Chapter 33. Servers and Services

rear now correctly preserves Linux capabilities

Previously, rear did not preserve the Linux capabilities set on the original system during the backup phase. The recovered system was subsequently missing these capabilities. With this update, Linux capabilities are correctly preserved if the directive NETFS_RESTORE_CAPABILITIES is set to the y option in the /usr/share/rear/conf/default.conf configuration file. (BZ#1343119)

sblim-cmpi-fsvol no longer shows file systems mounted with DM as disabled

Previously, the sblim-cmpi-fsvol Common Information Model (CIM) provider could not identify the file systems (FS) that were mounted with the Device Mapper (DM) correctly. Consequently, when enumerating the CIM_UnixLocalFileSystem class instances, sblim-cmpi-fsvol showed some FS that were already mounted as disabled. With this update, sblim-cmpi-fsvol has been fixed to parse the output of the dmsetup command instead of parsing the output of the mount command for FS mounted with DM. As a result, sblim-cmpi-fsvol now shows the FS mounted with DM correctly. (BZ#1136116)

SPNEGO in Cyrus SASL is now compatible with Microsoft Windows

Prior to this update, the Red Hat Enterprise Linux implementation of Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) in Cyrus Simple Authentication and Security Layer (SASL) was not compatible with the Microsoft Windows counterpart. As a consequence, the Red Hat Enterprise Linux tools using the cyrus-sasl packages were not able to use SPNEGO when attempting to connect to Windows services. These tools were also not able to accept connections from Windows clients. The cyrus-sasl packages have been fixed, and SPNEGO in the Red Hat Enterprise Linux Cyrus SASL version is now compatible with the Microsoft Windows counterpart. (BZ#1421663)

Data are no longer lost when the MariaDB init script fails

Previously, if the MariaDB init script failed, it called rm -rf on the whole directory. This could consequently lead to a loss of data or even deletion of the mount point. With this update, several additional checking mechanisms have been added to the init script. Now, if the script fails, it removes only files newer than a timestamp generated prior to the critical file operations. In addition, a set of human-readable status reports and error messages have been added. (BZ#1356897)

ypbind no longer starts before access to the network is guaranteed

The ypbind service was set to start after the systemd target network.target. However, network.target does not guarantee the networking functionality required by ypbind. As a consequence, the ypbind service sometimes did not have access to the network when started during the boot process. The service file for ypbind has been changed to start ypbind after the target network-online.target, and ypbind is now guaranteed to have access to the network when started. (BZ#1382804)

Remote users' account settings are no longer reverted to default settings on restart due to ypbind

Because of wrong service starting order, ypbind did not start before all Name Service Switch (NSS) look-up operations had been completed. This caused the user's account settings file to revert to default settings on restart for users fulfilling all of the following conditions:
  • Using Gnome Display Manager auto-login
  • Using NIS authentication
  • Home directory located on NFS
The ypbind service file ordering has been fixed to make ypbind start before the user/group database is set up. The user's account settings file is now handled properly. (BZ#1217435)

yppasswd no longer crashes due to Network Information System security features used

The yppasswd client tried to use a wrong string as salt when checking passwords because it did not recognize the following situations:
  • The NIS server was configured to use the passwd.adjunct map
  • The variable MERGE_PASSWD=false was set in the NIS server's file /var/yp/Makefile
As a consequence, yppasswd failed with the following error message: crypt() failed. The yppasswd client has been fixed to recognize these situations and now delegates the checks to the yppasswdd daemon running on the server. (BZ#1401432)

Evince now displays PostScript files again

Due to a bug, the evince document viewer failed to display the content of PostScript files. A patch has been applied, and evince now displays PostScript files again. (BZ#1411725)

db_verify no longer causes libdb to run out of free mutexes

Previously, the libdb database did not correctly release all unused mutexes. When running the db_verify command on libdb database files multiple times, libdb quickly ran out of resources for mutex operations. Consequently, libdb exited with the error message:
Unable to allocate memory for mutex; resize mutex region
leaving the database in an inconsistent state. This bug has been fixed, libdb now correctly releases mutexes, and the described problem no longer occurs. (BZ#1277887)

ghostscript no longer becomes unresponsive in some situations

Under certain circumstances, the ghostscript application previously entered an infinite loop, became unresponsive, and caused excessive CPU load. This update fixes the underlying code, which prevents the described problem from occurring. (BZ#1424752)

Converting postscript to PDF no longer causes ps2pdf to terminate unexpectedly

Previously, converting a postscript file to PDF in some cases caused the ps2pdf utility to terminate unexpectedly with a segmentation fault. This bug has been fixed, and converting postscript to PDF no longer causes ps2pdf to crash. (BZ#1390847)

sapconf now works correctly with higher kernel.shmall and kernel.shmmax values

Previously, the kernel.shmall and kernel.shmmax values were increased by default displaying an error in the sapconf utility. Consequently, sapconf failed with the following error message:
integer expression expected
This update adds a new check which allows the high values of kernel.shmall and kernel.shmmax, and the described problem no longer occurs. (BZ#1391881)