Chapter 8. Removed features

auth or authconfig commands are removed

The auth or authconfig Kickstart commands which were deprecated in Red Hat Enterprise Linux 8, are removed now. As a replacement, use the authselect kickstart command.

The inst.xdriver and inst.usefbx options have been removed

The graphical system for the installation image switched from the Xorg server to a Wayland compositor. As a consequence, the inst.xdriver boot option has been removed. Wayland operates without relying on X drivers, making it incompatible with loading any such drivers. As a result, the inst.xdriver option is no longer applicable.

The openstack image type has been deprecated from RHEL image builder

From the RHEL 10.0 onward, RHEL image builder will no longer support the Openstack image type. You can use the .qcow2 image type to build Openstack images.

Capturing screenshots from the Anaconda GUI with a global hot key is removed

Previously, users could capture screenshots of the Anaconda GUI by using a global hot key. Consequently, users could extract the screenshots manually from the installation environment for any further usage. This functionality has been removed.

Removed inst.nompath, dmraid and nodmraid boot options

The inst.nompath, dmraid and nodmraid boot options have been removed now and are no longer available for use.

Removed automatic bug reporting system from Anaconda

The installer no longer supports automatically reporting problems to the Red Hat issue tracking system. You can collect the installation logs and report problems manually, as described in the troubleshooting section.

Removed a few options of the timezone Kickstart command

The following options of the timezone Kickstart command has been removed in Red Hat Enterprise Linux 10:

Removed the --level parameter of the logging Kickstart command

The --level parameter of the logging kickstart command has been removed. It is no longer possible to set the level of logging of the installation process.

The support for %anaconda Kickstart command has been removed

The support for the deprecated %anaconda Kickstart command has been removed. You can use the kernel arguments and command line line options to update the configuration in the Anaconda configuration files.

Removed pwpolicy Kickstart command

The support for the deprecated pwpolicy Kickstart command has been removed in Red Hat Enterprise Linux 10.

Removed support for adding additional repositories from GUI

Previously, when configuring the installation source, you could configure the additional repositories for the package installation. Starting in RHEL 10, this support has been removed. However, you can use the Kickstart installation method or inst.addrepo boot option if you want to specify additional repositories.

Removed support of the LUKS version selection from Anaconda

Previously, you could select the LUKS version from the Manual Installation screen. Starting in RHEL 10, the installer uses the luks2 version by default for all the new devices. No changes are made to the existing devices' LUKS version. You can also use the Kickstart method to select different LUKS versions.

The initial-setup package now has been removed

The initial-setup package has been removed in Red Hat Enterprise Linux 10. As a replacement, use gnome-initial-setup for the graphical user interface.

Redesigned the Time & Date spoke in the Installer GUI

Previously, Anaconda users were able to select the timezone using the time zone map. This screen is now redesigned and the timezone map has been replaced with the options where users can set the required timezone.

Anaconda built-in help has been removed

The built-in documentation from spokes and hubs of all Anaconda user interfaces, which was available during Anaconda installation, has been removed. Instead, refer to the official RHEL documentation.

Removed teaming options from the network kickstart command

The --teamslaves and --teamconfig options used for configuring team devices in the network kickstart command have been removed. To configure similar network settings, use the --bondslaves and --bondopts options to set up a Bond device.

Removed NVDIMM reconfiguration support during the installation process

The support for reconfiguring NVDIMM devices during the Kickstart and GUI installation has been removed in RHEL-10. However, the NVDIMM devices in the sector mode can still be usable in the installation program.

The --excludeWeakdeps and --instLangs options from %packages have been removed

In RHEL-10, the --excludeWeakdeps and --instLangs options used in the %packages section have been removed. To maintain similar functionality, use the updated options --exclude-weakdeps and --inst-langs instead. These replacements ensure compatibility and provide the same dependency and language control within package management.

scap-workbench is removed

The scap-workbench package is removed in RHEL 10. The scap-workbench graphical utility was designed to perform configuration and vulnerability scans on a single local or remote system. As an alternative, you can scan local systems for configuration compliance by using the oscap command and remote systems by using the oscap-ssh command. For more information, see Configuration compliance scanning.

oscap-anaconda-addon is removed

The oscap-anaconda-addon, which provided means to deploy baseline-compliant RHEL systems by using the graphical installation, is removed in RHEL 10. As an alternative, you can build RHEL images that comply with a specific standard by Creating pre-hardened images with RHEL image builder OpenSCAP integration.

OVAL removed from vulnerability scanning applications

The Open Vulnerability Assessment Language (OVAL) data format, which provides declarative security data processed by the OpenSCAP suite, has been removed. Red Hat continues to provide declarative security data in the Common Security Advisory Framework (CSAF) format, which is the successor of OVAL.

