RHEL 7.7 has Come with Kernel Live Patching
Red Hat has released latest version of RHEL 7.x for the customers that who wants to to keep servies o RHEL 7.x and has no migration plan to RHEL 8.x.
New Features and Major Enhancements
RHEL 7.7 has come with new features and lot of enhancements and bug fixes. Let’s review important new features which has been added to this new release.
Authentication and Interoperability
SSSD now fully supports sudo rules stored in AD
The System Security Services Daemon (SSSD) now fully supports sudo rules stored in Active Directory (AD). This feature was first introduced in Red Hat Enterprise Linux 7.0 as a Technology Preview. Note that the administrator must update the AD schema to support sudo rules.
With this release, Red Hat supports cluster deployments of up to 32 full cluster nodes.
Live patching for the kernel is now available
Live patching for the kernel,
kpatch, provides a mechanism to patch a running kernel without rebooting or restarting any processes. Live kernel patches will be provided for selected minor release streams of RHEL covered under the Extended Update Support (EUS) policy to remediate Critical and Important CVEs.
Servers and Services
chrony rebased to version 3.4
chrony packages have been upgraded to upstream version 3.4, which provides a number of bug fixes and enhancements over the previous version, notably:
- The support for hardware time stamping has received improvements.
- The range of supported polling intervals has been extended.
- Burst and filter options have been added to NTP sources.
- A pid file has been moved to prevent the
chronyd -qcommand from breaking the system service.
- An compatibility with NTPv1 clients has been fixed.
Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)
DIF/DIX is supported on configurations where the hardware vendor has qualified it and provides full support for the particular host bus adapter (HBA) and storage array configuration on RHEL.
DIF/DIX is not supported on the following configurations:
- It is not supported for use on the boot device.
- It is not supported on virtualized guests.
- Red Hat does not support using the Automatic Storage Management library (ASMLib) when DIF/DIX is enabled.
DIF/DIX is enabled or disabled at the storage device, which involves various layers up to (and including) the application. The method for activating the DIF on storage devices is device-dependent.
System and Subscription Management
The web console rebased to version 195
The web console, provided by the
cockpit packages, has been upgraded to version 195, which provides a number of new features and bug fixes.
cockpit packages distributed in the Base channel of RHEL 7 include the following features:
- You can now open individual ports for services in the firewall.
- The firewall page now enables adding and removing firewall zones and adding services to a specific zone.
- Cockpit can now help you with enabling certain security vulnerability mitigations, starting with the disabling SMT (Simultaneous Multi-Threading) option.
Read more about this release on: