1. Release Notes for Oracle Linux 8.1
  2. New Features and Changes

2 New Features and Changes

This chapter describes the new features, major enhancements, bug fixes, and other changes that are included in this release of Oracle Linux 8.

Installation and Image Creation

Oracle Linux 8.1 introduces the following notable installation and image creation features and improvements:

  • Ability to disable modules during a kickstart installation

    You can now disable a module during a kickstart installation to prevent packages from that module from being installed. Use the following command to disable a module during a kickstart installation: 

    sudo module --name=module-name --stream=stream-name--disable

  • New repo.git blueprint section added to lorax-composer

    The new repo.git blueprint section enables you to include extra files in your image build. Note that the files must be hosted in a git repository that is accessible from the lorax-composer build server.

  • Image builder includes image creation capability for more cloud providers

    Image Builder has been expanded in Oracle Linux 8.1 to include other cloud providers for which it can create an image. For example, you can now create and deploy images on Google Cloud and Alibaba Cloud, as well as run custom instances on these platforms.

Red Hat Compatible Kernel

The following notable features, enhancements, and changes apply to the Red Hat Compatible Kernel (RHCK) that is shipped with Oracle Linux 8.1.

  • Early Kdump

    The early Kdump feature enables the crash kernel and initramfs to load early so that vmcore can be captured early enough to also include information about early crashes. More details about early kdump can be found in the /usr/share/doc/kexec-tools/early-kdump-howto.txt file. See also Working With Kernel Dumps in Oracle Linux 8: Monitoring and Tuning a System.

  • ipcmni_extend kernel command-line parameter added

    The new ipcmni_extend kernel command-line parameter extends a number of unique System V Inter-process Communication (IPC) identifiers from the current maximum of 32 KB (15 bits), up to 16 MB (24 bits). This enhancement enables users with applications that produce a large amount of shared memory segments to create a stronger IPC identifier, without exceeding the 32 KB limit.

    It should be noted that in some cases, use of the ipcmni_extend parameter can result in minor performance issues. You should therefore only use this parameter in situations where applications require more than 32 KB of a unique IPC identifier.

  • Persistent memory initialization code includes parallel initialization

    The inclusion of parallel initialization to the persistent memory initialization code greatly reduces the overall memory initialization time on systems that have large amounts of persistent memory. As a result, these systems boot much faster.

  • Optane DC memory systems include capability for EDAC reports

    With this update, EDAC (Error Detection and Correction) properly reports memory corrected/uncorrected events with the accurate memory module information. Previously, EDAC did not properly report these events if the memory address was within a NVDIMM module.

    This update also includes the Memory Mode for Optane DC Persistent Memory technology.

  • TPM tool updated to version 2.0

    The tpm2-tools user-space tool has been updated to version 2.0. This version of the Trusted Platform Module (TPM) tool provides fixes for several defects.

  • UBSan utility enabled in the debug kernel

    The Undefined Behavior Sanitizer (UBSan) utility has been enabled in the debug kernel to enable the system to more easily detect certain types of bugs that previously went undetected; for example, in the case of compiler optimization, where subtle, obscure bugs might appear.

  • bpftrace language added

    Oracle Linux 8.1 includes the bpftrace language, a high-level tracing language for extended Berkeley Packet Filter (eBPF) that is used for very specific tracing tasks. A significant benefit of using bpftrace is that you can accomplish the same outcome with one line in bpftrace, as compared to an entire page of code that mixes the Python and C languages in the BPF Compiler Collection (BCC) library.

  • kernel-rt source tree matches latest Oracle Linux tree

    Sources for the kernel-rt source tree have been upgraded so that they are based on the latest RHCK kernel source tree. This change provides a number of bug fixes and enhancements over the previous version.

  • ssdd test added for Real Time 8

    This update includes the ssdd test for Real Time 8, which is used for stress testing of the tracing subsystem. The test runs multiple tracing threads to verify that locking is correct within the tracing system.

Corosync and Pacemaker Included in Oracle Linux 8.1.

The Corosync version 3.0.2 and Pacemaker version 2.0.2 software packages are included in Oracle Linux 8.1. This software is used for clustering and high availability.

Cockpit Web Console

In Oracle Linux 8.1, the following features, enhancements, and changes for the Cockpit web console are introduced:

  • Capability for SMT configuration by using the Cockpit web console

    Oracle Linux 8.1 includes capability for Simultaneous Multi-Threading (SMT) configuration, which also includes the ability to disable SMT in the Cockpit web console. This added capability enables you to mitigate a class of CPU security vulnerabilities, such as Microarchitectural Data Sampling and L1 Terminal Fault Attack.

