Red Hat Enterprise Linux 6.9 Beta

6.9 Release Notes

Release Notes for Red Hat Enterprise Linux 6.9 Beta

Edition 9 Beta

Red Hat Customer Content Services

Legal Notice

Copyright © 2017 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.

Abstract

The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 6.9 Beta and document known problems in this release. For information about notable bug fixes, Technology Previews, deprecated functionality, and other details, refer to the Technical Notes.
Note: This document is under development, is subject to substantial change, and is provided only as a preview. The included information and instructions should not be considered complete, and should be used with caution.

Preface

Red Hat Enterprise Linux minor releases are an aggregation of individual enhancement, security, and bug fix errata. The Red Hat Enterprise Linux 6.9 Beta Release Notes document describes the major changes made to the Red Hat Enterprise Linux 6 operating system and its accompanying applications for this minor release, as well as known problems. The Technical Notes document provides a list of notable bug fixes, all currently available Technology Previews, deprecated functionality, and other information.
Capabilities and limits of Red Hat Enterprise Linux 6 as compared to other versions of the system are available in the Red Hat Knowledgebase article available at https://access.redhat.com/articles/rhel-limits.
For information regarding the Red Hat Enterprise Linux life cycle, refer to https://access.redhat.com/support/policy/updates/errata/.

Chapter 1. Overview

Production Phase 2

Red Hat Enterprise Linux 6.9 provides a stable release focused on bug fixes, since Red Hat Enterprise Linux 6 is now in Production Phase 2. For details, see the Red Hat Enterprise Linux Life Cycle document.

Security

  • With the addition of TLS protocol version 1.2 support to the GnuTLS component, Red Hat Enterprise Linux 6 offers complete support for TLS 1.2 in the shipped security libraries. TLS 1.2 is recommended by modern security standards such as PCI-DSS 3.1. For details, see Chapter 8, Security.
  • Cryptographic protocols and algorithms, such as MD5, SHA0, RC4, or 512-bit DH, which are considered insecure, have been deprecated. For details, see the Red Hat Enterprise Linux 6.9 Technical Notes.

Red Hat Insights

Since Red Hat Enterprise Linux 6.7, the Red Hat Insights service is available. Red Hat Insights is a proactive service designed to enable you to identify, examine, and resolve known technical issues before they affect your deployment. Insights leverages the combined knowledge of Red Hat Support Engineers, documented solutions, and resolved issues to deliver relevant, actionable information to system administrators.
The service is hosted and delivered through the customer portal at https://access.redhat.com/insights/ or through Red Hat Satellite. To register your systems, follow the Getting Started Guide for Insights. For further information, data security and limits, refer to https://access.redhat.com/insights/splash/.

Red Hat Access Labs

Red Hat Access Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Access Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are, for example:

Part I. New Features

This part describes new features and major enhancements introduced in Red Hat Enterprise Linux 6.9 Beta.

Chapter 2. Authentication and Interoperability

SSSD now enables the administrator to select which domains from the AD forest can be contacted

In some environments, only a subset of domains in a joined Active Directory (AD) forest can be reached. Attempting to contact an unreachable domain might cause unwanted timeouts or switch the System Security Services Daemon (SSSD) to offline mode.
To prevent this, the administrator can now configure a list of domains to which SSSD connects by setting the ad_enabled_domains option in the /etc/sssd/sssd.conf/ file. For details, see the sssd-ad(5) man page. (BZ#1324428)

SSSD now enables selecting a list of PAM services that will not receive any environmental variables from pam_sss

In some cases, it is not desirable to propagate environment variables set by the pam_sss Pluggable Authentication Module (PAM). For example, when using the sudo -i command, users might want to transfer the KRB5CCNAME variable of the original user to the target environment.
Previously, when a non-privileged user executed the sudo -i command to become another non-privileged user, the new non-privileged user did not have the permissions to read the Kerberos credentials cache that KRB5CCNAME pointed to.
For this use case, this update adds a new option named pam_response_filter. Using pam_response_filter, the administrator can list PAM services (such as sudo-i) that do not receive any environmental variables (such as KRB5CCNAME) during login. Now, if pam_response_filter lists sudo-i, a user can switch from one non-privileged user to another without KRB5CCNAME being set in the target environment. (BZ#1329378)

