Chapter 7. Bug fixes
This part describes bugs fixed in Red Hat Enterprise Linux 8.4 that have a significant impact on users.
7.1. Installer and image creation
Anaconda now shows a dialog for
ldl or unformatted DASD disks in text mode
Previously, during an installation in text mode, Anaconda failed to show a dialog for Linux disk layout (
ldl) or unformatted Direct-Access Storage Device (DASD) disks. As a result, users were unable to utilize those disks for the installation.
With this update, in text mode Anaconda recognizes
ldl and unformatted DASD disks and shows a dialog where users can format them properly for the future utilization for the installation.
RHEL installer failed to start when InfiniBand network interfaces were configured using installer boot options
Previously, when you configured InfiniBand network interfaces at an early stage of RHEL installation using installer boot options (for example, downloaded installer image using PXE server), the installer failed to activate the network interfaces.
This issue occured because the RHEL NetworkManager failed to recognize the network interfaces in InfiniBand mode, and instead configured Ethernet connections for the interfaces.
As a result, connection activation failed, and if the connectivity over the InfiniBand interface was required at an early stage, RHEL installer failed to start the installation.
With this release, the installer successfully activates the InfiniBand network interfaces that you configure at an early stage of RHEL installation using installer boot options, and the installation completes successfully.
The automatic partitioning can be scheduled in Anaconda
Previously, during automatic partitioning on LVM type disks, the installer tried to create a partition for an LVM PV on each selected disk. If these disks already had partitioning layout, the schedule of the automatic partitioning could have failed with the error message.
With this update, the problem has been fixed. Now you can schedule the automatic partitioning in the installer.
Configuring a wireless network using Anaconda GUI is fixed
Previously, configuring the wireless network while using Anaconda graphical user interface (GUI) caused the installation to crash.
With this update, the problem has been fixed. You can configure the wireless network during the installation while using Anaconda GUI.
7.2. Software management
-M parameters are now supported for the
%autopatch rpm macro
With this update, the
-m (min) and
-M (max) parameters have been added to the
%autopatch macro to apply only a range of patches with given parameters.
popt rebased to version 1.18
popt packages have been upgraded to the upstream version 1.18, which provides the following notable changes over the previous version:
- Overall codebase cleanup and modernization.
Failing to drop privileges on the
alias execcommand has been fixed.
- Various bugs, including resource leaks, have been fixed.
7.3. Shells and command-line tools
snmpbulkget now provides valid output for a non-existing PID
snmpbulkget command did not provide valid output for a non-existing PID. Consequently, this command would fail with the output as no results found.
With this update,
snmpbulkget provides valid output for a non-existing PID.
CRON command now sends an email as per the trigger conditions.
Previously, when the Relax-and-Recover (
ReaR) utility was configured incorrectly, the
CRON command triggered an error message that was sent to the administrator through an email. Consequently, the administrator would receive emails even if the configuration was not performed for
With this update, the
CRON command is modified and sends an email as per the trigger conditions.
Using NetBackup version 8.2 as the backup mechanism in
ReaR now works.
Previously, when using NetBackup as a backup method, the Relax-and-Recover (
ReaR) utility did not start the
vxpbx_exchanged service in the rescue system. Consequently, restoring the data from the backup in the rescue system with NetBackup 8.2 failed with the following error messages logged on the NetBackup server:
Error bpbrm (pid=…) cannot execute cmd on client
Info tar (pid=…) done. status: 25: cannot connect on socket
Error bpbrm (pid=…) client restore EXIT STATUS 25: cannot connect on socket
With this update,
ReaR adds the
vxpbx_exchanged service and related required files to the rescue system, and starts the service when the rescue system launches.
libvpd rebased to version 2.2.8.
Notable changes include:
Improved performance of
vpdupdateby making the
ReaR utility now restores system using
LUKS2 encrypted partition
Previously, when at least one
LUKS2 encrypted partition was present on the system to backup with Relax-and-Recover (
Rear) utility, the user was not informed that ReaR does not support
LUKS2 encrypted partition. Consequently, the
ReaR utility was unable to recreate the original state of the system during the restore phase.
With this update, support of basic
LUKS2 configuration, error checking, and improved output has been added to the
ReaR utility. The
ReaR utility now restores systems using basic
LUKS2 encrypted partitions or notifies users in the opposite case.
Texlive now correctly works with
Poppler utility underwent an update for API changes. Consequently, due to these API changes the
Texlive build did not function. With this update, the
Texlive build now functions correctly with the new
7.4. Infrastructure services
RPZ now works with wildcard characters
dns_rpz_find_name function in the
lib/dns/rpz.c file did not consider wildcard characters when a record for the same suffix was present. Consequently, some records containing wildcard characters were ignored. With this update, the
dns_rpz_find_name function has been fixed and it now considers wildcard characters.
Improved padding for
pkcs11 token label had extra padding for some smart cards. As a consequence, the wrong padding could cause issues matching cards based on the label attribute. With this update, the padding is fixed for all the cards and defined PKCS #11 URIs and matching against them in application should work as expected.
sealert connection issue handling
Previously, a crash of the
setroubleshoot daemon could cause the
sealert process to stop responding. Consequently, the GUI did not show any analysis and also became unresponsive, the command line tool did not print any output and kept running until killed. This update improves handling of connection issues between
sealert reports an error message and exits in case the
setroubleshoot daemon crashes.
Optimized audit record analysis by
Previously, new features introduced in
setroubleshoot-3.3.23-1 had a negative impact on performance, which led to the AVC analysis being up to 8 times slower than before. This update provides optimizations that significantly reduce the AVC analysis times.
Fixed SELinux policy interface parser
Previously, the policy interface parser caused syntax error messages to appear when installing a custom policy that contained an
ifndef block in its interface file. This update improves the interface file parsing, and thus resolves this issue.
setfiles does not stop on labeling error
setfiles utility stopped whenever it failed to relabel a file. Consequently, mislabeled files were left in the target directory. With this update,
setfiles skips files it cannot relabel, and as a result,
setfiles processes all files in the target directory.
Rebuilds of the SELinux policy store are now more resistant to power failures
Previously, SELinux-policy rebuilds were not resistant to power failures due to write caching. Consequently, the SELinux policy store may become corrupted after a power failure during a policy rebuild. With this update, the
libsemanage library writes all pending modifications to metadata and cached file data to the file system that contains the policy store before using it. As a result, the policy store is now more resistant to power failures and other interruptions.
libselinux now determines the default context of SELinux users correctly
libselinux library failed to determine the default context of SELinux users on some systems, due to the use of the deprecated
security_compute_user() function. As a consequence, some system services were unavailable on systems with complex security policies. With this update,
libselinux no longer uses
security_compute_user() and determines the SELinux user’s default context properly, regardless of policy complexity.
rsync mode no longer fails due to SELinux
Previously, SELinux policy did not allow processes running under
rsync_t to set the value of the
security.trusted extended attribute. As a consequence, geo-replication in Red Hat Gluster Storage (RHGS) failed. This update includes the new SELinux boolean
rsync_sys_admin that allows the
rsync_t processes to set
security.trusted. As a result, if the
rsync_sys_admin boolean is enabled,
rsync can set the
security.trusted extended attribute and geo-replication no longer fails.
OpenSCAP can now scan systems with large numbers of files without running out of memory
Previously, when scanning systems with low RAM and large numbers of files, the OpenSCAP scanner sometimes caused the system to run out of memory. With this update, OpenSCAP scanner memory management has been improved. As a result, the scanner no longer runs out of memory on systems with low RAM when scanning large numbers of files, for example package groups
Server with GUI and
CIS-remediated systems with FAT no longer fail on boot
Previously, the Center for Internet Security (CIS) profile in the SCAP Security Guide (SSG) contained a rule which disabled loading of the kernel module responsible for access to FAT file systems. As a consequence, if SSG remediated this rule, the system could not access partitions formatted with FAT12, FAT16, and FAT32 file systems, including EFI System Partitions (ESP). This caused the systems to fail to boot. With this update, the rule has been removed from the profile. As a result, systems that use these file systems no longer fail to boot.
