU sandboxing added.  In Oracle Linux 8, the QEMU emulator introduces sandboxing, which is enabled and configured by default. Sandboxing provides configurable limitations for the system calls that QEMU can perform, thereby making VMs more secure.

  • Mounting ephemeral disks on VMs running on Microsoft Azure works more reliably in Oracle Linux 8.  An improvement has been made in Oracle Linux 8 to ensure that reconnecting an ephemeral disk on a VM that is running on the Microsoft Azure platform is handled correctly and does not fail if the disk was recently detached from the VM, which was the case in previous releases.