DSA and SEED algorithms have been removed from NSS

The Digital Signature Algorithm (DSA), which was created by the National Institute of Standards and Technology (NIST) and is now completely deprecated by NIST, is removed from the Network Security Services (NSS) cryptographic library. You can instead use algorithms such as RSA and ECDSA.

fips-mode-setup is removed

The fips-mode-setup command is removed from RHEL. To enable the cryptographic module self-checks mandated by the Federal Information Processing Standard (FIPS) 140, enable FIPS mode during the system installation. See the Switching RHEL to FIPS mode chapter in the Security hardening document for more information.

/etc/system-fips removed

Support for indicating FIPS mode through the /etc/system-fips file has been removed from RHEL. To install RHEL in FIPS mode, add the fips=1 parameter to the kernel command line during the system installation. You can check whether RHEL operates in FIPS mode by displaying the /proc/sys/crypto/fips_enabled file.

HeartBeat removed from TLS

The support for the HeartBeat extension in TLS has been removed to reduce the attack surface.

SRP authentication removed from TLS

Authentication that uses Secure Remote Password protocol (SRP) in TLS has been removed from the gnutls package and is no longer supported. SRP authentication is considered insecure because it cannot be used with TLS 1.3 and relies on Cipher block chaining (CBC) and SHA-1 as a key exchange.

Keylime no longer supports HTTP for revocation notifications

The Keylime components no longer support the HTTP protocol for revocation notification webhooks. Use HTTPS instead. As a consequence, the Keylime verifier now requires the revocation notification webhook server CA certificate. You can add it to the trusted_server_ca configuration option or add it to the system trust store.

DEFAULT cryptographic policy rejects TLS ciphers with RSA key exchange

TLS ciphers that use the RSA key exchange are no longer accepted in the DEFAULT system-wide cryptographic policy in RHEL 10. These ciphers do not provide perfect forward secrecy and are not considered as secure as ciphers that use other key exchanges, for example, the Elliptic-curve Diffie-Hellman (ECDH) key exchange.

ca-certificates trust store moved

The /etc/pki/tls/certs trust store is converted to a different format better optimized for OpenSSL. As a consequence, if you use the files in /etc/pki/tls/certs directly, switch to the /etc/pki/ca-trust/extracted directory, where the same data is stored. For example, software that accesses the trust bundle at /etc/pki/tls/certs/ca-bundle.crt should switch to using /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem instead.

The LEGACY cryptographic policy disallows SHA-1 signatures in TLS

The LEGACY system-wide cryptographic policy in RHEL 10 no longer allows creating or verifying signatures that use SHA-1 in TLS contexts. Therefore, libraries other than OpenSSL might no longer accept or create any signatures that use SHA-1 regardless of use case. OpenSSL continues to accept signatures that use SHA-1 when not used for TLS if the system is in LEGACY or this functionality is re-enabled with a custom subpolicy.

pam_ssh_agent_auth is removed

The pam_ssh_agent_auth package has been removed from RHEL 10.

OpenSSL no longer permits SHA-1 at SECLEVEL=2 in TLS

OpenSSL does not accept the SHA-1 algorithm at SECLEVEL=2 in TLS in RHEL 10. If your scenario requires using TLS 1.0/1.1, you must explicitly set SECLEVEL=0 and switch to the LEGACY system-wide cryptographic policy. In the LEGACY policy, applications that use SHA-1 in signatures outside of TLS will continue to work.

stunnel does not support OpenSSL ENGINE API

The stunnel TLS offloading and load-balancing proxy no longer supports the previously deprecated OpenSSL ENGINE API. The most common use case was accessing hardware security tokens by using PKCS #11 through the openssl-pkcs11 package. As a replacement, you can use the pkcs11-provider, which uses the new OpenSSL provider API.

OpenSSL Engines removed from OpenSSL

OpenSSL Engines have been deprecated and will soon be removed from upstream. Therefore, the openssl-pkcs11 package has been removed from OpenSSL in RHEL 10. Use providers instead, such as the pkcs11-provider, which is supported in this version.

Keylime policy management scripts are removed and replaced with keylime-policy

In RHEL 10, Keylime is provided with the keylime-policy tool, which replaces the following policy management scripts:

Several subscription-manager modules have been removed

Because of a simplified customer experience in Red Hat subscription services, which have transitioned to the Red Hat Hybrid Cloud Console and to account level subscription management with Simple Content Access, the following previously deprecated modules have been removed:

The support for the libreport library has been removed

The support for the libreport library has been removed from DNF. If you want to attach DNF logs to your bug reports, you need to do it manually or by using a different mechanism.

The DNF debug plug-in has been removed

The DNF debug plug-in, which included the dnf debug-dump and dnf debug-restore commands, has been removed from the dnf-plugins-core package. Depending on your scenario, you can use one of the following commands instead:

The numberless %patch syntax has been removed

Using the %patch directive without a number specified as a shorthand for %patch 0 to apply the zero-th patch has been removed. If you want to use %patch, a warning message suggests you to use the explicit syntax, for example, %patch 0 or %patch -P 0 to apply the zero-th patch.

The perl(Mail::Sender) module has been removed

The perl(Mail::Sender) module is removed from RHEL 10 without any replacement. As a consequence, the checkbandwidth script from net-snmp-perl package does not support email alerts when bandwidth high/low levels for a host or interface are reached.

Significant changes in the package set for infrastructure services

The following packages are no longer included in Red Hat Enterprise Linux:

The ISC Kea DHCP server solution is now available

Kea is a new Dynamic Host Configuration Protocol (DHCP) server solution in RHEL. ISC DHCP was removed in favor of Kea to ensure future delivery of bug fixes and enhancements. The upstream version of ISC DHCP no longer develops new features and bug fixes.

ATM encapsulation is removed from RHEL 10

Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). Red Hat has not been providing support for ATM NIC drivers since RHEL 7. The support for ATM implementation is being dropped in RHEL 9. These protocols are currently used only in chipsets that support the ADSL technology and are being phased out by manufacturers. Therefore, ATM encapsulation was deprecated in Red Hat Enterprise Linux 9, and it is removed from Red Hat Enterprise Linux 10.

The dhcp-client package has been removed

The dhcp-client package has been removed from RHEL 10, because the ISC DHCP client is no longer maintained upstream. As a consequence, the dhclient utility is no longer available and you cannot use it as DHCP client in NetworkManager. As an alternative, use the NetworkManager-internal DHCP client, which was also the default in previous RHEL versions.

The mlx4 driver is removed from RHEL 10.0

With the RHEL 10.0 release, the mlx4 driver for the Mellanox ConnectX-3 network interface controller (NIC) is removed. You must use another NIC that is compatible with newer drivers.

The kexec_load system call is removed

The kexec_load system call, which was deprecated in RHEL 9, is removed. In RHEL 10, the kexec_file_load system call replaces kexec_load and is the default system call on all architectures. Also, kexec_file_load is required for a secure boot.

The crash --log dumpfile option is deprecated

The crash --log dumpfile option no longer works for kernel version 5.10 and above. As a consequence, the crash --log command fails with error message 'crash:VMCOREINFO: no log buffer data'.

Support for NVMe devices has been removed from the lsscsi package

Support for Non-volatile Memory Express (NVMe) devices has been removed from the lsscsi package. Use native tools such as nvme-cli, lsblk, and blkid instead. Report any missing functionality against the nvme-cli package.

Support for NVMe devices has been removed from the sg3_utils package

Support for Non-volatile Memory Express (NVMe) devices has been removed from the sg3_utils package. Use native tools such as the nvme-cli package instead and report any missing functionality against nvme-cli.

The VDO sysfs parameters have been removed

The Virtual Data Optimizer (VDO) sysfs parameters have been removed. Except for log_level, all module-level sysfs parameters for the kvdo module are removed. For individual dm-vdo targets, all sysfs parameters specific to VDO are also removed. There is no change for the parameters that are common to all DM targets. Configuration values for dm-vdo targets that are currently set by updating the removed module-level parameters, can no longer be changed.

Support for GFS2 file systems has been removed

The Red Hat Enterprise Linux (RHEL) Resilient Storage Add-On will no longer be supported starting with Red Hat Enterprise Linux 10. This includes the GFS2 file system, which is also no longer supported. The RHEL Resilient Storage Add-On will continue to be supported with earlier versions of RHEL (7, 8, 9) and throughout their respective maintenance support lifecycles.

Support for the block translation table driver has been removed

Support for the block translation table driver (btt.ko) has been removed. As a consequence, you cannot use sector mode when configuring Non-Volatile Dual In-line Memory Modules (NVDIMM) namespaces.

The nvme_core.multipath parameter has been removed

In RHEL 10, the use of DM multipath with NVMe devices over RDMA and FC is no longer supported. As a consequence, the nvme_core.multipath parameter has been removed, the native NVMe multipath is enabled by default, and it can no longer be disabled.

The md-faulty and md-multipath modules have been removed

In RHEL 10, the md-faulty and md-multipath MD RAID kernel modules are no longer available. Bug fixes and support are provided only through the end of the RHEL 9 lifecycle.

pcsd Web UI no longer available as a standalone user interface

The pcsd Web UI has been modified to be usable as a RHEL web console add-on and is no longer operated as a standalone interface.

Support for the RHEL Resilient Storage Add-On has been removed

The Red Hat Enterprise Linux (RHEL) Resilient Storage Add-On will no longer be supported starting with Red Hat Enterprise Linux 10 and any subsequent releases after RHEL 10. The RHEL Resilient Storage Add-On will continue to be supported with earlier versions of RHEL (7, 8, 9) and throughout their respective maintenance support lifecycles.

Removed and updated Pacemaker CIB elements

The following configuration components of the Pacemaker CIB have been removed or modified in RHEL 10. When you upgrade to RHEL 10, these components are automatically removed, modified, or replaced as described. Before you upgrade, ensure that the Pacemaker CIB has a supported value for the validate-with attribute. Although you should not edit the cluster configuration file directly, you can view the raw cluster configuration with the pcs cluster cib command.

Removed functionality for the Red Hat High Availability Add-On

The following Red Hat High Availability Add-On features are no longer supported in RHEL 10.

32-bit packages have been removed in RHEL 10

Linking against 32-bit multilib packages has been removed. The *.i686 packages remain supported for the life cycle of Red Hat Enterprise Linux 9.

The pam_console module has been removed

The pam_console module has been removed from RHEL 10. The pam_console module granted file permissions and authentication capabilities to users logged in at the physical console or terminals, and adjusted these privileges based on console login status and user presence. As an alternative to pam_console, you can use the systemd-logind system service instead. For configuration details, see the logind.conf(5) man page.

The RSA PKINIT method has been removed

The private key-based RSA method is no longer supported in the MIT Kerberos. It has been removed for security reasons, especially for its vulnerability to the Marvin attack. As a result, the -X flag_RSA_PROTOCOL parameter of the kinit commands has no effect anymore. The Diffie-Hellman key agreement method is used as the default PKINIT mechanism.

The NIS server emulator has been removed

RHEL Identity Management (IdM) does not provide the NIS functionality anymore.

Other removed functionality for RHEL Identity Management

The following packages were part of RHEL 9 but are not distributed with RHEL 10:

BDB is no longer supported in 389-ds-base

The libdb library that implements the Berkeley Database (BDB) version used by 389-ds-base is no longer available in RHEL 10. As a result, Directory Server no longer supports BDB.

The enumeration feature has been removed for AD and IdM

Support for the enumeration feature was deprecated for AD and IdM in Red Hat Enterprise Linux (RHEL) 9. The enumeration feature has been removed for AD and IdM in RHEL 10.

The libsss_simpleifp subpackage has been removed

The libsss_simpleifp subpackage that provided the libsss_simpleifp.so library was deprecated in Red Hat Enterprise Linux (RHEL) 9. The libsss_simpleifp subpackage has been removed in RHEL 10.

The SSSD files provider has been removed

The SSSD files provider has been removed from RHEL 10.0. Previously, the SSSD files provider was responsible for smart card authentication and session recording for local users. As a replacement, you can configure the SSSD proxy provider.

The ad_allow_remote_domain_local_groups option has been removed from SSSD

Support for the ad_allow_remote_domain_local_groups option in sssd.conf was deprecated in Red Hat Enterprise Linux (RHEL) 9.6. The ad_allow_remote_domain_local_groups option has been removed in RHEL 10.

The reconnection_retries option has been removed

The reconnection_retries option has been removed from the sssd.conf file in SSSD in RHEL 10.0. Because SSSD switched to a new architecture using internal IPC between SSSD processes and responders no longer connect to the backend, the reconnection_retries option is no longer used.

TigerVNC has been removed

The TigerVNC remote desktop solution has been removed in RHEL 10.

Totem media player has been removed in RHEL 10

The RHEL 10 installation does not contain any media player by default. You can use any third party media player available, for example, on Flathub.

power-profiles-daemon is removed in RHEL 10

The power-profiles-daemon package that provided power mode configuration in GNOME has been removed in RHEL 10. In RHEL 10, you can manage power profiles with the Tuned daemon.

gedit is removed in RHEL 10

gedit, the default graphical text editor in Red Hat Enterprise Linux, is removed in RHEL 10. As an alternative, you can use GNOME Text Editor.

Tweaks is no longer available as a RHEL package in RHEL 10

Instead of the Tweaks desktop application, you can use the default GNOME Settings app, which has been expanded to include many options previously only found in Tweaks.

