9. What Do System Adminstrators Care About
Prev     Next

9. What Do System Adminstrators Care About

9.1. Security

This section highlights various security items from Fedora.

9.1.1. Security enhancements

Fedora continues to improve its many proactive security features.

http://fedoraproject.org/wiki/Security/Features

9.1.2. SELinux

The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references. Some useful links include the following:

9.1.3. SELinux enhancements

Different roles are now available, to allow finer-grained access control:

  • guest_t does not allow running setuid binaries, making network connections, or using a GUI.

  • xguest_t disallows network access except for HTTP via a Web browser, and no setuid binaries.

  • user_t is ideal for office users: prevents becoming root via setuid applications.

  • staff_t is same as user_t, except that root-level access via sudo is allowed.

  • unconfined_t provides full access, the same as when not using SELinux.

Browser plug-ins wrapped with nspluginwrapper, which is the default, are confined by SELinux policy.

9.1.4. Security audit package

Sectool provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:

https://fedorahosted.org/sectool

9.1.5. General information

A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.

9.2. System Services

9.2.1. Upstart

Fedora 10 features the Upstart initialization system. All System V init scripts should run fine in compatibility mode. However, users who have made customizations to their /etc/inittab file need to port those modifications to upstart. For information on how upstart works, refer to the init(8) and initctl(8) man pages. For information on writing upstart scripts, refer to the events(5) man page, and also the "Upstart Getting Started Guide":

http://upstart.ubuntu.com/getting-started.html

Due to the change of init systems, it is recommended that users who do an upgrade on a live file system to Fedora 9, reboot soon afterwards.

9.2.2. NetworkManager

Fedora 10 features NetworkManager. NetworkManager 0.7 provides improved mobile broadband support, including GSM and CDMA devices, and now supports multiple devices, ad-hoc networking for sharing connections, and the use of system-wide network configuration. It is now enabled by default on all installations. When using NetworkManager, be aware of the following:

  • NetworkManager does not currently support all virtual device types. Users who use bridging, bonding, or VLANs may need to switch to the old network service after configuration of those interfaces.

  • NetworkManager starts the network asynchronously. Users who have applications that require the network to be fully initialized during boot should set the NETWORKWAIT variable in /etc/sysconfig/network. Please file bugs about cases where this is necessary, so we can fix the applications in question.

    https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora

9.2.3. Autofs

Autofs is no longer installed by default. Users who wish to use Autofs can choose it from the System Tools group in the installer, or with the package installation tools.

9.2.4. Varnish

Varnish is updated to version 2.0. The VCL syntax has changed from version 1.x. Users who upgrade from 1.x must change their vcl files according to README.redhat. The most important changes are:

  • In vcl, the word insert must be replaced by deliver

  • In the vcl declaration of backends, set backend has been simplified to backend, and backend parts are now just prefixed with a dot, so the default localhost configuration looks like this:

    	  backend default { .host = "127.0.0.1"; .port = "80"; }

9.3. Virtualization

Virtualization in Fedora 10 includes major changes, and new features, that continue to support KVM, Xen, and many other virtual machine platforms.

9.3.1. Unified kernel image

The kernel-xen package has been obsoleted by the integration of paravirtualization operations in the upstream kernel. The kernel package in Fedora 10 supports booting as a guest domU, but will not function as a dom0 until such support is provided upstream. The most recent Fedora release with dom0 support is Fedora 8.

Booting a Xen domU guest within a Fedora 10 host requires the KVM based xenner. Xenner runs the guest kernel and a small Xen emulator together as a KVM guest.

[Important] KVM requires hardware virtualization features in the host system.

Systems lacking hardware virtualization do not support Xen guests at this time.

For more information refer to:

9.3.2. Virtualization storage management

Advances in libvirt now provide the ability to list, create, and delete storage volumes on remote hosts. This includes the ability to create raw sparse and non-sparse files in a directory, allocate LVM logical volumes, partition physical disks, and attach to iSCSI targets.

This enables the virt-manager tool to remotely provision new guest domains, and manage the storage associated with them. It provides improved SELinux integration, since the APIs ensure that all storage volumes have the correct SELinux security context when being assigned to a guest.

Features

9.3.3. Remote installation of virtual machines

Improvements in Virtualization storage management have enabled the creation of guests on remote host systems. By leveraging Avahi, systems supporting libvirt can be automatically detected by virt-manager. Upon detection guests can be provisioned on the remote system.

Installations can be automated with the help of cobbler and koan. Cobbler is a Linux installation server that allows for rapid setup of network installation environments. Network installs can be configured for PXE boot, reinstallations, media-based net-installs, and virtualized guest installs. Cobbler uses a helper program, koan, for reinstallation and virtualization support.

