Chapter 5. Bug fixes

This part describes bugs fixed in Red Hat Enterprise Linux 9.0 Beta that have a significant impact on users.

5.1. Installer and image creation

The automatic partitioning can be scheduled in Anaconda

Previously, during automatic partitioning on LVM type disks, the installer tried to create a partition for an LVM PV on each selected disk. If these disks already had partitioning layout, the schedule of the automatic partitioning could have failed with the error message.

With this update, the problem has been fixed. Now you can schedule the automatic partitioning in the installer.


RHEL installer failed to start when InfiniBand network interfaces were configured using installer boot options

Previously, when you configured InfiniBand network interfaces at an early stage of RHEL installation using installer boot options (for example, downloaded installer image using PXE server), the installer failed to activate the network interfaces.

This issue occured because the RHEL NetworkManager failed to recognize the network interfaces in InfiniBand mode, and instead configured Ethernet connections for the interfaces.

As a result, connection activation failed, and if the connectivity over the InfiniBand interface was required at an early stage, RHEL installer failed to start the installation.

With this release, the installer successfully activates the InfiniBand network interfaces that you configure at an early stage of RHEL installation using installer boot options, and the installation completes successfully.


Configuring a wireless network using Anaconda GUI is fixed

Previously, configuring the wireless network while using Anaconda graphical user interface (GUI) caused the installation to crash.

With this update, the problem has been fixed. You can configure the wireless network during the installation while using Anaconda GUI.


Anaconda now shows a dialog for ldl or unformatted DASD disks in text mode

Previously, during an installation in text mode, Anaconda failed to show a dialog for Linux disk layout (ldl) or unformatted Direct-Access Storage Device (DASD) disks. As a result, users were unable to utilize those disks for the installation.

With this update, in text mode Anaconda recognizes ldl and unformatted DASD disks and shows a dialog where users can format them properly for the future utilization for the installation.


5.2. Subscription management

virt-who now works correctly with Hyper-V hosts

Previously, when using virt-who to set up RHEL 9 virtual machines (VMs) on a Hyper-V hypervisor, virt-who did not properly communicate with the hypervisor, and the setup failed. This was because of a deprecated encryption method in the openssl package.

With this update, the virt-who authentication mode for Hyper-V has been modified, and setting up RHEL 9 VMs on Hyper-V using virt-who now works correctly. Note that this also requires the hypervisor to use basic authentication mode. To enable this mode, use the following commands:

winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'


5.3. Shells and command-line tools

openCryptoki rebased to version 3.16.0

The openCryptoki package has been upgraded to version 3.16.0. Notable bug fixes and enhancements include:

  • Improved the protected-key option and support for the attribute-bound keys in EP11 core processor.
  • Improved the import and export of secure key objects in the cycle-count-accurate (CCA) processor.


opal-prd rebased to version 6.7.1

The opal-prd package has been upgraded to version 6.7.1. Notable bug fixes and enhancements include:

  • Fixed xscom error logging issues caused due to xscom OPAL call.
  • Fixed possible deadlock with the DEBUG build.
  • Fallback to full_reboot if fast-reboot fails in core/platform.
  • Fixed next_ungarded_primary in core/cpu.
  • Improved rate limit timer requests and the timer state in Self-Boot Engine (SBE).


lsvpd rebased to version 1.7.22

The lsvpd package has been upgraded to version 1.7.22. Notable bug fixes and enhancements include:

  • Added the UUID property in sysvpd.
  • Improved the NVMe firmware version.
  • Fixed PCI device manufacturer parsing logic.
  • Added recommends clause to the lsvpd configuration file.


Red Hat Enterprise Linux 9 delivers an up-to-date modulemd-tools package

Previously, it was not possible to upgrade the modulemd-tools package from RHEL version 8 to version 9. The package is now upgraded to a new upstream version 0.9


libservicelog rebased to version 1.1.19

libservicelog has been upgraded to version 1.1.19. Notable bug fixes and enhancements include:

  • Fixed output alignment issue.
  • Fixed segfault on servicelog_open() failure.


5.4. Security

kdump no longer crashes due to SELinux permissions

The kdump crash recovery service requires additional SELinux permissions to start correctly. In previous versions, therefore, SELinux prevented kdump from working, kdump reported that it is not operational, and Access Vector Cache (AVC) denials were audited. In this version, the required permissions were added to selinux-policy and as a result, kdump works correctly and no AVC denial is audited.


