SELinux security labels are now supported on the OverlayFS file system
With this update, the OverlayFS file system now supports SELinux security labels. When using Docker containers with the OverlayFS storage driver, you no longer have to configure Docker to disable SELinux support for the containers. (BZ#1297929
NFSoRDMA server is now fully supported
autofs now supports the browse options of
amd format maps
The browse functionality of sun format maps makes available automount points visible in directory listings of mounted automount-managed mounts and is now also available for
amd format maps.
You can now add mount point sections to the
autofs configuration for
amd format mounts, in the same way automount points are configured in
amd, without the need to also add a corresponding entry to the master map. As a result, you can avoid having incompatible master map entries in the
autofs master map within shared multi-vendor environments.
browsable_dirs option can be used in either the
[ amd ] configuration section, or following
amd mount point sections. The
utimeout map options of amd type
auto map entries can also be used.
Note that the
option can be set only to
To make searching logs easier,
autofs now provides identifiers of mount request log entries
For busy sites, it can be difficult to identify log entries for specific mount attempts when examining mount problems. The entries are often mixed with other concurrent mount requests and activities if the log recorded a lot of activity. Now, you can quickly filter entries for specific mount requests if you enable adding a mount request log identifier to mount request log entries in the
autofs configuration. The new logging is turned off by default and is controlled by the
use_mount_request_log_id option, as described in the
autofs.conf file. (BZ#1382093)
GFS2 on IBM z Systems is now supported in SSI environments
Starting with Red Hat Enterprise Linux 7.4, GFS2 on IBM z Systems (Resilient Storage on the
add-on) is supported in z/VM Single System Image (SSI) environments, with multiple central electronics complexes (CECs). This allows the cluster to stay up even when logical partitions (LPARs) or CECs are restarted. Live migration is not supported due to the real-time requirements of High Availability (HA) clustering. The maximum node limit of 4 nodes on IBM z Systems still applies. For information on configuring high availability and resilient storage for IBM z systems, see https://access.redhat.com/articles/1543363
gfs2-utils rebased to version 3.1.10
The gfs2-utils packages have been upgraded to upstream version 3.1.10, which provides a number of bug fixes and enhancements over the previous version. Notably, this update provides:
various checking and performance improvements of the
better handling of odd block device geometry in the
gfs2_edit savemeta leaf chain block handling bug fixes.
handling UUIDs by the
libuuid library instead of custom functions.
--enable-gprof configuration option for profiling.
documentation improvements. (BZ#1413684)
FUSE now supports
This update provides the
SEEK_DATA features for the Filesystem in Userspace (FUSE)
lseek system call. Now, you can use FUSE
lseek to adjust the offset of the file to the next location in the file that contains data, with
SEEK_DATA, or a hole, with
NFS server now supports limited copy-offload
The NFS server-side copy feature now allows the NFS client to copy file data between two files that reside on the same file system on the same NFS server without the need to transmit data back and forth over the network through the NFS client. Note that the NFS protocol also allows copies between different file systems or servers, but the Red Hat Enterprise Linux implementation currently does not support such operations. (BZ#1356122)
SELinux is supported for use with GFS2 file systems
NFSoRDMA client and server now support Kerberos authentication
This update adds Kerberos authentication support for NFS over RDMA (NFSoRDMA) client and server to allow you to use krb5, krb5i, and krb5p authentication with NFSoRDMA features. You can now use Kerberos with NFSoRDMA for secure authentication of each Remote Procedure Call (RPC) transaction. Note that you need version 1.3.0-0.36 or higher of the nfs-utils package to be installed to use Kerberos with NFSoRDMA. (BZ#1401797)
rpc.idmapd now supports obtaining NFSv4 ID Domains from DNS
The NFS domain name that is used in the ID mapping can now be retrieved from DNS. If the
Domain variable is not set in the
/etc/idmapd.conf file, DNS is queried to search for the
_nfsv4idmapdomain Text record. If a value is found, it is used as the NFS domain. (BZ#980925)
NFSv4.1 is now the default NFS mount protocol
Prior to this update, NFSv4.0 was the default NFS mount protocol. NFSv4.1 provides significant feature improvements over NFSv4.0, such as sessions, pNFS, parallel OPENs, and session trunking. With this update, NFSv4.1 is the default NFS mount protocol.
If you have already specified the mount protocol minor version, this update causes no change in behavior. This update causes a change in behavior if you have specified NFSv4 without a specific minor version, provided the server supports NFSv4.1. If the server only supports NFSv4.0, the mount remains a NFSv4.0 mount. You can retain the original behavior by specifying
0 as the minor version:
nfs-utils configuration options has been centralized in
With this update,
nfs-utils uses configuration centralized in the
nfs.conf file, which is structured into stanzas for each
nfs-utils program. Each
nfs-utils program can read the configuration directly from the file, so you no longer need to use the
systemctl restart nfs-config.service command, but restart only the specific program. For more information, see the
nfs.conf(5) manual page.
For compatibility with earlier releases, the older
configuration method is still available. However, it is recommended to avoid specifying configuration settings in both the
Locking performance for NFSv4.1 mounts has been improved for certain workloads
NFSv4 clients poll the server at an interval to obtain a lock under contention. As a result, the locking performance for contented locks for NFSv4 is slower than the performance of NFSv3.
The CB_NOTIFY_LOCK operation has been added to the NFS client and server, so NFSv4.1 and later allow servers to call back to clients waiting on a lock.
This update improves the locking performance for contented locks on NFSv4.1 mounts for certain workloads. Note that the performance might not improve for longer lock contention times. (BZ#1377710)