In association with heise online

Architecture & Infrastructure

Linux 3.5 eliminates the cause of the latest leap second bug which affected many systems earlier this month. A major development by Eric W. Biederman, "User namespace enhancements" makes possible a cleaner separation of user and group IDs between host and container. As a result, users who have root privileges in a container no longer, for example, have full access to all files in the directories /proc/ and /sys/. This had previously allowed root users within a container to influence the behaviour of the host system.

The seccomp filters mechanism now enables programs to set up filters (using Berkeley Packet Filter syntax) that regulate which system calls that software started by this program can use (1, 2, 3, 4 and others). This could be useful for providing added security in the context of virtualisation or sandbox solutions, for example. One area of use is for browsers that need to execute untrusted code. The version of Chrome in Ubuntu 12.04 LTS uses seccomp to provide additional security for the Flash plugin. Further background information can be found in the documentation and on LWN.net.

Storage

The MD code can now reshape in RAID 10; as a result, the number of storage devices in such a RAID can now be modified. Together with the Linux-Iscsi.org (LIO) target infrastructure software, the new FireWire SBP-2 fabric module enables Linux 3.5 to export local storage devices via FireWire so that other systems can mount them as an ordinary FireWire storage device. Many Apple systems have offered such a "FireWire target disk mode" for some time.

Filesystems

The developers have made some changes to the still experimental Btrfs filesystem's writeback handling; in the email for his main Git-Pull request for Linux 3.5, Chris Mason writes that the changes are designed to prevent latency spikes which occasionally occur when writing metadata. Ext4 can now add CRC32 checksums to many parts of its metadata and use them to reveal corruptions (1, 2, 3, 4, 5); this feature can, for now, only be used with a developer version of the E2fsprogs tools.

Networking

The network subsystem now includes the package schedulers "Codel" and "Fair Queue Codel AQM"; they are designed to help avoid the "buffer bloat" problem. A Google developer has added an "Early Retransmit" (ER) feature to the TCP stack that can accelerate connection recovery when packets are lost, as similarly described in RFC 5827.

The teaming driver that was integrated in Linux 3.3 now offers a load balancing feature. The R8169 driver for Gigabit Ethernet chips by Realtek can now communicate with the RTL8402 and RTL8411 chips. The E1000e driver has been extended to support the i217 PHY, which is said to work with Intel's Lynx Point Platform Controller Hub (PCH); these are supposed to work together with Intel's Haswell processors, scheduled for 2013.

Drivers

Linux 3.5 now supports Asus's Xonar DGX sound card. The HD-audio driver now supports the Creative SoundCore3D function. Several changes have been made in the platform driver for Sony laptops to improve support for newer Sony devices. These changes will, for example, allow the driver to activate the keyboard backlight on Vaio SA/SB/SC and CA/CB models. Drivers for the Management Engine Interface (MEI) used on many Intel motherboard chipsets have successfully exited the staging tree.

Next: Summary, outlook, statistics

Print Version | Permalink: http://h-online.com/-1637461
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit