Chapter 16. System and Subscription Management

New search-disabled-repos plug-in for yum

The search-disabled-repos plug-in for yum has been added to the subscription-manager packages. This plug-in allows users to successfully complete yum operations that fail due to the source repository being dependent on a disabled repository. When search-disabled-repos is installed in the described scenario, yum displays instructions to temporarily enable repositories that are currently disabled and to search for missing dependencies.
If you choose to follow the instructions and turn off the default notify_only behavior in the /etc/yum/pluginconf.d/search-disabled-repos.conf file, future yum operations will prompt you to temporarily or permanently enable all the disabled repositories needed to fulfill the yum transaction. (BZ#1268376)

Easier troubleshooting with yum

The yum utility is now able to identify certain frequently occurring errors and provides a link to a relevant Red Hat Knowledgebase article. This helps users identify typical problems and address their cause. (BZ#1248686)

New package: rear

Relax-and-Recover (rear) is a recovery and system migration utility. Written in bash, it allows you to use tools already present on your system to continuously create recovery images which can be saved locally or on a remote server, and to use these images to easily restore the system in case of software or hardware failure. The tool also supports integration with various external tools such as backup solutions ( Symantec NetBackup, duplicity, IBM TSM, etc.) and monitoring systems ( Nagios, Opsview).
The rear utility is available in base channels for all variants of Red Hat Enterprise Linux 6.8 on all architectures.
The utility produces a bootable image and restores from backup using this image. It also allows to restore to different hardware and can therefore be used as a migration utility as well. (BZ#981637)

iostat now supports separate statistics for r_await and w_await

The iostat tool now supports separate statistics for r_await (average time for read requests issued to the device to be served) and w_await (average time for write requests issued to the device to be served) in the Device Utilization Report. Use the -x option to obtain a report which includes this information. (BZ#1185057)

TLS 1.1 and 1.2 are now enabled by default in libcurl

Previously, versions 1.1 and 1.2 of the TLS protocol were disabled by default in libcurl. Users were required to explicitly enable these TLS versions in utilities based on libcurl in order to allow these utilities to securely communicate with servers that do not accept SSL 3.0 and TLS 1.0 connections. With this update, TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can, however, explicitly disable them using the libcurl API. (BZ#1289205)

libcurl can now connect to SCP and SFTP servers through a HTTP proxy

Implementations of the SCP and SFTP protocols in libcurl have been enhanced and now support tunneling through HTTP proxies. (BZ#1258566)

abrt can now exclude specific programs from being dumped

Previously, ignoring crashes of blacklisted programs in abrt did not prevent it from creating their core dumps - the dumps were still written to disk and then deleted. This approach allowed abrt to notify system administrators of a crash while not using disk space to store unneeded crash dumps. However, creating these dumps only to delete them later was unnecessarily wasting system resources. This update introduces a new configuration option IgnoredPaths in the /etc/abrt/plugins/CCpp.conf configuration file, which allows you to specify a comma-separated list of file system path globs which will not be dumped at all. (BZ#1208713)

User and group whitelisting added to abrt

Previously, abrt allowed all users to generate and collect core dumps, which could potentially enable any user to maliciously generate a large number of core dumps and waste system resources. This update adds a whitelisting functionality to abrt, and you can now only allow specific users or groups to generate core dumps. Use the new AllowedUsers = user1, user2, ... and AllowedGroups = group1, group2, ... options in the /etc/abrt/plugins/CCpp.conf configuration file to restrict core dump generation and collection to these users or groups, or leave these options empty to configure abrt to process core dumps for all users and groups. (BZ#1256705)

libvpd rebased to version 2.2.5

The libvpd packages have been upgraded to upstream version 2.2.5, which provides a number of bug fixes and enhancements over the previous version. Notably, this version includes:
  • Improved error handling
  • Security improvements such as fixing a potential buffer overflow and memory allocation validation (BZ#1148140)

libservicelog rebased to version 1.1.15

The libservicelog packages have been upgraded to upstream version 1.1.15, which provides a number of bug fixes and enhancements over the previous version. (BZ#1148141)

sysctl configuration files can now contain longer lines

Previously, sysctl configuration files could only contain lines up to 255 characters long. With this update, the maximum acceptable line length has been increased to 4095 characters. (BZ#1201024)

ps can now display thread cgroups

This update introduces a new format specifier thcgr, which can be used to display the cgroup of each listed thread. (BZ#1284076)

reporter-upload now allows configuring optional SSH keys

The reporter-upload tool, which is used by abrt to submit collected problem data, now allows you to use optional SSH key files. You can specify a key file using one of the following ways:
  • The SSHPublicKey and SSHPrivateKey options in the /etc/libreport/plugins/upload.conf configuration file.
  • Using -b and -r command line options for the public and private key, respectively.
  • Setting the Upload_SSHPublicKey and Upload_SSHPrivateKey environment variables, respectively.
If none of these options or variables are used, reporter-upload will attempt to use the default SSH key from the user's ~/.ssh/ directory. (BZ#1261120)