    Note:

    When SMT is disabled on the system, options for SMT are not displayed in the Cockpit web console. See Oracle® Linux: Simultaneous Multithreading Notice for more details.

  • Services page improvements

    To improve the user experience in this update, the web console's Services page has been updated to include a search box that enables you to search services by name and description. Other improvements include the following: service states have been merged into one list, and the switcher buttons that were located at the top of the page have been replaced with tabs.

  • Networking page updated with new firewall settings

    Additional firewall settings have been added to the web console's Networking page, including capability for the following: adding and removing zones, adding and removing services to arbitrary zones, and custom port configuration for the firewalld services.

  • Improvements to Virtual Machines page

    Several improvements have been made to the web console's Virtual Machines page. For example, in this update, you can do the following:

    • Manage various types of storage pools.

    • Configure autostart for a virtual machine (VM).

    • Import existing qcow images.

    • Install VMs by using PXE boot.

    • Change a VM's memory allocation.

    • Pause and resume a VM.

    • Configure cache characteristics.

    • Change the boot order for a VM.

Compilers and Developer Tools

Oracle Linux 8.1 introduces the following feature enhancements and changes for compilers and developer tools.

GCC Toolset 9

Oracle Linux 8.1 introduces the GCC Toolset 9, which is an Application Stream that is distributed in the form of a Software Collection in the appstream_beta repository. The GCC Toolset is similar to the Oracle Linux Developer Toolset.

The GCC Toolset 9 contains up-to-date versions of the following developer tools:

  • GCC version 9.1.1

  • GDB version 8.3

  • Valgrind version 3.15.0

  • SystemTap version 4.1

  • Dyninst version 10.1.0

  • binutils version 2.32

  • elfutils version 0.176

  • dwz version 0.12

  • make version 4.2.1

  • strace version 5.1

  • ltraceversion 0.7.91

To install the toolset, use the following command: 

sudo dnf install gcc-toolset-9

You can run a tool from GCC Toolset 9 by using the following command: 

scl enable gcc-toolset-9 tool

Use the following command to run a shell session, where tool versions from the GCC Toolset 9 take precedence over system versions of the same tools: 

scl enable gcc-toolset-9 bash

Compiler Toolsets Updated

The following compiler toolsets have been updated. These toolsets are distributed as Application Streams in Oracle Linux 8.1:

  • Clang and LLVM toolset upgraded to version 8.0.0

    This toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis, to version 8.0.0

  • Rust toolset upgraded to version 1.35

    This toolset provides the Rust programming language compiler (rustc), the cargo build tool and dependency manager, and any required libraries.

  • Go toolset upgraded to version 1.12.6

    This toolset provides the Go (golang) programming language tools and libraries.

SystemTap Updated to Version 4.1

The SystemTap instrumentation tool has been updated to upstream version 4.1 in this update. This version of SystemTab provides several improvements over the previous version of the tool, including the following:

  • The eBPF runtime backend can now handle more features of the scripting language, such as string variables and rich formatted printing.

  • Translator performance improvements.

  • More types of data in optimized C code can be extracted by using DWARF4 debuginfo constructs.

elfutils Updated to Version 0.176

The elfutils packages have been updated to version 0.176 in this update. This version of elfutils provides numerous bug fixes and resolves the following vulnerabilities:

  • CVE-2019-7146

  • CVE-2019-7149

  • CVE-2019-7150

  • CVE-2019-7664

  • CVE-2019-7665

Date Formatting for Japanese Reiwa Era Updated

In Oracle Linux 8.1, the GNU C Library has been updated to include correct Japanese era name formatting for the Reiwa era (effective May 1st, 2019). Also, the time-handling API data, which includes the data that is used by the strftime and strptime functions, has been updated. As a result, all APIs now correctly print the Reiwa era, including when strftime is used with one of the era conversion specifiers, such as %EC, %EY, or %Ey.

Database

This release of Oracle Linux 8 ships with version 8.0 of the MySQL database software.

File Systems and Storage

Oracle Linux 8.1 introduces the following notable file systems and storage features, enhancements, and changes:

  • Btrfs file system removed from RHCK

    The Btrfs file system is removed from RHCK in Oracle Linux 8. As such, you cannot create or mount Btrfs file systems when using this kernel. Also, any Btrfs user-space packages that are provided are not supported with RHCK.