For further details refer to:

9.3.4. Other improvements

Fedora also includes the following virtualization improvements:

  • Utilities in the new virt-mem package provide access to process tables, interface information, dmesg, and uname of QEmu and KVM guests from the host system. http://et.redhat.com/~rjones/virt-mem/

[Note] virt-mem is experimental.

Only 32 bit guests are supported at this time.

9.3.4.1. libvirt updated to 0.4.6

The libvirt package provides an API and tools to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The libvirt software is designed to be a common denominator among all virtualization technologies with support for the following:

  • The Xen hypervisor on Linux and Solaris hosts.

  • The QEMU emulator

  • The KVM Linux hypervisor

  • The LXC Linux container system

  • The OpenVZ Linux container system

  • Storage on IDE/SCSI/USB disks, FibreChannel, LVM, iSCSI, and NFS

New features and improvements since 0.4.2:

  • Enhanced OpenVZ support

  • Enhanced Linux containers (LXC) support

  • Storage pools API

  • Improved iSCSI support

  • USB device passthrough for QEMU and KVM

  • Sound, serial, and parallel device support for QEMU and Xen

  • Support for NUMA and vCPU pinning in QEMU

  • Unified XML domain and network parsing for all virtualization drivers

For further details refer to:

http://www.libvirt.org/news.html

9.3.4.2. virt-manager Updated to 0.6.0

The virt-manager package provides a GUI implementation of virtinst and libvirt functionality.

New features and improvements since 0.5.4:

  • Remote storage management and provisioning: view, add, remove, and provision libvirt managed storage. Attach managed storage to a remote VM.

  • Remote VM installation support: Install from managed media (CDROM) or PXE. Simple install time storage provisioning.

  • VM details and console windows merged: each VM is now represented by a single tabbed window.

  • Use Avahi to list libvirtd instances on network.

  • Hypervisor Autoconnect: Option to connect to hypervisor at virt-manager start up.

  • Option to add sound device emulation when creating new guests.

  • Virtio and USB options when adding a disk device.

  • Allow viewing and removing VM sound, serial, parallel, and console devices.

  • Allow specifying a keymap when adding display device.

  • Keep app running if manager window is closed but VM window is still open.

  • Allow limiting the amount of stored stats history.

For further details refer to:

http://virt-manager.et.redhat.com/

9.3.4.3. virtinst updated to 0.400.0

The python-virtinst package contains tools for installing and manipulating multiple VM guest image formats.

New features and improvements since 0.300.3:

  • New tool virt-convert: Allows converting between different types of virt configuration files. Currently only supports vmx to virt-image.

  • New tool virt-pack: Converts virt-image xml format to vmx and packs in a tar.gz. (Note this will likely be merged with virt-convert in the future).

  • virt-install improvements:

    • Support for remote VM installation. Can use install media and disk images on remote host if shared via libvirt. Allows provisioning storage on remote pools.

    • Support setting CPU pinning information for QEmu/KVM VMs

    • NUMA support via --cpuset=auto option

    • New options:

      • --wait allows putting a hard time limit on installs

      • --sound create VM with soundcard emulation

      • --disk allows specifying media as a path, storage volume, or a pool to provision storage on, device type, and several other options. Deprecates --file, --size, --nonsparse.

      • --prompt Input prompting is no longer the default, this option turns it back on.

  • virt-image improvements:

    • --replace option to overwrite existing VM image file

    • Support multiple network interfaces in virt-image format

  • Use virtio disk/net drivers if chosen guest OS entry supports it (Fedora 9 and 10)

For further details refer to:

9.3.4.4. Xen updated to 3.3.0

Fedora 10 supports booting as a guest domU, but will not function as a dom0 until such support is provided in the upstream kernel. Support for a pv_ops dom0 is targeted for Xen 3.4.

Changes since 3.2.0:

  • Power management (P & C states) in the hypervisor

  • HVM emulation domains (qemu-on-minios) for better scalability, performance, and security

  • PVGrub: boot PV kernels using real GRUB inside the PV domain

  • Better PV performance: domain lock removed from pagetable-update paths

  • Shadow3: optimisations to make this the best shadow pagetable algorithm yet, making HVM performance better than ever

  • Hardware Assisted Paging enhancements: 2MB page support for better TLB locality

  • CPUID feature levelling: allows safe domain migration across systems with different CPU models

  • PVSCSI drivers for SCSI access direct into PV guests

  • HVM framebuffer optimisations: scan for framebuffer updates more efficiently

  • Device passthrough enhancements

  • Full x86 real-mode emulation for HVM guests on Intel VT: supports a much wider range of legacy guest OSes

  • New qemu merge with upstream development

  • Many other changes in both x86 and IA64 ports

For further details refer to:

9.4. Web servers

9.4.1. PostgreSQL DBD Driver

[Tip] Deprecated or out of date content?

This content may be deprecated or out of date, it has not been updated since the Fedora 9 release notes.