OVAL checks consider GPFS as remote
Previously, the OpenSCAP scanner did not identify mounted General Parallel File Systems (GPFS) as remote file systems (FS). As a consequence, OpenSCAP scanned GPFS even for OVAL checks that applied only to local systems. This sometimes caused the scanner to run out of resources and fail to complete the scan. With this update, GPFS has been included in the list of remote FS. As a result, OVAL checks correctly consider GPFS as a remote FS, and the scans are faster.
fapolicyd-selinux SELinux policy now covers all file types
fapolicyd-selinux SELinux policy did not cover all file types. Consequently, the
fapolicyd service could not access files located on non-monitored locations such as
sysfs. With this update, the
fapolicyd service covers and analyzes all file system types.
fapolicyd no longer prevents RHEL updates
When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the
(deleted) suffix. Previously, the
fapolicyd file access policy daemon treated such applications as untrusted. As a consequence,
fapolicyd prevented these applications from opening and executing any other files. With this update,
fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result,
fapolicyd enforces the rules correctly and the update process can finish.
USBGuard rebased to 1.0.0-1
usbguard packages have been rebased to the upstream version 1.0.0-1. This update provides improvements and bug fixes, most notably:
- Stable public API ensures backwards compatibility.
Rule files inside the
rules.ddirectory now load in alphanumeric order.
- Some use cases when the policy of multiple devices could not be changed by a single rule have been fixed.
- Filtering rules by their labels no longer produces errors.
USBGuard now can send Audit messages
As part of service hardening, the capabilities of
usbguard.service were limited while the
CAP_AUDIT_WRITE capability was missing. As a consequence,
usbguard running as a system service could not send Audit events. With this update, the service configuration has been updated, and as a result, USBGuard can send Audit messages.
tangd now handles invalid requests correctly
tangd daemon returned an error exit code for some invalid requests. As a consequence,
tangd.socket@.service failed, which in turn might have caused problems if the number of such failed units increased. With this update,
tangd exits with an error code only when the
tangd server itself is facing problems. As a result,
tangd handles invalid requests correctly.
iptables rule set from RHEL 7 to RHEL 8 with rules involving
ipset lookups no longer fails
ipset counters were updated only if all the additional constraints match while referring to an
ipset command with enabled counters from an
iptables rule set. Consequently, the rules involving
ipset lookups, e.g.
-m set --match-set xxx src --bytes-gt 100 will never get chance to match, because the member’s counter of
ipset will not be added up. With this update, migrating an
iptables rule set with rules involving
ipset lookups works as expected.
iptraf-ng no longer exposes raw memory content
Previously, when setting
%p in a filter in
iptraf-ng, the application displayed raw memory content in the status bar. Consequently, inessential information was getting displayed. With this update, the
iptraf-ng processes do not show any raw memory content on the status bar at the bottom.
Network access is now available when using DHCP in the Anaconda
ip boot option
The initial RAM disk (
initrd) uses NetworkManager to manage networking. Previously, the
dracut NetworkManager module provided by the RHEL 8.3 ISO file incorrectly assumed that the first field of the
ip option in the Anaconda boot options was always set. As a consequence, if you used DHCP and set
ip=::::<host_name>::dhcp, NetworkManager did not retrieve an IP address, and the network was not available in Anaconda. This problem has been fixed. As a result, the Anaconda
ip boot option works as expected when you use the RHEL 8.4 ISO to install a host in the mentioned scenario.
Unloading XDP programs no longer fails on Netronome network cards that use the
nfp driver for Netronome network cards contained a bug. As a consequence, unloading eXpress Data Path (XDP) programs failed if you used such a card and loaded the XDP program using the
IFLA_XDP_EXPECTED_FD feature with the
XDP_FLAGS_REPLACE flag. For example, this affected XDP programs that were loaded using the
libxdp library. This bug has been fixed. As a result, unloading an XDP program from Netronome network cards works as expected.