IdM servers can now be configured to require TLS 1.2 or better

Version 1.2 of the Transport Layer Security (TLS) protocol is considered significantly more secure than previous versions. This update enables you to configure your Identity Management (IdM) server to forbid communication using protocols that are less secure than TLS 1.2.
For details, see the following Red Hat Knowledgebase article: https://access.redhat.com/articles/2801181. (BZ#1367026)

pam_faillock can be now configured with unlock_time=never

The pam_faillock module now allows specifying using the unlock_time=never option that the user authentication lock caused by multiple authentication failures should never expire. (BZ#1404832)

Chapter 3. Clustering

Support added for Oracle 11g in Oracle and OrLsnr Pacemaker resource agents.

As of Red Hat Enterprise Linux release 6.9, the Pacemaker resource agents Oracle and OraLsnr support Oracle database 11g. (BZ#1336846)

Pacemaker now supports alert agents

You can now create Pacemaker alert agents to take some external action when a cluster event occurs. The cluster passes information about the event to the agent by means of environment variables. Agents can do anything desired with this information, such as send an email message, log to a file, or update a monitoring system. For information on configuring alert agents, see Configuring the Red Hat High Availability Add-On with Pacemaker. (BZ#1253325)

clufter is now fully supported

The clufter package provides a tool for transforming and analyzing cluster configuration formats. It can be used to assist with migration from an older stack configuration to a newer configuration that leverages Pacemaker. The clufter tool, previously available as a Technology Preview, is now fully supported. For information on the capabilities of clufter, see the clufter(1) man page or the output of the clufter -h command. For examples of clufter usage, see the following Red Hat Knowledgebase article: https://access.redhat.com/articles/2810031. (BZ#1318326)

Chapter 4. Compiler and Tools

The Net:SSLeay Perl module now supports restricting of TLS version

The Net:SSLeay Perl module has been updated to support explicit specification of the TLS protocol version, which can be used for improving security. To restrict TLS version to 1.1 or 1.2, set the Net::SSLeay::ssl_version variable to 11 or 12 respectively. (BZ#1325407)

The IO::Socket::SSL Perl module now supports restricting of TLS version

The Net:SSLeay Perl module has been updated to support explicit specification of the TLS protocol versions 1.1 or 1.2 to improve security, and the IO::Socket::SSL module has been updated accordingly. When a new IO::Socket::SSL object is created, it is now possible to restrict the TLS version to 1.1 or 1.2 by setting the SSL_version option to TLSv1_1 or TLSv1_2 respectively. Alternatively, TLSv11 and TLSv12 can be used. Note that these values are case-sensitive. (BZ#1331037)

ca-certificates rebased to version 2.10

The certificate store has been upgraded to include the changes contained in version 2.10 of the Certificate Authority certificate list published by the Mozilla Foundation as part of the Network Security Services (NSS) version 3.27. In order to preserve compatibility with existing PKI deployments and with software based on OpenSSL and GnuTLS, several root CA certificates with an RSA key size of 1024 bits have been kept as trusted by default. See the following Knowledgebase article for instructions on disabling these legacy modifications: https://access.redhat.com/articles/1413643. (BZ#1368996)

Chapter 5. Hardware Enablement

cpuid is now available

With this update, the cpuid utility is available in Red Hat Enterprise Linux. This utility dumps detailed information about the CPU(s) gathered from the CPUID instruction, and also determines the exact model of CPU(s). It supports Intel, AMD, and VIA CPUs. (BZ#1316998)

Support for RealTek RTS5250S SD4.0 Controllers

The Realtek RTS5205 card reader controllers have been added to the kernel. (BZ#1167938)

Chapter 6. Kernel

The ksc driver updated to version 0.9.16-1

The ksc packages, which contain kernel module source code checker (KSC), have been updated to version 0.9.16-1. This update fixes several bugs and adds various enhancements, notably:
  • The -k option can now be specified multiple times
  • The -r option has been added to the ksc(1) manual page and the ksc --help output
  • The list of hard-coded releases has been removed, and thus KSC no longer crashes
  • The kabi-whitelists component is now a subcomponent of the kernel component. (BZ#1335513)

The i40e driver updated to version 1.5.10

The i40e driver has been updated to version 1.5.10. (BZ#1346978)

The i40evf driver updated to version 1.5.10.

