Chapter 1. Overview

Installer and image creation

Users can now disable modules during a Kickstart installation.

See Section 6.1.1, “Installer and image creation” for further details.

Red Hat Enterprise Linux System Roles

A new storage role has been added to RHEL System Roles.

See Section 6.1.17, “Red Hat Enterprise Linux System Roles” for details.

Infrastructure services

RHEL 8.1 introduces a new routing protocol stack, FRR, which replaces Quagga that was used on previous versions of RHEL. FRR provides TCP/IP-based routing services with support for multiple IPv4 and IPv6 routing protocols.

The Tuned system tuning tool has been rebased to version 2.12, which adds support for negation of CPU list.

The chrony suite has been rebased to version 3.5, which adds support for more accurate synchronization of the system clock with hardware timestamping in RHEL 8.1 kernel.

For more information, see Section 6.1.4, “Infrastructure services”.

Security

RHEL 8.1 introduces a new tool for generating SELinux policies for containers: udica. With udica, you can create a tailored security policy for better control of how a container accesses host system resources, such as storage, devices, and network. This enables you to harden your container deployments against security violations and it also simplifies achieving and maintaining regulatory compliance.

The fapolicyd software framework introduces a form of application whitelisting and blacklisting based on a user-defined policy. The RHEL 8.1 application whitelisting feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.

A security compliance suite, OpenSCAP, now supports SCAP 1.3 data streams and provides improved reports.

See Section 6.1.5, “Security” for more information.

Kernel

Live patching for the kernel, kpatch, is now available, which enables you to consume Critical and Important CVEs fixes without the need to reboot your system.

Extended Berkeley Packet Filter (eBPF) is an in-kernel virtual machine that allows code execution in the kernel space. eBPF is utilized by a number of components in RHEL. In RHEL 8.1, the BPF Compiler Collection (BCC) tools package is fully supported on the AMD and Intel 64-bit architectures, and available as a Technology Preview for other architectures. In addition, the bpftrace tracing language and the eXpress Data Path (XDP) feature are available as a Technology Preview.

For more information, see Section 6.1.7, “Kernel” and Section 6.5.2, “Kernel”.

File systems and storage

The LUKS version 2 (LUKS2) format now supports re-encrypting block devices while the devices are in use.

See Section 6.1.9, “File systems and storage” for more information.

Dynamic programming languages, web and database servers

Later versions of the following components are now available as new module streams:

  • PHP 7.3
  • Ruby 2.6
  • Node.js 12
  • nginx 1.16

See Section 6.1.11, “Dynamic programming languages, web and database servers” for details.

Compiler toolsets

RHEL 8.1 introduces a new compiler toolset, GCC Toolset 9, an Application Stream packaged as a Software Collection, which provides recent versions of development tools.

In addition, the following compiler toolsets have been upgraded:

  • LLVM 8.0.1
  • Rust Toolset 1.37
  • Go Toolset 1.12.8

See Section 6.1.12, “Compilers and development tools” for more information.

Identity Management

Identity Management introduces a new command-line tool - Healthcheck. Healthcheck helps users find issues that may impact the fitness of their IdM environments.

See Section 6.1.13, “Identity Management” for details.

Identity Management now supports Ansible roles and modules for installation and management. This update makes installation and configuration of IdM-based solutions easier.

See Section 6.1.13, “Identity Management” for more information.

Desktop

Workspace switcher in the GNOME Classic environment has been modified. The switcher is now located in the right part of the bottom bar, and it is designed as a horizontal strip of thumbnails. Switching between workspaces is possible by clicking on the required thumbnail. For more information,see Section 6.1.14, “Desktop”.

The Direct Rendering Manager (DRM) kernel graphics subsystem has been rebased to upstream Linux kernel version 5.1. This version provides a number of enhancements over the previous version, including support for new GPUs and APUs, and various driver updates. See Section 6.1.14, “Desktop” for further details.

In-place upgrade from RHEL 7 to RHEL 8

The following major enhancements have been introduced:

  • Support for an in-place upgrade on the following architectures has been added: 64-bit ARM, IBM POWER (little endian), IBM Z.
  • It is now possible to perform a pre-upgrade system assessment in the web console and apply automated remediations using the new cockpit-leapp plug-in.
  • The /var or /usr directories can now be mounted on a separate partition.
  • UEFI is now supported.
  • Leapp now upgrades packages from the Supplementary repository.

For information about supported upgrade paths, see Supported in-place upgrade paths for Red Hat Enterprise Linux. For instructions on how to perform an in-place upgrade, see Upgrading from RHEL 7 to RHEL 8.

If you are using CentOS Linux 7 or Oracle Linux 7, you can convert your operating system to RHEL 7 using the convert2rhel utility prior to upgrading to RHEL 8. For instructions, see Converting from an RPM-based Linux distribution to RHEL.

Additional resources

Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: