Chapter 33. Servers and Services

The named service now binds to all interfaces

With this update, BIND is able to react to situations when a new IP address is added to an interface. If the new address is allowed by the configuration, BIND will automatically start to listen on that interface. (BZ#1294506)

Fix for tomcat-digest to generate password hashes

When using the tomcat-digest utility to create an SHA hash of Tomcat passwords, the command terminated unexpectedly with the ClassNotFoundException Java exception. A patch has been provided to fix this bug and tomcat-digest now generates password hashes as expected. (BZ#1240279)

Tomcat can now use shell expansion in configuration files within the new conf.d directory

Previously, the /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf files were loaded without shell expansion, causing the application to terminate unexpectedly. This update provides a mechanism for using shell expansion in the Tomcat configuration files by adding a new configuration directory, /etc/tomcat/conf.d. Any files placed in the new directory may now include shell variables. (BZ#1221896)

Fix for the tomcat-jsvc service unit to create two independent Tomcat servers

When trying to start multiple independent Tomcat servers, the second server failed to start due to the jsvc service returning an error. This update fixes the jsvc systemd service unit as well as the handling of the TOMCAT_USER variable. (BZ#1201409)

The dbus-daemon service no longer becomes unresponsive due to leaking file descriptors

Previously, the dbus-daemon service incorrectly handled multiple messages containing file descriptors if they were received in a short time period. As a consequence, dbus-daemon leaked file descriptors and became unresponsive. A patch has been applied to correctly handle multiple file descriptors from different messages inside dbus-daemon. As a result, dbus-daemon closes and passes file descriptors correctly and no longer becomes unresponsive in the described situation. (BZ#1325870)

Update for marking tomcat-admin-webapps package configration files

Previously, the tomcat-admin-webapps web.xml files were not marked as the configuration files. Consequently, upgrading the tomcat-admin-webapps package overwrote the /usr/share/tomcat/webapps/host-manager/WEB-INF/web.xml and /usr/share/tomcat/webapps/manager/WEB-INF/web.xml files, causing custom user configuration to be automatically removed. This update fixes classification of these files, thus preventing this problem. (BZ#1208402)

Ghostcript no longer hangs when converting a PDF file to PNG

Previously, when converting a PDF file into a PNG file, Ghostscript could become unresponsive. This bug has been fixed, and the conversion time is now proportional to the size of the PDF file being converted. (BZ#1302121)

The named-chroot service now starts correctly

Due to a regression, the -t /var/named/chroot option was omitted in the named-chroot.service file. As a consequence, if the /etc/named.conf file was missing, the named-chroot service failed to start. Additionally, if different named.conf files existed in the /etc/ and /var/named/chroot/etc/ directories, the named-checkconf utility incorrectly checked the one in the changed-root directory when the service was started. With this update, the option in the service file has been added and the named-chroot service now works correctly. (BZ#1278082)

AT-SPI2 driver added to brltty

The Assistive Technology Service Provider Interface driver version 2 (AT-SPI2) has been added to the brltty daemon. AT-SPI2 enables using brltty with, for example, the GNOME Accessibility Toolkit. (BZ#1324672)

A new --ignore-missing option for tuned-adm verify

The --ignore-missing command-line option has been added to the tuned-adm verify command. This command verifies whether a Tuned profile has been successfully applied, and displays differences between the requested Tuned profile and the current system settings. The --ignore-missing parameter causes tuned-adm verify to silently skip features that are not supported on the system, thus preventing the described errors. (BZ#1243807)

The new modules Tuned plug-in

The modules plug-in allows Tuned to load and reload kernel modules with parameters specified in the the settings of the Tuned profiles. (BZ#1249618)

The number of inotify user watches increased to 65536

To allow for more pods on an Red Hat Enterprise Linux Atomic host, the number of inotify user watches has been increased by a factor of 8 to 65536. (BZ#1322001)

Timer migration for realtime Tuned profile has been disabled

Previously, the realtime Tuned profile that is included in the tuned-profiles-realtime package set the value of the kernel.timer_migration variable to 1. As a consequence, realtime applications could be negatively affected. This update disables the timer migration in the realtime profile. (BZ#1323283)

rcu-nocbs no longer missing from kernel boot parameters

Previously, the rcu_nocbs kernel parameter was not set in the realtime-virtual-host and realtime-virtual-guest tuned profiles. With this update, rcu-nocbs is set as expected. (BZ#1334479)

The global limit on how much time realtime scheduling may use has been removed in realtime Tuned profile

Prior to this update, the Tuned utility configuration for the kernel.sched_rt_runtime_us sysctl variable in the realtime profile included in the tuned-profiles-realtime package was incorrect. As a consequence, creating a virtual machine instance caused an error due to incompatible scheduling time. Now, the value of kernel.sched_rt_runtime_us is set to -1 (no limit), and the described problem no longer occurs. (BZ#1346715)

sapconf now detects the NTP configuration properly

Previously, the sapconf utility did not check whether the host system was configured to use the Network Time Protocol (NTP). As a consequence, even when NTP was configured, sapconf displayed the following error:
3: NTP Service should be configured and started
With this update, sapconf properly checks for the NTP configuration, and the described problem no longer occurs. (BZ#1228550)

sapconf lists default packages correctly

Prior to this update, the sapconf utility passed an incorrect parameter to the repoquery utility, which caused sapconf not to list the default packages in package groups. The bug has been fixed, and sapconf now lists default packages as expected. (BZ#1235608)

The logrotate utility now saves status to the /var/lib/logrotate/ directory

Previously, the logrotate utility saved status to the /var/lib/logrotate.status file. Consequently, logrotate did not work on systems where /var/lib was a read-only file system. With this update, the status file has been moved to the new /var/lib/logrotate/ directory, which can be mounted with write permissions. As a result, logrotate now works on systems where /var/lib is a read-only file system. (BZ#1272236)

Support for printing to an SMB printer using Kerberos using cups

With this update, the cups package creates the symbolic link /usr/lib/cups/backend/smb referring to the /usr/libexec/samba/cups_backend_smb file. The symbolic link is used by the smb_krb5_wrapper utility to print to an server message block (SMB)-shared printer using Kerberos authentication. (BZ#1302055)

Newly installed tomcat package has a correct shell pointing to /sbin/nologin

Previously, the postinstall script set the Tomcat shell to /bin/nologin, which does not exist. Consequently, users failed to get a helpful message about the login access denial when attempting to log in as Tomcat user. This bug has been fixed, and the postinstall script now corectly sets the Tomcat shell to /sbin/nologin. (BZ#1277197)