Oracle Linux 7.4 发布了。改版本的更新领域主要涉及安全性的改进,以及对云和容器环境的支持的改进。
安全
Oracle Linux 7.4 通过几项新功能不断提升安全性,包括:
- UEFI Secure Boot
A system in Secure Boot mode loads only those boot loaders and kernels that have been signed by Oracle. Oracle has updated the kernel and grub2 packages to sign them with a valid Extended Validation (EV) certificate. The EV certificate has been compiled into the shim binary and has been signed by Microsoft.
- openSSH 现在使用 SHA-2
By default, the algorithm for public key signatures that is used in this release is SHA-2. SHA-1 is available for backward compatibility purposes only.
- Yum 添加新的 payload_gpgcheck 选项
Enhances security during installation. The new payload_gpgcheck option enables yum to perform a GNU Privacy Guard (GPG) signature check on the payload sections of packages. This capability provides enhanced security and integrity when installing packages.
- 新的 NBDE安全包
NBDE enables you to encrypt root volumes of hard drives on physical machines without requiring you to manually enter a password when the systems are rebooted.
- 新的 usbguard 包
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities that are based on device attributes.
云和容器的部署加强
Oracle Linux 7.4 不断加强客户的云和容器部署:
- Btrfs
Btrfs is the ideal filesystem for supporting containers in the cloud. We continue to support and enhance Btrfs in Oracle Linux 7 with Unbreakable Enterprise Kernel Release 4 allowing you to continue to use Btrfs for your container cloud deployments.
- 用户命名空间
Prevents container users from being able to gain the same privileges at the global level by allowing separation of the container namespace from the underlying operating system namespace.
- Spacewalk
Oracle Linux 7 Update 4 makes it even easier to install and add a system to Spacewalk by not requiring the spacewalk client to be installed before registering with the Spacewalk server.
性能提升
主要性能提升:
- 改进了操作系统的可扩展性和性能
Replaced ticket spin locks with queued spin locks which provide better scalability under contention and higher performance overall.
- 新增 http-parser 性能安装包
http-parser is designed for high performance web applications by eliminating buffering, system calls and allowing interrupts.
- 新增 libfastjson 安装包
libfastjson is a limited feature set JSON library that provides significantly improved performance, compared to json-c.
更多内容请查阅官网更新,下载地址:https://www.oracle.com/downloads/index.html
转自 http://www.oschina.net/news/88534/oracle-linux-7-4