The i40evf driver has been updated to version 1.5.10. (BZ#1360179)

The bnxt_en driver updated to the latest upstream version

The bnxt_en driver has been updated with several minor fixes and with support for BCM5731X, BCM5741X, and 57404 Network Partitioning (NPAR) devices. (BZ#1347825)

The ahci driver supports Marwell 88SE9230

The ahci driver now supports Marvell 88SE9230 controller. (BZ#1392941)

Chapter 7. Networking

NetworkManager now supports manual DNS configuration with dns=none

With this update, the user has the option to prevent NetworkManager from modifying the /etc/resolv.conf file. This is useful for manual management of DNS settings. To protect the file from being modified, add the dns=none option to the /etc/NetworkManager/NetworkManager.conf file. (BZ#1308730)

Chapter 8. Security

TLS 1.2 support added to all system components

With the addition of TLS 1.2 support to the GnuTLS component, Red Hat Enterprise Linux 6 offers complete support for TLS 1.2 in the shipped security libraries: OpenSSL, NSS, and GnuTLS. Several modern standards such as PCI-DSS v3.1 recommend the latest TLS protocol, which is currently TLS 1.2. This addition allows you to use Red Hat Enterprise Linux 6 with future revisions of security standards, which may require TLS 1.2 support.
For more information about the cryptographic changes in the Red Hat Enterprise Linux 6, see this article on the Red Hat Customer Portal: https://access.redhat.com/blogs/766093/posts/2787271. (BZ#1339222)

vsftpd now supports TLS 1.2

Users of the Very Secure File Transfer Protocol (FTP) daemon (vsftpd) can now select a specific version of TLS protocol up to 1.2. Support of TLS 1.2 has been added to bring security of vsftpd to the same level as the same package in Red Hat Enterprise Linux 7. New default ciphers specific to TLS 1.2 has been added: ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES256-GCM-SHA384. These changes do not break existing configurations. (BZ#1350724)

auditd now supports incremental_async

The audit daemon now supports a new flush technique called incremental_async. This new mode significantly improves the audit daemon's logging performance maintaining short flush intervals for security. (BZ#1369249)

Chapter 9. Storage

The smartPQI (smartpqi) driver is now available

This update provides the smartPQI (smartpqi) driver for new Microsemi storage adapter hardware, which becomes available in 2017. The new hardware can also be used with the previous aacraid driver on Red Hat Enterprise Linux 6.5, 6.6, 6.7, and 6.8. In comparison with the aacraid driver, the smartpqi driver provides improved performance and enhanced functionality.
Migration from Red Hat Enterprise Linux 6.8 to Red Hat Enterprise Linux 6.9 changes the driver from aacraid to smartpqi. As long as standard installation configurations are used, this driver change is transparent to the user and no action is needed. The new smartpqi driver is automatically used after booting Red Hat Enterprise Linux 6.9. (BZ#1343743)

A new default configuration for Huawei XSG1 arrays has been added for device-mapper-multipath

On Red Hat Enterprise Linux 6, a specific configuration is recommended in the device-mapper-multipath tool configuration for Huawei XSG1 arrays. This configuration is now used by default. (BZ#1333334)

The disable_changed_wwids multipath.conf option is now available in multipath to avoid data corruption

The multipath tool now has the disable_changed_wwids multipath.conf option. If disable_changed_wwids is set to yes, the multipathd service monitors path devices, and if their World Wide Identifier (WWID) changes, multipathd disables access to the path devices until the WWID changes back.
If a Logical Unit Number (LUN) is remapped while a multipath device exists on top of it, it is possible in some cases for I/O to be written to an incorrect LUN, which leads to corruption. Writing to an incorrect LUN can be detected by multipathd that registers a change of the LUN WWID, and disables access to the device.
Note that due to the gap between when the LUN is remapped, and when multipathd is notified that the device has changed, there is still a risk of corruption in some cases, and remapping in-use LUNs is still not supported. (BZ#1377532)

The skip_kpartx multipath.conf option to allow skipping kpartx partition creation has been added

This update enables the user to only create a multipath device, and not any partitions, even if the device has a partition table. Now, multipath devices that are configured with the skip_kpartx option do not have any partition devices created for them. (BZ#1310320)

Users are now warned if they create multipath devices while multipathd is not running

With this update, multipath prints a warning message for adding and listing multipath devices when the multipathd service is not running. (BZ#1305589)

Chapter 10. Virtualization

Configuration options can be used to exclude weak ciphers

Previously, libvirt depended on the hard-coded cipher defaults in GnuTLS. This made it possible to use weak ciphers. With this update, configuration options to exclude weak ciphers have been added to the libvirtd.conf and libvirt.conf files. In addition, TLS priority support was added to libvirt URIs. As a a result, the list of used ciphers can be customized to exclude weak ciphers. (BZ#1333415)

Improved Hyper-V storage driver performance

The storvsc Hyper-V storage driver was updated from upstream. This provides moderate performance improvement of I/O operations when using the Hyper-V storvsc driver for certain workloads. (BZ#1352824)

Hyper-V clock source changed to use the TSC page

With this update, the Time Stamp Counter (TSC) page is used as the Hyper-V clock source. The TSC page provides a more efficient way of computing the per-guest reference counter value than the previously used model-specific register (MSR). As a result, kernel operations that involve reading time stamps are now faster.
Note that this feature is only supported on 64-bit kernels. (BZ#1365049)

Chapter 11. Red Hat Software Collections

Red Hat Software Collections is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures. Red Hat Developer Toolset is included as a separate Software Collection.
Red Hat Developer Toolset is designed for developers working on the Red Hat Enterprise Linux platform. It provides current versions of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools. Since Red Hat Software Collections 2.3, the Eclipse development platform is provided as a separate Software Collection.
Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl utility, users can choose which package version they want to run at any time.

Important

Red Hat Software Collections has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.
See the Red Hat Software Collections documentation for the components included in the set, system requirements, known problems, usage, and specifics of individual Software Collections.
See the Red Hat Developer Toolset documentation for more information about the components included in this Software Collection, installation, usage, known problems, and more.

Part II. Known Issues

Chapter 12. General Updates

The default value of first_valid_uid in Dovecot has changed in Red Hat Enterprise Linux 7

Since Red Hat Enterprise Linux 7.3, the default value of the first_valid_uid configuration option of Dovecot has changed from 500 in Red Hat Enterprise Linux 6 to 1000 in Red Hat Enterprise Linux 7. Consequently, if a Red Hat Enterprise Linux 6 installation does not have first_valid_uid explicitly defined, the Dovecot configuration will not allow users with UID less than 1000 to log in after the update to Red Hat Enterprise Linux 7.
To avoid breaking the configuration, redefine first_valid_uid to 500 after the upgrade in the /etc/dovecot/conf.d/10-mail.conf file. Note that only installations where first_valid_uid is not explicitly defined are affected by this problem. (BZ#1388967)

Incorrect information about the expected default settings of services in Red Hat Enterprise Linux 7

The module of Preupgrade Assistant that handles initscripts provides incorrect information about the expected default settings of the services in Red Hat Enterprise Linux 7 according to the /usr/lib/systemd/system-preset/90-default.preset file in Red Hat Enterprise Linux 7 and according to the current settings of the Red Hat Enterprise Linux 6 system. In addition, the module does not check the default settings of the system but only the settings for the runlevel used during the processing of the check script, which might not be the default runlevel of the system. As a consequence, initscripts are not handled in the anticipated way and the new system needs more manual action than expected. However, the user is informed about the settings that will be chosen for relevant services, despite the presumable default settings. (BZ#1366671)