NetworkManager now tries to retrieve the host name using DHCP and reverse DNS lookups on all interfaces
Previously, if the host name was not set in the
/etc/hostname file, NetworkManager tried to obtain the host name using DHCP or a reverse DNS lookup only through the interface with the default route with the lowest metric value. As a consequence, it was not possible to automatically assign a host name on networks without a default route. This update changes the behavior, and NetworkManager now first tries to retrieve the host name using the default route interface. If this process fails, NetworkManager tries other available interfaces. As a result, NetworkManager tries to retrieve the host name using DHCP and reverse DNS lookups on all interfaces if it is not set in
To configure that NetworkManager uses the old behavior:
/etc/NetworkManager/conf.d/10-hostname.conffile with the following content:
# systemctl reload NetworkManager
The kernel no longer returns false positive warnings on IBM Z systems
Previously, IBM Z systems on RHEL 8 were missing an allowed entry for the
ZONE_DMA memory zone to allow user access. Consequently, the kernel returned false positive warnings such as:
... Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'dma-kmalloc-192' (offset 0, size 144)! WARNING: CPU: 0 PID: 8519 at mm/usercopy.c:83 usercopy_warn+0xac/0xd8 ...
The warnings appeared when accessing certain system information through the
sysfs interface. For example, by running the
This update adds a flag in the Direct Memory Access (DMA) buffer, so that user space applications can access the buffer.
As a result, no warning messages are displayed in the described scenario.
RHEL systems boot as expected from the
tboot GRUB entry
tboot utility of version 1.9.12-2 caused some RHEL systems with Trusted Platform Module (TPM) 2.0 enabled to fail to boot in legacy mode. As a consequence, the system halted when it attempted to boot from the
tboot Grand Unified Bootloader (GRUB) entry. With a new version of RHEL 8 and the update of the
tboot utility, the problem has been fixed and RHEL systems boot as expected.
The kernel successfully reclaims memory in heavy-workload container scenarios
When a volume was constrained for I/O and memory within a container, the kernel code responsible for reclaiming memory experienced soft-lockup due to a data race condition. Data race is a phenomenon that happens if:
- At least two CPU threads try to modify the same set of data simultaneously.
- At least one of these CPU threads tries to do a write operation on the dataset.
Based on the exact timing of each thread to modify the dataset, the result can be A, B, or AB (indeterminate).
When a container was under memory pressure, the situation likely led to multiple Out of Memory (OOM) kills, causing the container locking up and becoming unresponsive. In this release, the RHEL kernel code for locking and optimization has been updated. As a result, the kernel no longer becomes unresponsive, and the data does not become subject to race conditions.
RHEL 8 with offline memory no longer causes kernel panics
Previously, when running RHEL 8 with memory that was initiated but marked as offline, the kernel in some cases attempted to access uninitialized memory pages. As a consequence, a kernel panic occurred. This update fixes the kernel mechanism for idle page tracking, which prevents the problem from occurring.
The NUMA systems no longer experience unexpected memory layout
S390 architectures experienced unexpected memory layouts on NUMA systems due to missing of the
CONFIG_NODES_SPAN_OTHER_NODES option. As a consequence, the memory regions from different NUMA nodes intersected and the intersecting memory regions from low NUMA nodes were added into the high NUMA.
With this update, the NUMA systems no longer experience the memory layouts issue.
The rngd service no longer busy-waits on poll() system call
A new kernel entropy source for FIPS mode was added for kernels, starting with version 4.18.0-193.10. Consequently, the
rngd service busy-waited on the
poll() system call for the
/dev/random device. This situation caused consumption of 100% of CPU time, when a system was in a FIPS mode. With this update, in FIPS mode, a
poll() handler for the
/dev/random device has been changed from a default one to a handler developed especially for the
/dev/random device. As a result, the
rngd service no longer busy-waits on
poll() in the described scenario.
HRTICK support for SCHED_DEADLINE scheduler is enabled
Previously, the feature for high resolution system timers (
HRTICK) was not armed for certain tasks configured with the
SCHED_DEADLINE policy. Consequently, the throttling mechanism for these tasks using the
SCHED_DEADLINE scheduler, consumed all the runtime configured for those tasks. This behavior caused an unexpected latency spike in the real-time environment.
