Chapter 3. New Features

This chapter documents new features and major enhancements introduced in Red Hat Enterprise Linux 7.9.

3.1. Authentication and Interoperability

The Certificate Profiles extension no longer has a maximum number of policies per certificate

Previously, administrators could not add more than 20 policies to a certificate because of a hardcoded limit within the Certificate Profiles extension. This update removes the restriction, so you can add an unlimited number of policies to a certificate. In addition, the extension requires at least one policy, otherwise the pkiconsole interface shows an error. If you modify the profile, the extension creates one empty policy. For example:

Identifier: Certificate Policies: -
            Critical: no
            Certificate Policies:


SSSD rebased to version 1.16.5

The sssd packages have been upgraded to upstream version 1.16.5, which provides a number of bug fixes and enhancements over the previous version.


3.2. Clustering

pacemaker rebased to version 1.1.23

The Pacemaker cluster resource manager has been upgraded to upstream version 1.1.23, which provides a number of bug fixes.


3.3. Compiler and Tools

The per-thread metrics is now available for historical analysis

Optionally, enable logging of the per-thread and per-process performance metric values in the Performance Co-Pilot (PCP) using the pcp-zeroconf package and pmieconf utility. Previously, only the per-process metric values were logged by pmlogger through the pcp-zeroconf package, but some analysis situation also requires per-thread values. As a result, the per-thread metrics are now available for historical analysis, after executing the following command:

# pmieconf -c enable zeroconf.all_threads


3.4. Desktop

FreeRDP has been updated to 2.1.1

This release updates the FreeRDP implementation of the Remote Desktop Protocol (RDP) from version 2.0.0 to 2.1.1. FreeRDP 2.1.1 supports new RDP options for the current Microsoft Windows terminal server version and fixes several security issues.

For detailed information about FreeRDP 2.1.1, see the upstream release notes:


3.5. Kernel

Kernel version in RHEL 7.9

Red Hat Enterprise Linux 7.9 is distributed with the kernel version 3.10.0-1160.

See also Important Changes to External Kernel Parameters and Device Drivers.


EDAC driver support is now added to Intel ICX systems

This update adds the Error Detection and Correction (EDAC) driver to Intel ICX systems. As a result, memory errors can be detected on these systems and reported to the EDAC subsystem.


Intel® Omni-Path Architecture (OPA) Host Software

Intel® Omni-Path Architecture (OPA) host software is fully supported in Red Hat Enterprise Linux 7.9. Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.

For instructions on installing Intel Omni-Path Architecture documentation, see:


The Mellanox ConnectX-6 Dx network adapter is now fully supported

This enhancement adds the PCI IDs of the Mellanox ConnectX-6 Dx network adapter to the mlx5_core driver. On hosts that use this adapter, RHEL loads the mlx5_core driver automatically. This feature, previously available as a technology preview, is now fully supported in RHEL 7.9.


3.6. Real-Time Kernel

The kernel-rt source tree now matches the latest RHEL 7 tree

The kernel-rt sources have been updated to use the latest RHEL kernel source tree, which provides a number of bug fixes and enhancements over the previous version.


3.7. Red Hat Enterprise Linux System Roles

rhel-system-roles updated

The rhel-system-roles package has been updated to provide multiple bug fixes and enhancements. Notable changes include:

  • Support for 802.1X authentication with EAP-TLS was added for the network RHEL System Role when using the NetworkManager provider. As a result, now customers can configure their machines to use 802.1X authentication with EAP-TLS using the network RHEL System Role instead of having to use the nmcli command-line utility.
  • The network RHEL System Role tries to modify a link or network attributes without disrupting the connectivity, when possible.
  • The logging in network module logs has been fixed so that informative messages are no longer printed as warnings, but as debugging information.
  • The network RHEL System Role now uses NetworkManagers capability to revert changes, if an error occurs, when applying the configuration to avoid partial changes.


3.8. Security

SCAP Security Guide now provides a profile aligned with the CIS RHEL 7 Benchmark v2.2.0

With this update, the scap-security-guide packages provide a profile aligned with the CIS Red Hat Enterprise Linux 7 Benchmark v2.2.0. The profile enables you to harden the configuration of the system using the guidelines by the Center for Internet Security (CIS). As a result, you can configure and automate compliance of your RHEL 7 systems with CIS by using the CIS Ansible Playbook and the CIS SCAP profile.

Note that the rpm_verify_permissions rule in the CIS profile does not work correctly. See the known issue description rpm_verify_permissions fails in the CIS profile.


SCAP Security Guide now correctly disables services

With this update, the SCAP Security Guide (SSG) profiles correctly disable and mask services that should not be started. This guarantees that disabled services are not inadvertently started as a dependency of another service. Before this change, the SSG profiles such as the U.S. Government Commercial Cloud Services (C2S) profile only disabled the service. As a result, services disabled by an SSG profile cannot be started unless you unmask them first.


3.9. Servers and Services

New package: compat-unixODBC234 for SAP

The new compat-unixODBC234 package provides version 2.3.4 of unixODBC, a framework that supports accessing databases through the ODBC protocol. This new package is available in the RHEL 7 for SAP Solutions sap-hana repository to enable streaming backup of an SAP HANA database using the SAP backint interface. For more information, see Overview of the Red Hat Enterprise Linux for SAP Solutions subscription.

The compat-unixODBC234 package conflicts with the base RHEL 7 unixODBC package. Therefore, uninstall unixODBC prior to installing compat-unixODBC234.

This package is also available for Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.6 Extended Update Support, and Red Hat Enterprise Linux 7.7 Extended Update Support through the RHEA-2020:2178 advisory.

See also The compat-unixODBC234 package for SAP requires a symlink to load the unixODBC library.


MariaDB rebased to version 5.5.68

With RHEL 7.9, the MariaDB database server has been updated to version 5.5.68. This release provides multiple security and bug fixes from the recent upstream maintenance releases.


3.10. Storage

Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

DIF/DIX is supported on configurations where the hardware vendor has qualified it and provides full support for the particular host bus adapter (HBA) and storage array configuration on RHEL.

DIF/DIX is not supported on the following configurations:

  • It is not supported for use on the boot device.
  • It is not supported on virtualized guests.
  • Red Hat does not support using the Automatic Storage Management library (ASMLib) when DIF/DIX is enabled.

DIF/DIX is enabled or disabled at the storage device, which involves various layers up to (and including) the application. The method for activating the DIF on storage devices is device-dependent.

For further information on the DIF/DIX feature, see What is DIF/DIX.


3.11. Atomic Host and Containers

Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers. See the Atomic Host and Containers Release Notes for the latest new features, known issues, and Technology Previews.

3.12. Red Hat Software Collections

Red Hat Software Collections is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures, the 64-bit ARM architecture, IBM Z, and IBM POWER, little endian. Certain components are available also for all supported releases of Red Hat Enterprise Linux 6 on AMD64 and Intel 64 architectures.

Red Hat Developer Toolset is designed for developers working on the Red Hat Enterprise Linux platform. It provides current versions of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools. Red Hat Developer Toolset is included as a separate Software Collection.

Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl utility, users can choose which package version they want to run at any time.


Red Hat Software Collections has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.

See the Red Hat Software Collections documentation for the components included in the set, system requirements, known problems, usage, and specifics of individual Software Collections.

See the Red Hat Developer Toolset documentation for more information about the components included in this Software Collection, installation, usage, known problems, and more.