Users of the mod_dbd module should note that the apr-util DBD driver for PostgreSQL is now distributed as a separate dynamically-loaded module. The driver module is now included in the apr-util-pgsql package. A MySQL driver is now also available, in the apr-util-mysql package.

9.4.2. Drupal

Drupal has been updated to 6.4. For details, refer to:

http://drupal.org/drupal-6.4

If your installation is updated to the 6.4 version in Fedora 9, skip the following step.

When upgrading from earlier versions, remember to log in to your site as the admin user, and disable any third-party modules before upgrading this package. After upgrading the package:

  1. Copy 

    /etc/drupal/default/settings.php.rpmsave

    to 

    /etc/drupal/default/settings.php

    , and repeat for any additional sites' settings.php files.

  2. Browse to http://host/drupal/update.php to run the upgrade script.

Also, several modules are now available: drupal-date, -cck, -views, and -service_links.

9.5. Samba - Windows compatibility

This section contains information related to Samba, the suite of software Fedora uses to interact with Microsoft Windows systems.

[Tip] Maybe you know what should be on this page?

The Fedora release notes are a collective effort of dozens of people. You can contribute by editing the wiki page that corresponds to this part of the release notes.

This section has not been updated for Fedora 10 by the beat writer (http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments.) If you have some ideas or knowledge of what should be in this part of the release notes, you are encouraged to edit the wiki directly. Read https://fedoraproject.org/wiki/Docs/Beats/HowTo/ for more information, then get an account and start writing.

9.6. Mail servers

This section concerns electronic mail servers or mail transfer agents (MTAs).

9.6.1. Sendmail

By default, the Sendmail mail transport agent (MTA) does not accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients:

  1. Edit /etc/mail/sendmail.mc and either change the DAEMON_OPTIONS line to also listen on network devices, or comment out this option entirely using the dnl comment delimiter.

  2. Install the sendmail-cf package: su -c 'yum install sendmail-cf'

  3. Regenerate /etc/mail/sendmail.cf: su -c 'make -C /etc/mail'

9.7. File servers

This section refers to file transfer and sharing servers. Refer to http://fedoraproject.org/wiki/Docs/Beats/WebServers and http://fedoraproject.org/wiki/Docs/Beats/Samba for information on HTTP (Web) file transfer and Samba (Microsoft Windows) file sharing services.

[Tip] Maybe you know what should be on this page?

The Fedora release notes are a collective effort of dozens of people. You can contribute by editing the wiki page that corresponds to this part of the release notes.

This section has not been updated for Fedora 10 by the beat writer (http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments.) If you have some ideas or knowledge of what should be in this part of the release notes, you are encouraged to edit the wiki directly. Read https://fedoraproject.org/wiki/Docs/Beats/HowTo/ for more information, then get an account and start writing.

9.8. Database servers

[Warning] You must do your own research on upgrading database packages.

Consult the release notes for the version of database you are upgrading to. There may be actions you need to do for the upgrade to be successful.

[Tip] Maybe you know what should be on this page?

The Fedora release notes are a collective effort of dozens of people. You can contribute by editing the wiki page that corresponds to this part of the release notes.

This section has not been updated for Fedora 10 by the beat writer (http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments). If you have some ideas or knowledge of what should be in this part of the release notes, you are encouraged to edit the wiki directly. Read https://fedoraproject.org/wiki/Docs/Beats/HowTo for more information, then get an account and start writing.

9.9. Backwards compatibility

Fedora provides legacy system libraries for compatibility with older software. This software is part of the Legacy Software Development group, which is not installed by default. Users who require this functionality may select this group either during installation or after the installation process is complete. To install the package group on a Fedora system, use ApplicationsAdd/Remove Software or enter the following command in a terminal window: 

    su -c 'yum groupinstall "Legacy Software
      Development"'

Enter the password for the root account when prompted.

9.9.1. Compiler compatibility

The compat-gcc-34 package has been included for compatibility reasons:

https://www.redhat.com/archives/fedora-devel-list/2006-August/msg00409.html

9.9.2. KDE 3 development

Refer to Section 8.5, “KDE 3 Development Platform and Libraries”.

9.10. Updated packages in Fedora 10

This list is automatically generated by checking the difference between the (F10)-1 GOLD tree and the F10 tree on a specific date. The content is posted only on the wiki:

http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/UpdatedPackages

9.11. Package changes

[Note] This list is automatically generated

This list is automatically generated. It is not a good choice for translation.

This list is generated for the release and posted on the wiki only. It is made using the treediff utility, ran as treediff newtree oldtree against a rawhide or release tree.

For a list of which packages were updated since the previous release, refer to http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/UpdatedPackages. You can also find a comparison of major packages between all Fedora versions at http://distrowatch.com/fedora.

Prev     Next
8. How are Things for Developers  Home  10. Are There Hideous Bugs and Terrible Tigers