This update enables the
HRTICK feature, which provides high resolution preemption.
HRTICK uses a high resolution timer, which enforces the throttling mechanism when a task completes its runtime. As a result, this problem no longer occurs in the described scenario.
tpm2-abrmd rebased to version 184.108.40.206
tpm2-abrmd package has been upgraded to version 220.127.116.11, which provides multiple bug fixes. Notable changes include:
- Fixed the usage of transient handles
- Fixed partial reads in TPM Command Transmission Interface (TCTI)
- Refactored the access broker
cxgb4 driver no longer causes crash in the
kdump kernel would crash while trying to save information in the
vmcore file. Consequently, the
cxgb4 driver prevented the
kdump kernel from saving a core for later analysis. To work around this problem, add the
novmcoredd parameter to the
kdump kernel command line to allow saving core files.
With the release of the RHSA-2020:1769 advisory, the
kdump kernel handles this situation properly and no longer crashes.
7.8. File systems and storage
Accessing SMB targets no longer fail with
Previously, mounting a DFS namespace on a RHEL SMB client with the
cifsacl mount option was inaccessible and a listing failed with an
EREMOTE error. This update fixes the kernel to account for
EREMOTE, and thus makes the SMB share accessible.
Performance improvements for NFS
Previously, a process on a NFS client listing a directory could take a long time to complete the listing, with possibility to never complete. With this update, the NFS client directory listing performance is improved in the following scenarios:
- Listing of large directories with 100,000 or more files.
- Listing of directories that are being modified.
7.9. High availability and clusters
Default token timeout value in
corosync.conf file increased from 1 second to 3 seconds
Previously, the TOTEM token timeout value in the
corosync.conf file was set to 1 second. This short timeout makes the cluster react quickly but in the case of network delays it may result in premature failover. The default value is now set to 3 seconds to provide a better trade-off between quick response and broader applicability. For information on modifying the token timeout value, see How to change totem token timeout value in a RHEL 5, 6, 7, or 8 High Availability cluster?
7.10. Dynamic programming languages, web and database servers
An in-place upgrade is now possible when
perl-Time-HiRes is installed
perl-Time-HiRes package distributed in RHEL 8 was missing an epoch number that was included in the RHEL 7 version of the package. As a consequence, it was impossible to perform an in-place upgrade from RHEL 7 to RHEL 8 when
perl-Time-HiRes was installed. The missing epoch number has been added, and the in-place upgrade no longer fails when
perl-Time-HiRes is installed.
7.11. Compilers and development tools
glibc DNS stub resolver correctly processes parallel queries with identical transaction IDs
Prior to this update, the DNS stub resolver in the GNU C library
glibc did not process responses to parallel queries with identical transaction IDs correctly. Consequently, when the transaction IDs were equal, the second parallel response was never matched to a query, resulting in a timeout and retry.
With this update, the second parallel response is now recognized as valid. As a result, the
glibc DNS stub resolver avoids excessive timeouts due to unrecognized responses.
Reading configuration files with
fgetsgent_r() is now more robust
Specifically structured entries in the
/etc/gshadow file, or changes in file sizes while reading, sometimes caused the
fgetsgent_r() functions to return invalid pointers. Consequently, applications that used these functions to read
/etc/gshadow, or other configuration files in
/etc/, failed with a segmentation fault error. This update modifies
fgetsgent_r() to make reading of configuration files more robust. As a result, applications are now able to read configuration files successfully.
glibc string functions now avoid negative impact on system cache on AMD64 and Intel 64 processors
glibc implementation of string functions incorrectly estimated the amount of last-level cache available to a thread on the 64-bit AMD and Intel processors. As a consequence, calling the
memcpy function on large buffers either negatively impacted the overall cache performance of the system or slowed down the
memcpy system call.
