Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 33. Servers and Services
The named
service now binds to all interfaces
With this update,
BIND
is able to react to situations when a new IP address is added to an interface. If the new address is allowed by the configuration, BIND
will automatically start to listen on that interface. (BZ#1294506)
Fix for tomcat-digest
to generate password hashes
When using the
tomcat-digest
utility to create an SHA hash of Tomcat passwords, the command terminated unexpectedly with the ClassNotFoundException
Java exception. A patch has been provided to fix this bug and tomcat-digest
now generates password hashes as expected. (BZ#1240279)
Tomcat can now use shell expansion in configuration files within the new conf.d
directory
Previously, the
/etc/sysconfig/tomcat
and /etc/tomcat/tomcat.conf
files were loaded without shell expansion, causing the application to terminate unexpectedly. This update provides a mechanism for using shell expansion in the Tomcat configuration files by adding a new configuration directory, /etc/tomcat/conf.d
. Any files placed in the new directory may now include shell variables. (BZ#1221896)
Fix for the tomcat-jsvc
service unit to create two independent Tomcat servers
When trying to start multiple independent Tomcat servers, the second server failed to start due to the jsvc service returning an error. This update fixes the
jsvc
systemd service unit as well as the handling of the TOMCAT_USER variable. (BZ#1201409)
The dbus-daemon
service no longer becomes unresponsive due to leaking file descriptors
Previously, the
dbus-daemon
service incorrectly handled multiple messages containing file descriptors if they were received in a short time period. As a consequence, dbus-daemon
leaked file descriptors and became unresponsive. A patch has been applied to correctly handle multiple file descriptors from different messages inside dbus-daemon
. As a result, dbus-daemon
closes and passes file descriptors correctly and no longer becomes unresponsive in the described situation. (BZ#1325870)
Update for marking tomcat-admin-webapps package configration files
Previously, the tomcat-admin-webapps
web.xml
files were not marked as the configuration files. Consequently, upgrading the tomcat-admin-webapps package overwrote the /usr/share/tomcat/webapps/host-manager/WEB-INF/web.xml
and /usr/share/tomcat/webapps/manager/WEB-INF/web.xml
files, causing custom user configuration to be automatically removed. This update fixes classification of these files, thus preventing this problem. (BZ#1208402)
Ghostcript no longer hangs when converting a PDF file to PNG
Previously, when converting a PDF file into a PNG file, Ghostscript could become unresponsive. This bug has been fixed, and the conversion time is now proportional to the size of the PDF file being converted. (BZ#1302121)
The named-chroot
service now starts correctly
Due to a regression, the
-t /var/named/chroot
option was omitted in the named-chroot.service
file. As a consequence, if the /etc/named.conf
file was missing, the named-chroot
service failed to start. Additionally, if different named.conf
files existed in the /etc/
and /var/named/chroot/etc/
directories, the named-checkconf
utility incorrectly checked the one in the changed-root directory when the service was started. With this update, the option in the service file has been added and the named-chroot
service now works correctly. (BZ#1278082)
AT-SPI2 driver added to brltty
The Assistive Technology Service Provider Interface driver version 2 (AT-SPI2) has been added to the
brltty
daemon. AT-SPI2 enables using brltty
with, for example, the GNOME Accessibility Toolkit. (BZ#1324672)
A new --ignore-missing
option for tuned-adm verify
The
--ignore-missing
command-line option has been added to the tuned-adm verify
command. This command verifies whether a Tuned profile has been successfully applied, and displays differences between the requested Tuned profile and the current system settings. The --ignore-missing
parameter causes tuned-adm verify
to silently skip features that are not supported on the system, thus preventing the described errors. (BZ#1243807)
The new modules
Tuned plug-in
The
modules
plug-in allows Tuned to load and reload kernel modules with parameters specified in the the settings of the Tuned profiles. (BZ#1249618)
The number of inotify
user watches increased to 65536
To allow for more pods on an Red Hat Enterprise Linux Atomic host, the number of
inotify
user watches has been increased by a factor of 8 to 65536. (BZ#1322001)
Timer migration for realtime Tuned profile has been disabled
Previously, the realtime Tuned profile that is included in the tuned-profiles-realtime package set the value of the
kernel.timer_migration
variable to 1. As a consequence, realtime applications could be negatively affected. This update disables the timer migration in the realtime profile. (BZ#1323283)
rcu-nocbs
no longer missing from kernel boot parameters
Previously, the
rcu_nocbs
kernel parameter was not set in the realtime-virtual-host
and realtime-virtual-guest
tuned profiles. With this update, rcu-nocbs
is set as expected. (BZ#1334479)
The global limit on how much time realtime scheduling may use has been removed in realtime Tuned profile
Prior to this update, the Tuned utility configuration for the
kernel.sched_rt_runtime_us
sysctl variable in the realtime profile included in the tuned-profiles-realtime package was incorrect. As a consequence, creating a virtual machine instance caused an error due to incompatible scheduling time. Now, the value of kernel.sched_rt_runtime_us
is set to -1
(no limit), and the described problem no longer occurs. (BZ#1346715)
sapconf
now detects the NTP configuration properly
Previously, the
sapconf
utility did not check whether the host system was configured to use the Network Time Protocol (NTP). As a consequence, even when NTP was configured, sapconf
displayed the following error:
3: NTP Service should be configured and started
With this update,
sapconf
properly checks for the NTP configuration, and the described problem no longer occurs. (BZ#1228550)
sapconf
lists default packages correctly
Prior to this update, the
sapconf
utility passed an incorrect parameter to the repoquery
utility, which caused sapconf
not to list the default packages in package groups. The bug has been fixed, and sapconf
now lists default packages as expected. (BZ#1235608)
The logrotate
utility now saves status to the /var/lib/logrotate/
directory
Previously, the
logrotate
utility saved status to the /var/lib/logrotate.status
file. Consequently, logrotate
did not work on systems where /var/lib
was a read-only file system. With this update, the status file has been moved to the new /var/lib/logrotate/
directory, which can be mounted with write permissions. As a result, logrotate
now works on systems where /var/lib
is a read-only file system. (BZ#1272236)
Support for printing to an SMB printer using Kerberos using cups
With this update, the cups package creates the symbolic link
/usr/lib/cups/backend/smb
referring to the /usr/libexec/samba/cups_backend_smb
file. The symbolic link is used by the smb_krb5_wrapper
utility to print to an server message block (SMB)-shared printer using Kerberos authentication. (BZ#1302055)
Newly installed tomcat package has a correct shell pointing to /sbin/nologin
Previously, the postinstall script set the Tomcat shell to
/bin/nologin
, which does not exist. Consequently, users failed to get a helpful message about the login access denial when attempting to log in as Tomcat user. This bug has been fixed, and the postinstall script now corectly sets the Tomcat shell to /sbin/nologin
. (BZ#1277197)