Red Hat Enterprise Linux 9 can seamlessly be provisioned as a guest machine on a hypervisor such as KVM, and VMware, on a physical server, on the cloud, or run as a container built from Red Hat Universal Base Images (UBIs). Like its predecessor, RHEL 9 is available as part of the Red Hat Developer program subscription. This is a zero-cost offering of the Red Hat Developer program that is tailored for individual developers. It includes access to Red Hat Enterprise Linux and many of its products.
This announcement was made on 18th May 2022. The latest release is crafted to meet the needs of a hybrid cloud environment and can be readily deployed from the edge to the cloud.
Installer and image creation
Licensing, system, and user setting configuration screens have been disabled post standard installation
Previously, RHEL users were configuring Licensing, System (Subscription manager), and User Settings prior to gnome-initial-setup and login screens. With this update, the initial setup screens have been disabled by default to improve user experience.
If you must run the initial setup for user creation or license display, install the following packages based on the requirements.
- Install initial setup packages.
# dnf install initial-setup initial-setup-gui
- Enable initial setup while the next reboot of the system.
# systemctl enable initial-setup
- Reboot the system to view the initial setup.
For kickstart installations, add initial-setup-GUI to the packages section and enable the initial-setup service.
firstboot --enable %packages @^graphical-server-environment initial-setup-gui %end
RHEL 9 for Edge
RHEL for Edge now supports Greenboot built-in health checks by default
With this update, RHEL for Edge Greenboot now includes built-in health checks with a watchdog feature to ensure that the hardware does not hang or freeze while rebooting. With that, you can benefit from the following features:
- It makes it simple for watchdogs hardware users to adopt the built-in health checks
- A set of default health checks that provide value for built-in OS components
- The watchdog is now present as a default preset, which makes it easy to enable or disable this feature
- Ability to create custom health checks based on the already available health checks.
Merged system purpose commands under subscription-manager syspurpose
Previously, there were two different commands to set system purpose attributes; syspurpose and subscription-manager. To unify all the system purpose attributes under one module, all the addons, role, service-level, and usage commands from subscription-manager have been moved to the new submodule, subscription-manager syspurpose.
Existing subscription-manager commands outside the new submodule are deprecated. The separate package (python3-syspurpose) that provides the syspurpose command line tool has been removed in RHEL 9.
This update provides a consistent way to view, set, and update all system purpose attributes using a single command of subscription-manager; this replaces all the existing system purpose commands with their equivalent versions available as a new subcommand. For example, subscription-manager role –set SystemRole becomes subscription-manager syspurpose role –set SystemRole and so on.
For complete information about the new commands, options, and other attributes, see the SYSPURPOSE OPTIONS section in the subscription-manager man page.
Software management RHEL 9
RHEL 9 provides RPM 4.16
RHEL 9 is distributed with RPM version 4.16. Notable bug fixes and enhancements over version 4.14 include:
- New SPEC features, most notably:
- Fast macro-based dependency generators
%generate_buildrequiressection that allows for generating dynamic build dependencies
- Meta (unordered) dependencies
- Increased parallelism in package builds
- Native version comparison in expressions
- Caret version operator, opposite of tilde
- Optional automatic patch and source numbering
%autopatchnow accepts patch ranges
- Enforced UTF-8 validation of header data at build-time
- The rpm database is now based on the
sqlitelibrary. Read-only support for
BerkeleyDBdatabases has been retained for migration and query purposes.
- A new
rpm-plugin-auditplug-in for issuing audit log events on transactions, previously built into RPM itself
Shells and command-line tools
The bracketed paste is now enabled in bash by default
The bash readline library version 8.1 is now available, which enables bracketed paste mode by default. When you paste text to your terminal, bash highlights the text, and you must press enter to execute the pasted command. Bracketed paste mode is the default setting to avoid accidentally executing malicious commands.
To disable the bracketed paste mode for a specific user, add the following line to ~/.inputrc:
set enable-bracketed-paste off
To disable the bracketed paste mode for all users, add the following line to
set enable-bracketed-paste off
When you disable the bracketed paste mode, commands are directly executed on paste, and you do not need to confirm them by pressing enter.
s-nail replaces mailx
The s-nail mail processing system has replaced the mailx utility. The s-nail utility is compatible with mailx and adds numerous new features. The mailx package is no longer maintained in the upstream.
System-wide crypto-policies are now more secure
With this update, the system-wide cryptographic policies have been adjusted to provide up-to-date secure defaults:
- Disabled TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES, and FFDHE-1024 in all policies.
- Increased minimum RSA key size and minimum Diffie-Hellman parameter size in LEGACY.
- Disabled TLS and SSH algorithms using SHA-1, with an exception of SHA-1 usage in Hash-based Message Authentication Codes (HMACs).
If your scenario requires enabling some of the disabled algorithms and ciphers, use custom policies or subpolicies.
diag modules are now available in the kernel
diag modules are now included with the kernel image. With this update, the
diag modules no longer need to be dynamically loaded when the
ss command is used. This allows better debugging of networking issues regardless of the customer policy on kernel modules. Modules included in the kernel:
CONFIG_INET_DIAG CONFIG_INET_RAW_DIAG CONFIG_INET_TCP_DIAG CONFIG_INET_UDP_DIAG CONFIG_INET_MPTCP_DIAG CONFIG_NETLINK_DIAG CONFIG_PACKET_DIAG CONFIG_UNIX_DIAG
Kernel version in RHEL 9
Red Hat Enterprise Linux 9.0 is distributed with the kernel version 5.14.0-70.
Boot loader configuration files are unified across CPU architectures
Configuration files for the GRUB boot loader are now stored in the /boot/grub2/ directory on all supported CPU architectures. The /boot/efi/EFI/redhat/grub.cfg file, which GRUB previously used on UEFI systems, is now a symbolic link to the /boot/grub2/grub.cfg file.
This change simplifies the layout of the GRUB configuration file, improves user experience, and provides the following notable benefits:
- You can boot the same installation with either EFI or legacy BIOS.
- You can use the same documentation and commands for all architectures.
- GRUB configuration tools are more robust, because they no longer rely on symbolic links and they do not have to handle platform-specific cases.
- The usage of the GRUB configuration files is aligned with images generated by CoreOS Assembler (COSA) and OSBuild.
- The usage of the GRUB configuration files is aligned with other Linux distributions.