The usbguard-selinux package is no longer dependent on usbguard

Previously, the usbguard-selinux package was dependent on the usbguard package. This, in combination with other dependencies of these packages, led to file conflicts when installing usbguard. As a consequence, this prevented the installation of usbguard on certain systems. With this version, usbguard-selinux no longer depends on usbguard, and as a result, yum can install usbguard correctly.


dnf install and dnf update now work with fapolicyd in SELinux

The fapolicyd-selinux package, which contains SELinux rules for fapolicyd, did not contain permissions to watch all files and directories. As a consequence, the fapolicyd-dnf-plugin did not work correctly, causing any dnf install and dnf update commands to make the system stop responding indefinitely. In this version, the permissions to watch any file type were added to fapolicyd-selinux. As a result, the fapolicyd-dnf-plugin works correctly and the commands dnf install and dnf update are operational.


5.5. Networking

Wifi and 802.1x Ethernet connections profiles are now connecting properly

Previously, many Wifi and 802.1x Ethernet connections profiles were not able to connect. This bug is now fixed. All the profiles are now connecting properly. Profiles that use legacy cryptographic algorithms still work but you need to manually enable the OpenSSL legacy provider. This is required, for example, when you use DES with MS-CHAPv2 and RC4 with TKIP.


5.6. Kernel

The makedumpfile utility now works as expected on a 52-bit virtual address on a 64-bit ARM architecture

Previously, the makedumpfile utility failed to create dump files on a 52-bit kernel virtual address on a 64-bit ARM architecture. As a consequence, the capture kernel failed to generate the vmcore image in the event of a kernel crash.

This update fixes the problem. As a result, makedumpfile can now generate vmcore files on a 52-bit virtual address on a 64-bit ARM architecture.


5.7. High availability and clusters

Pacemaker attribute manager correctly determines remote node attributes, preventing unfencing loops

Previously, Pacemaker’s controller on a node might be elected the Designated Controller (DC) before its attribute manager learned an already-active remote node is remote. When this occurred, the node’s scheduler would not see any of the remote node’s node attributes. If the cluster used unfencing, this could result in an unfencing loop. With the fix, the attribute manager can now learn a remote node is remote by means of additional events, including the initial attribute sync at start-up. As a result, no unfencing loop occurs, regardless of which node is elected DC.


5.8. Compilers and development tools

-Wsequence-point warning behavior fixed

Previously, when the -Wsequence-point warning option tried to warn about very long expressions, it could cause quadratic behavior and therefore significantly longer compilation time. With this update, -Wsequence-point doesn’t attempt to warn about extremely large expressions and as a result, doesn’t increase compilation time.


5.9. Identity Management

Running sudo commands no longer exports the KRB5CCNAME environment variable

Previously, after running sudo commands, the environment variable KRB5CCNAME pointed to the Kerberos credential cache of the original user, which might not be accessible to the target user. As a result Kerberos related operations might fail as this cache is not accessible. With this update, running sudo commands no longer sets the KRB5CCNAME environment variable and the target user can use their default Kerberos credential cache.


SSSD correctly evaluates the default setting for the Kerberos keytab name in /etc/krb5.conf

Previously, if you defined a non-standard location for your krb5.keytab file, SSSD did not use this location and used the default /etc/krb5.keytab location instead. As a result, when you tried to log into the system, the login failed as the /etc/krb5.keytab contained no entries.

With this update, SSSD now evaluates the default_keytab_name variable in the /etc/krb5.conf and uses the location specified by this variable. SSSD only uses the default /etc/krb5.keytab location if the default_keytab_name variable is not set.


5.10. Red Hat Enterprise Linux System Roles

Postfix role README no longer uses plain role name

Previously, the examples provided in the /usr/share/ansible/roles/rhel-system-roles.postfix/ used the plain version of the role name, postfix, instead of using rhel-system-roles.postfix. Consequently, users would consult the documentation and incorrectly use the plain role name instead of Full Qualified Role Name (FQRN). This update fixes the issue, and the documentation contains examples with the FQRN, rhel-system-roles.postfix, enabling users to correctly write playbooks.


Postfix RHEL System Role no longer missing variables under the "Role Variables" section

Previously, the Postfix RHEL system role variables, such as postfix_check, postfix_backup, postfix_backup_multiple were not available under the "Role Variables" section. Consequently, users were not able to consult the Postfix role documentation. This update adds role variable documentation to the Postfix README section. The role variables are documented and available for users in the doc/usr/share/doc/rhel-system-roles/postfix/ documentation provided by rhel-system-roles.


Role tasks no longer change when running the same output

Previously, several of the role tasks would report as CHANGED when running the same input once again, even if there were no changes. Consequently, the role was not acting idempotent. To fix the issue, perform the following actions:

  • Check if configuration variables change before applying them. You can use the option --check for this verification.
  • Do not add a Last Modified: $date header to the configuration file.

As a result, the role tasks are idempotent.