Oracle Linux 7.4 was released. Updated versions of the main areas of change involves safety improvements, and support for improvements to the cloud and the container environment.
Oracle Linux 7.4 through several new features and improve security, including:
- UEFI Secure Boot
A system in Secure Boot mode loads only those boot loaders and kernels that have been signed by Oracle. Oracle has updated the kernel and grub2 packages to sign them with a valid Extended Validation (EV) certificate. The EV certificate has been compiled into the shim binary and has been signed by Microsoft.
- Now using the SHA-2 openSSH
By default, the algorithm for public key signatures that is used in this release is SHA-2. SHA-1 is available for backward compatibility purposes only.
- Yum add new payload_gpgcheck options
Enhances security during installation. The new payload_gpgcheck option enables yum to perform a GNU Privacy Guard (GPG) signature check on the payload sections of packages. This capability provides enhanced security and integrity when installing packages.
- The new security package NBDE
NBDE enables you to encrypt root volumes of hard drives on physical machines without requiring you to manually enter a password when the systems are rebooted.
- The new package usbguard
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities that are based on device attributes.
Strengthen the deployment of cloud and containers
Oracle Linux 7.4 and containers continue to strengthen cloud deployment customers:
Btrfs is the ideal filesystem for supporting containers in the cloud. We continue to support and enhance Btrfs in Oracle Linux 7 with Unbreakable Enterprise Kernel Release 4 allowing you to continue to use Btrfs for your container cloud deployments.
- User namespace
Prevents container users from being able to gain the same privileges at the global level by allowing separation of the container namespace from the underlying operating system namespace.
Oracle Linux 7 Update 4 makes it even easier to install and add a system to Spacewalk by not requiring the spacewalk client to be installed before registering with the Spacewalk server.
The main performance:
- Improved scalability and performance of the operating system
Replaced ticket spin locks with queued spin locks which provide better scalability under contention and higher performance overall.
- New http-parser performance installation package
http-parser is designed for high performance web applications by eliminating buffering, system calls and allowing interrupts.
- New libfastjson installation package
libfastjson is a limited feature set JSON library that provides significantly improved performance, compared to json-c.