Chapter 13. Authentication and Interoperability

SSSD fails to manage sudo rules from the IdM LDAP tree

The System Security Services Daemon (SSSD) currently uses the IdM LDAP tree by default. As a consequence, it is not possible to assign sudo rules to non-POSIX groups. To work around this problem, modify the /etc/sssd/sssd.conf file to set your domain to use the compat tree again:
[domain/EXAMPLE]
...
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
As a result, SSSD will load sudo rules from the compat tree and you will be able to assign rules to non-POSIX groups.
Note that Red Hat recommends to configure groups referenced in sudo rules as POSIX groups. (BZ#1336548)

winbindd crashes when installing a new AD trust

When configuring a new Active Directory (AD) trust on a newly installed system, the ipa-adtrust-install utility might report that the winbindd service terminated unexpectedly. Otherwise, ipa-adtrust-install completes successfully.
If this problem occurs, restart the IdM services by using the ipactl restart command after running ipa-adtrust-install. This also restarts winbindd.
Note that the full extent of the functional impact of this problem is still unknown. Some trust functionality might not work until winbindd is restarted. (BZ#1399058)

nslcd fails to resolve user or group identities when it is started before the network connection is fully up

When nslcd, the local LDAP name service daemon, is started before the network connection is fully up, the daemon fails to connect to an LDAP server. As a consequence, resolving user or group identities does not work. To work around this problem, start nslcd after the network connection is up. (BZ#1401632)

IPA replica installation fails due to malformed HTTP requests

A known issue in pki-core causes PKI to generate HTTP requests which are missing a Host header when installing an IPA replica. These requests are rejected by IPA's HTTP proxy, and the installation subsequently fails. A patch to fix this known issue by adding the missing header will be provided in the final release of Red Hat Enterprise Linux 6.9. (BZ#1403943)

Chapter 14. Desktop

Incorrect mouse pointer movement after screen rotation inside a virtual machine in VMWare 11 or VMWare 12

If the screen rotation is changed inside a virtual machine in VMWare 11 or VMWare 12, the pointer movement remains unchanged. This only happens when the xorg-x11-drv-vmware driver is used, which initializes an absolute-axis device rather than a relative-axis device. The pointer does not follow the expected path because the driver is still mapping to the original coordinate system. To work around this problem, it it necessary to manually rotate the device, for example by running the following command:
xinput set-prop "ImPS/2 Generic Wheel Mouse" "Coordinate Transformation Matrix" 0 -1 1 1 0 0 0 0 1
Note that the command above is only an example. In general, the matrix needs to be adjusted depending on the specific scenario. Once the matrix is applied, pointer movement matches the rotation of the screen. (BZ#1322712)

Using Radeon or Nouveau can cause incorrectly rendered graphics

A bug in the Xorg server can, under rare circumstances, cause graphics to be rendered incorrectly if using the Radeon or Nouveau graphics device driver. For example, the Thunderbird message pane can be displayed incorrectly.
For Nouveau, as a workaround, add the WrappedFB option to the xorg.conf file as follows:
Section "Device"
Identifier "nouveau-device"
Driver "nouveau"
Option "WrappedFB" "true"
EndSection
This workaround avoids the faulty logic in the X server, and the Thunderbird message pane will be displayed correctly. (BZ#1076595)

Chapter 15. Directory Server in Red Hat Enterprise Linux

IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail

Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the nsEncryptionConfig object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications between servers fail. As a consequence, mechanisms relying on the schema can fail. For example, schema violations and plug-in failures can occur, replication can fail, and access control instructions (ACI) can be ignored. In an upcoming Red Hat Enterprise Linux 7.3 update, the nsTLS10, nsTLS11, and nsTLS12 attributes will be added to the list of allowed attributes in the nsEncryptionConfig object class, and as a consequence, mechanisms relying on the schema no longer fails in the described scenario. (BZ#1404443)

Chapter 16. Installation and Booting

The installer displays the number of multipath devices, and number of multipath devices selected, incorrectly

Multipath devices are configured properly, but the installer displays the number of devices and number of selected devices incorrectly. There is no known workaround at this point. (BZ#914637)

The installer displays the amount of disk space within multipath devices incorrectly

