CentOS Stream 9 is officially presented and these are its most important changes

The project CentOS announcement recently officially lupon availability of CentOS Stream 9 distribution, which is used as the basis for the Red Hat Enterprise Linux 9 distribution as part of a new, more open development process.

CentOS Stream is a continuously updated distribution and allows early access to packages being developed for a future version of RHEL. CentOS Stream se positioned as an upstream project for RHEL, allowing third party participants to control the preparation of packages for RHEL, propose their changes and influence decisions.

Previously, a snapshot of one of the Fedora versions was used as the basis for a new branch of RHEL, which was refined and stabilized behind closed doors, without the ability to control the development process and decisions made. During the development of RHEL 9 based on the Fedora 34 snapshot, with the participation of the community, the CentOS Stream 9 branch was formed, in which preparatory work is taking place and forms the basis for a significant new RHEL branch.

Main changes in CentOS Stream 9

The desktop is based on GNOME 40 (GNOME 3.28 included in RHEL 8) and the GTK 4 library. In GNOME 40, virtual desktops in Activities Overview mode are set to landscape orientation and appear as a continuous loop from left to right. GNOME use the power-profiles-daemon controller, It provides the ability to switch on the fly between power save mode, power balance mode, and peak performance mode.

All audio streams have been moved to the PipeWire media server, which is now the default instead of PulseAudio and JACK. Using PipeWire allows you to offer professional audio processing capabilities in a typical desktop edition, eliminate fragmentation, and unify your audio infrastructure for different applications.

By default, GRUB start menu is hidden if RHEL is the only distribution on the system and if the previous start was successful. To display the menu during boot, just hold down the Shift key or press the Esc or F8 key multiple times.

Components to support different languages ​​have been moved to language packs, allowing the level of support for installed languages ​​to be varied.

The distribution uses a new branch of the OpenSSL 3.0 cryptographic library. By default, more modern and reliable cryptographic algorithms are enabled (for example, the use of SHA-1 in TLS, DTLS, SSH, IKEv2 and Kerberos is disabled, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES and FFDHE-1024 are disabled).

SELinux performance has been significantly improved and with less memory consumption. In / etc / selinux / config, support for the "SELINUX = disabled" setting to disable SELinux has been removed.

The composition includes a new mptcpd daemon to configure MPTCP (MultiPath TCP), an extension of the TCP protocol to organize a TCP connection with the delivery of packets simultaneously along several routes through different network interfaces associated with different IP addresses. Using mptcpd makes it possible to configure MPTCP without using the iproute2 utility.

Network script package removed, instead is NetworkManager to configure network connections. The ifcfg configuration format is still supported, but NetworkManager defaults to a keyfile-based format.

Clang is used by default to build the QEMU emulator, This allowed the KVM hypervisor to use some additional protection mechanisms, such as SafeStack, to guard against exploitative practices of Return-Oriented Programming (ROP).

SSSD (System Security Services Daemon) has increased the granularity of logs, for example, task completion time is now attached to events and the authentication flow is reflected. Search capabilities have been added to analyze performance and configuration issues.

Of the most changes that stand out:

  • Added support for experimental WireGuard VPN
  • By default, SSH login as root is denied.
  • Obsolete packet filter management tools iptables-nft (utility iptables, ip6tables, ebtables, and arptables) and ipset. Now it is recommended to use nftables to manage the firewall.
  • The system environment and mounting tools have been updated.
  • GCC 11 is used to build packages
  • The C standard library has been updated to glibc 2.34
  • Linux kernel package is based on version 5.14
  • RPM Batch Manager has been updated to version 4.16 with support for integrity checking through fapolicyd.
  • Distribution migration to Python 3 is complete.
  • By default, the Python 3.9 branch is offered

Finally, it should be mentioned that the builds are prepared for x86_64, Aarch64 and ppc64le (IBM Power 9+) architectures. Also, support for the IBM Z architecture (s390x Z14 +) is declared, but builds for it are not yet available.

If you want to know more about it, you can check the details In the following link.

The content of the article adheres to our principles of editorial ethics. To report an error click here.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.