With this update, the last-level cache size is no longer scaled with the number of reported hardware threads in the system. As a result, the string functions now bypass caches for large buffers, avoiding negative impact on the rest of the system cache.
glibc dynamic loader now avoids certain failures of
Previously, when the
libc.so.6 shared object ran as a main program (for example, to display the
glibc version information), the
glibc dynamic loader did not order relocation of
libc.so.6 correctly in relation to the objects loaded using the
LD_PRELOAD environment variable. Consequently, when
LD_PRELOAD was set, invoking
libc.so.6 sometimes caused
libc.so.6 to terminate unexpectedly with a segmentation fault. This update fixes the bug, and the dynamic loader now correctly handles the relocation of
libc.so.6. As a result, the described problem no longer occurs.
glibc dynamic linker now restricts part of the static thread-local storage space to static TLS allocations
glibc dynamic linker used all available static thread-local storage (TLS) space for dynamic TLS, on a first come, first served basis. Consequently, loading additional shared objects at run time using the
dlopen function sometimes failed, because dynamic TLS allocations had already consumed all available static TLS space. This problem occurred particularly on the 64-bit ARM architecture and IBM Power Systems.
Now, the dynamic linker restricts part of the static TLS area to static TLS allocations and does not use this space for dynamic TLS optimizations. As a result,
dlopen calls succeed in more cases with the default setting. Applications that require more allocated static TLS than the default setting allows can use a new
glibc dynamic linker now disables lazy binding for the 64-bit ARM variant calling convention
glibc dynamic linker did not disable lazy binding for functions using the 64-bit ARM (AArch64) variant calling convention. As a consequence, the dynamic linker corrupted arguments in such function calls, leading to incorrect results or process failures. With this update, the dynamic linker now disables lazy binding in the described scenario, and the function arguments are passed correctly.
gcc rebased to version 8.4
The GNU Compiler Collection (GCC) has been rebased to upstream version 8.4, which provides a number of bug fixes over the previous version.
7.12. Identity Management
wide links feature has been converted to a VFS module
wide links parameter was part of the
smbd service’s core functionality. Enabling this feature is insecure and, therefore, has been moved into a separate virtual file system (VFS) module named
widelinks. For backward compatibility, Samba in RHEL 8.4 automatically loads this module for shares that have
wide links = yes set in their configuration.
Important: Red Hat recommends not to use the insecure
wide links feature. Instead, use a
bind mount to mount a part of the file hierarchy to a directory that you shared in Samba. For details about configuring a bind mount, see the
Bind mount operation section in the
mount(8) man page.
To switch from a configuration that uses
wide links to
For every symbolic link that links outside of a share, replace the link with a
bind mount. For details, see the
Bind mount operationsection in the
wide links = yesentries from the
# smbcontrol all reload-config
Network connection idle timeouts are no longer reported as resource errors
Previously, Directory Server reported a misleading error that a resource was temporarily unavailable when an idle network connection timed out. With this update, the error macro for network connection idle timeouts has been changed from
ETIMEDOUT, and an accurate error message describing a timeout is written to the Directory Server access logs.
Certificates issued by PKI ACME Responder connected to PKI CA no longer fail OCSP validation
Previously, the default ACME certificate profile provided by PKI CA contained a sample OCSP URL that did not point to an actual OCSP service. As a consequence, if PKI ACME Responder was configured to use a PKI CA issuer, the certificates issued by the responder could fail OCSP validation. This update removes hard-coded URLs in the ACME certificate profile and adds an upgrade script to fix the profile configuration file in case you did not customize it.
7.13. Graphics infrastructures
Display backlight now works reliably on recent Intel laptops
Certain recent laptops with Intel CPUs require a proprietary interface to control display backlight. Previously, RHEL did not support the proprietary interface, and attempted to use the VESA interface, which was unreliable on the laptops. As a consequence, RHEL could not control display backlight on those laptops.
With this update, RHEL adds support for the proprietary backlight interface, and as a result, display control now works as expected.
