Chapter 15. Servers and Services

Leftover dbus processes

Red Hat Enterprise Linux 7.5 adds a feature that enables users to launch dbus-using applications remotely, for example over SSH or over IBM Platform LSF.
However, when processes using dbus are launched remotely, dbus processes keep running even after the main process is closed, blocking the remote session and preventing it from terminating properly.
To work around this problem, follow the instructions at https://access.redhat.com/solutions/3257651. (BZ#1460262)

dbus rebased to version 1.10

The dbus packages have been upgraded to upstream version 1.10, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:
  • dbus-run-session is a new utility to run a dbus session bus for the runtime of a login session, making ssh sessions which start dbus-using applications more predictable and reliable. See man 1 dbus-run-session for more details.
  • Several memory and file descriptor leaks have been fixed. This improves the dbus-daemon memory usage and reliability.
  • The well-known system and session bus configuration files have been moved from /etc/dbus-1/ to the /usr/share/dbus-1/ directory. While the old location can still be used, it is deprecated (specifically, session.conf and system.conf are deprecated, but system administrator configuration snippets under session.d and system.d are permitted). (BZ#1480264)

tuned rebased to version 2.9.0

The tuned packages have been upgraded to upstream version 2.9.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following:
  • The net plug-in has been extended with the ring and pause parameters.
  • The concept of manually or automatically set profile has been introduced.
  • A directory for profile recommendation files is now supported. (BZ#1467576)

chrony rebased to version 3.2

The chrony packages have been upgraded to upstream version 3.2, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
  • Support for hardware timestamping with bonding, bridging, and other logical interfaces that aggregate ethernet interfaces
  • Support for transmit-only hardware timestamping with network cards that can timestamp only received Precision Time Protocol (PTP) packets but not Network Time Protocol (NTP) packets
  • Improved stability of synchronization with hardware timestamping and interleaved modes
  • An improved leapsectz option to automatically set the offset of the system clock between International Atomic Time (TAI) and Coordinated Universal Time (UTC) (BZ#1482565)

SNMP page counting can be now disabled in CUPS

The simple network management protocol (SNMP) page counting currently shows incorrect information for certain printers. With this update, the CUPS printing system supports turning off the SNMP page counting, which prevents the problem. To do so, add *cupsSNMPPages: False into the printer's postscript printer description (PPD) file.
The procedure for adding options into printer's PPD file is described in solution article at https://access.redhat.com/solutions/1427573 . (BZ#1434153)

CUPS can be set to use only ciphers from TLS version 1.2 or later

The CUPS printing system can now be set to use only ciphers from TLS version 1.2 or later. You can use the functionality by adding the option SSLOptions MinTLS1.2 into the /etc/cups/client.conf file for the CUPS client or into the /etc/cups/cupsd.conf file for the CUPS daemon. (BZ#1466497)

The squid packages now provide the kerberos_ldap_group helper

This update adds the kerberos_ldap_group external Access Control Lists (ACL) helper to the squid packages. The kerberos_ldap_group helper is a reference implementation that supports Simple Authentication and Security Layer (SASL) and Generic Security Services API (GSSAPI) authentication to an LDAP server, intended primarily to connect to Active Directory or OpenLDAP-based LDAP servers. (BZ#1452200)

OpenIPMI rebased to version 2.0.23

The OpenIPMI packages have been upgraded to version 2.0.23, which provides a number of bug fixes and enhancements. Among others:
  • It adds a command to set a duty cycle of the fans directly.
  • It adds a way to specify the state directory from the command line after the compilation time.
  • It changes the message map size to 32 bits so that it can handle a full 16-message window.
  • It adds support for the IPMI LAN Simulator commands. See the ipmi_sim_cmd(5) man page.
  • It adds support for the IPMI LAN Interface configuration file. See the ipmi_lan(5) man page. (BZ#1457805)

Overview of changes from freeIPMI 1.2.9 to freeIPMI 1.5.7

These are the most important changes:
- The ipmi-fru tool now supports the output of the DDR3 and DDR4 SDRAM modules and new FRU multirecords. - The new ipmi-config tool is a consolidated configuration tool implementing all the functionalities that were previously in the bmc-config, ipmi-pef-config, ipmi-sensors-config, and ipmi-chassis-config tools. - The ipmi-sel tool reads and manages the IPMI System Event Log records, which makes the tool useful for debugging the system.
A complete list of changes is available after the installation in the /usr/share/doc/freeipmi/NEWS file. (BZ#1435848)

A new clear_env option available in PHP FPM pool configuration

This update introduces a new clear_env option in PHP's FastCGI Process Manager (FPM) pool configuration. If the clear_env option is disabled, environment variables set when running the FPM daemon are preserved and available to scripts. By default, clear_env is enabled, preserving current behavior. (BZ#1410010)