Red Hat Enterprise Linux 9.1 arrives with security enhancements, Wayland integration and more

Darkcrizt

5 minutes

Red Hat Enterprise Linux

Red Hat Enterprise Linux also known by its acronym RHEL is a commercial distribution of GNU/Linux developed by Red Hat

Red Hat recently announced the release of your Linux distribution, "Red Hat Enterprise Linux 9.1", version in which the RHEL 9 branch continues to evolve with a more open development process and builds on the foundation of the CentOS Stream 9 package.

CentOS Stream is positioned as an upstream project for RHEL, allowing third parties to control the preparation of RHEL packages, propose changes, and influence decisions. According to the 10-year support cycle for the distribution, RHEL 9 will be maintained until 2032.

What's New in Red Hat Enterprise Linux 9.1

In this new version that is presented, it is highlighted that SELinux has been updated to version 3.4, in which it has been improved relabel performance (relabel) due to the parallelization of operations, the option «-m'('--checksum") to the semodule utility to get SHA256 hashes from modules, mcstrans has been moved to the PCRE2 library. In addition to this, SELinux policies were added to protect the services ksm, nm-priv-helper, rhcd, stalld, systemd-network-generator, targetclid, and wg-quick.

Another novelty that is presented is that the ability to use the Clevis client (clevis-luks-systemd) to automatically unlock disk partitions encrypted with LUKS and mounted at a later stage of boot, without the need to use the command "systemctl enable clevis-luks-askpass.path«.

Capabilities for preparing system images have been expanded, which now supports uploading images to Google Cloud Platform (GCP), placing the image directly in the container registry, setting the size of the /boot partition, and tuning parameters (Blueprint) during imaging ( for example, when adding packages and creating users).

Added a utility keylime for attestation (authentication and continuous integrity monitoring) of an external system using TPM (Trusted Platform Module) technology, for example, to verify the authenticity of Edge and IoT devices located in an uncontrolled location where unauthorized access is possible .

SSSD added support for caching SID requests (for example, GID/UID checks) in RAM, which made it possible to speed up copy operations of a large number of files through the Samba server.

In OpenSSH, the default minimum size for RSA keys is 2048 bits. and the NSS libraries no longer support RSA keys smaller than 1023 bits. The RequiredRSAsize parameter was added to OpenSSH to set your own limits. Added support for the sntrup761x25519-sha512@openssh.com key exchange method, which is resistant to attacks on quantum computers.

the subsystemeBPF carries the improvements implemented in the Linux 5.15 and 5.16 kernels. For example, for BPF programs, the ability to query and process timer events, the ability to get and set socket options to setsockopt, support for calling kernel module functions, a storage structure bloom filter, probabilistic data (BPF map) and the ability to Add binding tags to function parameters.

It is also highlighted that MPTCP protocol implementation updated (MultiPath TCP), adding support for MPTCP connection fallback to plain TCP and offering an API to manage MPTCP streams from user space).

Of the other changes that stand out of this new version:

  • The real-time system patch set used in the rt-kernel has been updated to the state corresponding to the 5.15-rt kernel.
  • On systems with 64-bit ARM, AMD, and Intel processors, the ability to change the real-time mode operation in the kernel at runtime by writing the mode name to the .
  • The GRUB bootloader configuration has been changed to hide the default boot menu, displaying the menu if a previous boot fails.
  • Support for creating virtual hardware clocks (PHC, PTP hardware clocks) has been added to the PTP (Precision Time Protocol) driver.
  • Added the modulesync command that downloads module RPM packages and creates a repository in the working directory with the metadata needed to install module packages.
  • NetworkManager implements the translation of connection profiles from the ifcfg configuration format to a keyfile-based format.
  • The driver for Intel E800 Ethernet Adapters supports the iWARP and RoCE protocols.

Finally, if you are interested in knowing more about it, you can consult the details In the following link.

download get

For interested and have access to the Red Hat customer portal, you should know that this version is designed for x86_64, s390x (IBM System z), ppc64le and Aarch64 (ARM64) architectures. The sources for the Red Hat Enterprise Linux 9 rpm packages are located in the CentOS Git repository.

Ready-made installation images are available to registered users of the Red Hat Customer Portal (you can also use CentOS Stream 9 iso images to evaluate functionality).


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.