7.14. Red Hat Enterprise Linux System Roles
tests_luks.yml no longer cause partition case fail with NVME disk
Previously, NVME disks used a different partition naming convention than the one used by
virtio/scsi and the Storage role did not reflect it. As a consequence, running the Storage role with NVME disks resulted in a crash. With this fix, the Storage RHEL System Role now obtains the partition name from the
selinux RHEL System Role no longer uses variable named
Previously, some tasks in the
selinux RHEL System Role were incorrectly using a variable named
present instead of using the string
present. As a consequence, the
selinux RHEL System Role returned an error informing that there is no variable named
present. This update fixes this issue, changing those tasks to use the string
present. As a result, the
selinux RHEL System Role works as expected, with no error message.
Logging output no longer fails when the
rsyslog-gnutls package is missing
rsyslog-gnutls package is required when the
logging RHEL System Role is configured to provide secure remote input and secure forward output. Previously, thel
rsyslog-gnutls package was changed to install unconditionally in the previous version. As a consequence, when the
rsyslog-gnutls package was not available on the managed nodes, the
logging role configuration failed, even if the secure remote input and secure forward output were not included as part of the configuration. This update fixes the issue by examining if the secure connection is configured and checking the global
logging_pki_files variable. The
rsyslog-gnutls package is installed only when the secure connection is configured. As a result, the operation to configure Red Hat Enterprise Virtualization Hypervisor to integrate
elasticsearch as the logging output no longer fails with the missing
Connecting to the RHEL 8 guest console on a Windows Server 2019 host is no longer slowed down
Previously, when using RHEL 8 as a guest operating system in multi-user mode on a Windows Server 2019 host, connecting to a console output of the guest currently took significantly longer than expected. This update improves the performance of VRAM on the Hyper-V hypervisor, which fixes the problem.
Displaying multiple monitors of virtual machines that use Wayland is now possible with QXL
Previously, using the
remote-viewer utility to display more than one monitor of a virtual machine (VM) that was using the Wayland display server caused the VM to become unresponsive and the Waiting for display status message to be displayed indefinitely. The underlying code has been fixed, which prevents the described problem from occurring.
7.16. RHEL in cloud environments
GPU-optimized Azure instances now work correctly after hibernation
When running RHEL 8 as a guest operating system on a Microsoft Azure instance with GPU-optmized virtual machine (VM) size, such as NV6, resuming the VM from hibernation previously caused the VM’s GPU to work incorrectly. When this occurred, the kernel logged the following message:
hv_irq_unmask() failed: 0x5
With this update, the impacted VMs on Microsoft Azure handle their GPUs correctly after resuming, which prevents the problem from occurring.
TX/RX packet counters increase as intended after virtual machines resume from hibernation
TX/RX packet counters stopped increasing when a RHEL 8 virtual machine using a CX4 VF NIC resumed from hibernation on Microsoft Azure. This update resolves the issue, and the packet counters increase as intended.
RHEL 8 virtual machines no longer fail to resume from hibernation on Azure
Previously, the GUID of the virtual function (VF),
vmbus device, changed when a RHEL 8 virtual machine (VM), with
SR-IOV enabled, was hibernated and deallocated on Microsoft Azure. Consequently, when the VM was restarted, it failed to resume and terminated unexpectedly. With this update, the
vmbus device VF no longer changes, and the VM resumes from hibernation successfully.
Removed a redundant error message in Hyper-V and KVM guests
Previously, when a RHEL 8 guest operating system was running in a KVM or Hyper-V virtual machine, the following error message was reported in the
serial8250: too much work for irq4
This was a redundant error message and has now been removed.
For more information on the problem, see the Red Hat Knowledgebase solution.
podman system connection add automatically set the default connection
podman system connection add command did not automatically set the first connection to be the default connection. As a consequence, you must manually run the
podman system connection default <connection_name> command to set the default connection. With this update, the
podman system connection add command works as expected.
podman run --pid=host works in a rootless mode
Previously, running the
podman run --pid=host command as a rootless user did not work. Consequently, an OCI permission error occurred:
$ podman run --rm --pid=host quay.io/libpod/testimage:20200929 cat -v /proc/self/attr/current Error: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: readonly path /proc/bus: operation not permitted: OCI permission denied
With this update, the problem has been fixed.