  • OCFS2 file system removed from RHCK

    The Oracle Cluster File System version 2 (OCFS2) file system is removed from RHCK in Oracle Linux 8. As such, you cannot create or mount OCFS2 file systems when using this kernel. Also, any OCFS2 user-space packages that are provided are not supported with RHCK.

  • Data Integrity Field/Data Integrity Extension available in Oracle Linux 8.1

    The Data Integrity Field/Data Integrity Extension (DIF/DIX) feature is available on configurations where the hardware vendor has qualified the configuration and which includes that host bus adapter (HBA) and storage array configuration. The DIF/DIX feature is enabled and disabled on the storage device. The method that is used to activate the feature on storage devices is device-dependent.

    Note:

    DIF/DIX is not available for use on the boot device or on virtualized guests. Using the Automatic Storage Management library (ASMLib) when DIF/DIX is enabled is also not supported.

  • VDO Ansible module moved to Ansible packages

    In this update, the VDO Ansible module is provided by the ansible package and is located in /usr/lib/python3.6/site-packages/ansible/modules/system/vdo.py. In previous updates, the module was provided by the vdo RPM package and was located in /usr/share/doc/vdo/examples/ansible/vdo.py.

    Note that the vdo package continues to distribute the Ansible playbook.

  • Aero adapters

    The following two Aero adapters are included in Oracle Linux 8.1:

    • PCI ID 0x1000:0x00e2 and 0x1000:0x00e6. These adapters are controlled by the mpt3sas driver.

    • PCI ID 0x1000:Ox10e5 and 0x1000:0x10e6. These adapters are controlled by the megaraid_sas driver.

    Previously, these adapters were available as a Technology Preview only.

Infrastructure Services

Oracle Linux 8.1 introduces the following infrastructure services features, enhancements, and changes:

  • Chrony updated to version 3.5

    The chrony packages have been updated to version 3.5. This version of Chrony provides several bug fixes and enhancements over the previous version. Some of the more notable changes include the following:

    • More accurate synchronization of the system clock with hardware timestamping in the kernel.

    • Important improvements to hardware timestamping.

    • The range of available polling intervals has been extended.

    • NTP sources include a filter option.

  • Tuned updated to version 2.12

    The tuned packages are updated to version 2.12 in this update. This version of Tuned provides several bug fixes and enhancements over the previous version. Some of the more notable changes include the following:

    • An issue related to the handling of removed and re-attached devices has been fixed.

    • Negation of a CPU list has been added.

    • The sysctl tool is replaced by a new implementation that is specific to Tuned. This change improves the performance of the run-time kernel parameter.

Memory Mode Technology for Intel Optane DC Persistent Memory Feature Added

Memory Mode for the Intel Optane DC Persistent Memory technology has been added in Oracle Linux 8.1. This technology is transparent to the operating system and does not require any special drivers or specific certification.

Networking

This release of Oracle Linux 8 introduces the following features, enhancements, and improvements.

PMTU Discovery and Route Redirection for VXLANs and GENEVE Tunnels Added

In this update, the kernel can handle Internet Control Message Protocol (ICMP) "Destination Unreachable" and "Redirect Message" errors. The kernel can also handle ICMPv6 "Packet Too Big" and "Destination Unreachable" messages for Virtual Extensible LAN (VXLAN) and Generic Network Virtualization Encapsulation (GENEVE) tunnels, which is done by adjusting the PMTU and modifying forwarding information. As a result, PMTU discovery and route redirection features are now provided for VXLAN and GENEVE tunnels.

XDP and Networking eBPF Features Updated to Version 5.0

As of this update, the XDP and the networking eBPF features in the kernel package have been updated to version 5.0. This feature version provides a number of bug fixes and enhancements over the previous version, including the following: improvements to BPF programs for better interaction with the TCP/IP stack, flow dissection, a wider range of bpf helpers, and access to new map types. XDP changes include the availability of XDP metadata to AF_XDP sockets.

Security

Oracle Linux 8.1 introduces the following security features, enhancements, and changes.

SELinux Features

Oracle Linux 8.1 introduces the following features, changes, and improvements for SELinux:

  • SELinux user-space tools updated to version 2.9

    The following SELinux user-space tools have been updated to version 2.9: libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, and mcstrans. This version of the SELinux user-space tools provides several bug fixes and enhancements over the previous version.

