Mr Scott Lynn, product strategy director at Oracle Linux has announced public availability of Oracle Linux 7.4 for x86_64 servers. This is 4th update in Oracle Linux 7.x series and brings various updates in several key
areas, including Security, support for Cloud and Container environments,
and Performance.
For those who have never heard of Oracle Linux, it is a an enterprise driven operating system for cloud deployments. It is developed and tested for handling large workloads like Oracle database and other 3rd party applications on private and public clouds.
There has been multiple security, cloud and container support, performance and compatibility improvements in Oracle Linux 7.4 release. Repeating from original release announcement, these improvements includes:
For those who have never heard of Oracle Linux, it is a an enterprise driven operating system for cloud deployments. It is developed and tested for handling large workloads like Oracle database and other 3rd party applications on private and public clouds.
There has been multiple security, cloud and container support, performance and compatibility improvements in Oracle Linux 7.4 release. Repeating from original release announcement, these improvements includes:
For more details see original release announcement published by Oracle Linux team.Security
- UEFI Secure Boot
A system in Secure Boot mode loads only those boot loaders and kernels that have been signed by Oracle. Oracle has updated the kernel and grub2 packages to sign them with a valid Extended Validation (EV) certificate. The EV certificate has been compiled into the shim binary and has been signed by Microsoft.
- openSSH now uses SHA-2
By default, the algorithm for public key signatures that is used in this release is SHA-2. SHA-1 is available for backward compatibility purposes only.
- payload_gpgcheck option to yum
Enhances security during installation. The new payload_gpgcheck option enables yum to perform a GNU Privacy Guard (GPG) signature check on the payload sections of packages. This capability provides enhanced security and integrity when installing packages.
- New NBDE security packages
NBDE enables you to encrypt root volumes of hard drives on physical machines without requiring you to manually enter a password when the systems are rebooted.
- New usbguard package
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities that are based on device attributes.Cloud and container support
- Btrfs
Btrfs is the ideal filesystem for supporting containers in the cloud. We continue to support and enhance Btrfs in Oracle Linux 7 with Unbreakable Enterprise Kernel Release 4 allowing you to continue to use Btrfs for your container cloud deployments.
- User Namespace
Prevents container users from being able to gain the same privileges at the global level by allowing separation of the container namespace from the underlying operating system namespace.
- Spacewalk
Oracle Linux 7 Update 4 makes it even easier to install and add a system to Spacewalk by not requiring the spacewalk client to be installed before registering with the Spacewalk server.Performance
- Improved operating system scalability and performance
Replaced ticket spin locks with queued spin locks which provide better scalability under contention and higher performance overall.
- Addition of http-parser performance package
http-parser is designed for high performance web applications by eliminating buffering, system calls and allowing interrupts.
- Addition of libfastjson package
libfastjson is a limited feature set JSON library that provides significantly improved performance, compared to json-c.Compatibility
Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 4 (UEK R4) and no re-certifications are needed for RHEL certified applications.