Multipath devices are configured properly, but the installer displays disk space and number of devices incorrectly. There is no known workaround at this point. (BZ#1014425)

Chapter 17. Kernel

Certain NIC firmware can become unresponsive with the bnx2x driver

Due to a bug in the unload sequence of the pre-boot drivers, the firmware of some internet adapters can become unresponsive after the bnx2x driver takes over the device. The bnx2x driver detects the problem and returns the message in the kernel log:
Storm stats were not updated for 3 times.
To work around this problem, apply the latest NIC firmware updates provided by your hardware vendor. As a result, unloading of the pre-boot firmware now works as expected and the firmware no longer hangs after bnx2x takes over the device. (BZ#1012684)

e1000e cards might not get an IPv4 address

Some e1000e network interface cards (NICs) might fail to get an IPv4 address assigned after the system is rebooted. To work around this problem, add the following line to the /etc/sysconfig/network-scripts/ifcfg-<interface> file:
LINKDELAY=10
(BZ#822725)

Kernel no longer panics when loading Intel Xeon v5 integrated graphic cards

When loading Intel Xeon v5 integrated graphic cards, a kernel panic sometimes occurred due to a race condition in the kernel firmware loader. This update adds a separate lock that is held throughout the life time of the firmware device, thus protecting the area where the device is registered. As a result, the kernel no longer panics in the described situation. (BZ#1309875)

The ecb kernel module fails when dracut is not upgraded

When upgrading only the kernel rpm from Red Hat Enterprise Linux 6.7 to version 6.8, upgrade the dracut package to the latest version (dracut-004-409.el6.rpm).
Upgrading dracut enables the ecb module to work. The ecb kernel module is needed by the drbg kernel module when using the Advanced Encryption Standard (AES) implementation on non-x86 architectures. If you do not upgrade dracut, the drbg AES implementation fails with a warning message, although other drbg modules still work. (BZ#1315832)

Chapter 18. Networking

The radvd occasionally terminates unexpectedly due to a race condition

In the Router Advertisement Daemon (radvd), there is a race condition in radvd timer handling. Consequently, the radvd occasionally terminates unexpectedly. (BZ#1058698)

The keyingtries libreswan option set to 0 is mistakenly interpreted as 1

The default value of keyingtries is 0 which means 'retry forever'. Due to this bug, if a temporary problem occurs during an active negotiation, the connection will not be attempted more than once.
To work around this problem, set the keyingtries option to a sufficiently large number. (BZ#1289498)

Chapter 19. Servers and Services

Printing a PDF file upside down with cups is currently impossible

In the CUPS printing system, the -o orientation-requested=6 option in the lp -d [printer] -o orientation-requested=6 [filename] command, which is expected to rotate the printed page by 180°, does not work. (BZ#1099617)

Printing PDF files using the fit-to-page and fitplot options does not work on printers with hardware margins

In the CUPS printing system, the lp -d printer-with-hwmargins -o fit-to-page and lp -d printer-with-hwmargins -o fitplot commands use the -o fit-to-page and -o fitplot options which resize the document to be printed so that it fits the paper size. The options do not work for printing PDF files on printers with hardware margins. (BZ#1268131)

DHCP client sends unicast requests through the incorrect interface

DHCP client does not support multiple interfaces on the same subnet and it is not able to ensure that unicast requests go through the right interface. Consequently, DHCP client fails to renew a lease, and network configuration stops working. There is no known workaround at this point. DHCP client cannot be used in configuration with two interfaces connected to the same subnet. (BZ#1297445)

Chapter 20. System and Subscription Management

ReaR works only on the eth0 interface

ReaR produces a rescue system that does not support mounting an NFS server using an interface other than eth0. Consequently, the backup files cannot be downloaded and the system cannot be restored. To work around this problem, ensure that the used interface is eth0 by restarting dhclient. (BZ#1313417)

ReaR creates two ISO images instead of one

In ReaR, the OUTPUT_URL directive enables specifying location for the ISO image containing the rescue system. Currently, with this directive set, ReaR creates two copies of the ISO image: one in the specified directory and one in the /var/lib/rear/output/ default directory. This requires additional space for the image. This is especially important if a full-system backup is included into the ISO image (using the BACKUP=NETFS and BACKUP_URL=iso:///backup/ configuration).
To work around this behavior, delete the extra ISO image once ReaR has finished working or, to avoid having a period of time with double storage consumption, create the image in the default directory and then move it to the desired location manually.
There is a request for enhancement to change this behavior and make ReaR create only one copy of the ISO image. (BZ#1320551)

Some Italian text is missing from subscription-manager

Due to some missing translations in the subscription-manager tool, when using subscription-manager in Italian, some messages will appear in English. (BZ#1318404)

Chapter 21. Virtualization

Coolkey does not load on Windows 7 guests

Loading the Coolkey module on Windows 7 guest virtual machines currently fails, which prevents smart card redirection from working properly on these guests. (BZ#1331471)

Disabling vCPUs on Hyper-V guests fails

Currently, it is not possible to disable CPUs on guest virtual machines running on Microsoft Hyper-V, including Microsoft Azure cloud, due to the lack of support from the host side. However, it is possible to reduce the number of online CPUs by booting guests with the nr_cpus=XX parameter passed on the kernel command line, where XX is the number of online CPUs required.
For more information, see https://access.redhat.com/solutions/2790331. (BZ#1396336)

Hot plugging hard disks as a batch on the ESX hypervisor does not work reliably

When hot plugging multiple hard disks at the same time to a Red Hat Enterprise Linux 6 guest virtual machine running on the VMWare Elastic Sky X (ESX) hypervisor, the host currently does not inform the guest about all of the added disks, and some of the disks thus cannot be used. To work around this problem, hot plug one hard disk at a time in the described scenario. (BZ#1224673)

Guests cannot access floppy disks larger than 1.44 MB

Guest virtual machines are currently unable to access floppy drive images larger than 1.44 MB if they are inserted while the guest is running. To work around the problem, insert the floppy drive image prior to booting the guest. (BZ#1209362)

Hyper-V guest integration services stop working after they are disabled and re-enabled

Currently, Red Hat Enterprise Linux 6 guest virtual machines running on the Microsoft Hyper-V hypervisor do not automatically restart the hyperv-daemons suite after Hyper-V guest integration services, such as data exchange and backup, are disabled and then re-enabled. As a consequence, these integration services stop working after they are disabled and re-enabled in the Hyper-V Manager interface.
To work around this problem, restart the hypervkvpd, hypervvssd, and hypervfcopyd services in the guest after re-enabling the integration services from Hyper-V Manager, or do not change the status of the integration services while the guest is running. (BZ#1121888)

Booting virtual machines with the fsgsbase and smep flags on older host CPUs fails

The fsgsbase and smep CPU flags are not properly emulated on certain older CPU models, such as the early Intel Xeon E processors. As a consequence, using fsgsbase or smep when booting a guest virtual machine on a host with such a CPU causes the boot to fail. To work around this problem, do not use fsgsbase and smep if the CPU does not support them. (BZ#1371765)

Appendix A. Component Versions

This appendix is a list of components and their versions in the Red Hat Enterprise Linux 6.9 Beta release.

Table A.1. Component Versions

Component
Version
Kernel
2.6.32-680
QLogic qla2xxx driver
8.07.00.26.06.8-k
QLogic ql2xxx firmware
ql2100-firmware-1.19.38-3.1
ql2200-firmware-2.02.08-3.1
ql23xx-firmware-3.03.27-3.1
ql2400-firmware-7.03.00-1
ql2500-firmware-7.03.00-1
Emulex lpfc driver
0:11.0.0.5
iSCSI initiator utils
iscsi-initiator-utils-6.2.0.873-25
DM-Multipath
device-mapper-multipath-0.4.9-99
LVM
lvm2-2.02.143-11

Appendix B. Revision History

Revision History
Revision 0.0-5Tue Jan 17 2017Lenka Špačková
Added multiple Known Issues and New Features.
Revision 0.0-4Thu Jan 05 2017Lenka Špačková
Release of the Red Hat Enterprise Linux 6.9 Beta Release Notes.