  • SETools updated to version 4.2.2

    As of this update, the SETools collection and libraries have been updated to version 4.2.2. This version of the tools include several improvements over the previous version, including the removal of source policy references from manual pages (loading of source policies is no longer supported) and a fix for a performance regression in alias loading.

  • bpf SELinux policy class added

    The new bpf SELinux policy class is introduced in this update. This class enables you to control the Berkeley Packet Filter (BPF) flow through SElinux and also enables the inspection and simple manipulation of Extended Berkeley Packet Filter (eBPF) programs and maps that are controlled by SELinux.

  • boltd_t SELinux type added

    The new boltd_t SELinux type confines the boltd system daemon that is used to manage Thunderbolt 3 devices. The boltd daemon now runs as a confined service in SELinux enforcing mode.

  • selinux-policy packages updated to version 3.14.3

    The selinux-policy package is updated to version 3.14.3 in this update. This version of the package provides a number of bug fixes and enhancements over the previous version, including the allowance of additional rules.

  • "SELinux: Class not defined in policy" errors no longer displayed on system boot.

    An issue in Oracle Linux 8 that produced errors similar to the following in the /var/log/messages file when booting in either SELinux permissive mode or enforcing mode has been resolved: 

    SELinux:  Class bpf not defined in policy.
SELinux:  Class xdp_socket not defined in policy.
SELinux: the above unknown classes and permissions will be allowed

OpenScap Features

Oracle Linux 8.1 introduces the following features, changes, and improvements for OpenScap.

  • OpenSCAP updated to version 1.3.1

    In Oracle Linux 8.1, the openscap packages have been updated to version 1.3.1. This version of OpenSCAP provides many bug fixes and enhancements over the previous version.

  • OpenSCAP includes SCAP version 1.3

    Oracle Linux 8.1 includes the OpenSCAP suite, which supports data streams that conform to the latest version of the SCAP standard (SCAP 1.3). You can use SCAP 1.3 data streams the same way that you use SCAP 1.2 data streams, with no additional usability restrictions.

  • scap-security-guide packages updated to version 0.1.44

    The scap-security-guide packages have been updated to version 0.1.44 in this update. This version of the packages provides several bug fixes and enhancements over the previous version. Most notably, * SCAP content conforms to the latest version of the SCAP standard, and SCAP 1.3 * SCAP content supports UBI images.

SSH Features

The following new OpenSSH and SSH features, enhancements, and changes are included in Oracle Linux 8.1:

  • OpenSSH updated to version 8.0p1

    In Oracle Linux 8.1, the openssh packages have been updated to version 8.0p1. This version of OpenSSH provides several bug fixes and enhancements over the previous version, including the following:

    • Default RSA key size increased to 3072 bits for the ssh-keygen tool

    • Support for the ShowPatchLevel configuration option has been removed.

    • Numerous GSSAPI key exchange code fixes applied, including a fix for some Kerberos clean-up tasks.

    • Fall back to the sshd_net_t SELinux context has been removed.

    • Match final blocks added.

    • Minor issues with the ssh-copy-id command have been fixed.

    • Fixes for several Common Vulnerabilities and Exposures (CVE) related to the scp utility, namely the following: CVE-2019-6111, CVE-2018-20685, and CVE-2019-6109.

  • libssh complies with the system-wide crypto-policies

    In Oracle Linux 8.1, the libssh client and server now automatically load the /etc/libssh/libssh_client.config and /etc/libssh/libssh_server.config files, respectively. With the automatic loading of the configuration file, libssh can use the system-wide cryptographic settings that are set by crypto-policies. This change simplifies control over the set of cryptographic algorithms that are used by applications.

New udica Package

Udica is a tool for generating SELinux policies for containers. You can use Udica to create a tailored security policy, which provides better control of how a container accesses host system resources. This capability enables you to harden container deployments against security violations, while simplifying and maintaining regulatory compliance.

virt-manager Application Deprecated

The Virtual Machine Manager application (virt-manager) is deprecated in Oracle Linux 8.1. Oracle recommends that you use the Cockpit web console to manage virtualization in a GUI. Note that some features in Oracle Linux 8 might only be accessible by using either virt-manager or the command line.

Technology Preview

For the Red Hat Compatible Kernel in the current Oracle Linux release, the following features are under technology preview:

aarch64 only: VNC Remote Console

In this release, the Virtual Network Computing (VNC) remote console is available as a technology preview on the 64-bit Arm platform only. The remaining components of the graphics stack are unverified on this platform.