Qt5 libraries are removed in RHEL 10

Qt5 libraries are replaced with Qt6 libraries, with new functionality and better support.

WebKitGTK is removed in RHEL 10

The WebKitGTK web browser engine is removed in RHEL 10. As a consequence, you can no longer build applications that depend on WebKitGTK. Desktop applications other than Firefox can no longer display web content. There is no alternative web browser engine provided in RHEL 10.

Evolution is removed in RHEL 10

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The application and its plugins are removed in RHEL 10. You can find an alternative in a third party source, for example on Flathub.

Festival is not supported in RHEL 10

With support for the Festival speech synthesizer removed in RHEL 10, the Festival binaries, libraries and the plugin for Speech Dispatcher are also removed.

The Eye of GNOME is removed

The Eye of GNOME (eog) image viewer application is removed in RHEL 10.

Cheese is removed

The Cheese camera application is removed in RHEL 10.

Devhelp has been removed

Devhelp, a graphical developer tool for browsing and searching API documentation, has been removed in RHEL 10. You can now find API documentation online in specific upstream projects.

gtkmm based on GTK 3 has been removed

gtkmm is a C++ interface for the GTK graphical toolkit. The gtkmm version that was based on GTK 3 has been removed in RHEL 10 with all its dependencies. To access gtkmm in RHEL 10, migrate to the gtkmm version based on GTK 4.

LibreOffice is removed in RHEL 10

The LibreOffice RPM packages are removed from RHEL 10. LibreOffice continues to be fully supported through the entire life cycle of RHEL 7, 8, and 9.

GNOME Terminal is removed in RHEL 10

GNOME Terminal has been replaced with Ptyxis in RHEL 10.

Inkscape vector graphics editor is removed in RHEL 10

The RHEL 10 installation does not contain any vector graphics editor. You can use any third party vector graphics editor available, for example, on Flathub.

GNOME Classic session has been removed from the default installation

If your scenario requires the GNOME classic session, install it manually:

Evince is removed in RHEL 10

Evince, a document viewer for the GNOME desktop, is removed in RHEL 10. You can use the Papers application instead. Papers is a fork of Evince ported to Gtk 4, which aims to move at a more rapid pace with adding of new features, such as listing of signatures in PDF documents. Papers is partially written in Rust for improved stability.

The PulseAudio daemon is removed in RHEL 10

The PulseAudio daemon, and its packages pulseaudio and alsa-plugins-pulseaudio, have been removed in RHEL 10.

Motif is removed

Motif is an X11-based Desktop Environment (DE), which consists of a toolkit and the mwm X11 window manager. It was previously deprecated and has been removed from RHEL 10. As a replacement, you can use the GTK or Qt toolkit.

xorg-x11-server is removed from RHEL 10

The X.Org server, an implementation of the X Window System, was previously deprecated and is removed from RHEL 10. Note that the X11 protocol is not removed, which means that most applications will remain compatible through the Xwayland compositor. For more information, see Red Hat Enterprise Linux 10 plans for Wayland and Xorg server (Red Hat Blog).

The mssql_accept_microsoft_odbc_driver_17_for_sql_server_eula variable has been deprecated

With a future major update of RHEL, the mssql_accept_microsoft_odbc_driver_17_for_sql_server_eula variable will no longer be supported in the mssql system role because the role can now install the odbc driver for mssql_tools version 17 and 18. Therefore, you must use the mssql_accept_microsoft_odbc_driver_for_sql_server_eula variable without the version number instead.

The virt-v2v tool can no longer convert Xen virtual machines from RHEL 5

It is no longer possible to use the virt-v2v tool to convert virtual machines from a RHEL 5 Xen host to KVM. For details, see the Red Hat Knowledge Base.

Red Hat Virtualization compatibility has been removed from virt-v2v

Because the maintenance support for Red Hat Virtualization (RHV) has ended, the virt-v2v utility no longer supports exporting virtual machines to RHV. As a consequence, the following options are no longer available in virt-v2v:

Persistent memory device passthrough cannot be used in RHEL 10

Because the nvml package was removed in RHEL 10, persistent memory (pmem) device passthrough cannot be used anymore. pmem device passthrough allows a virtual machine to directly access a host’s physical persistent memory hardware with minimal emulation overhead.

RDMA-based migration is unsupported

In RHEL 10, migrating virtual machines (VMs) by using Remote Direct Memory Access (RDMA) is no longer supported. Therefore, Red Hat highly discourages using the rdma URI for VM migration.

NIC device drivers related to iPXE have been removed

The Internet Preboot eXecution Environment (iPXE) firmware provides a range of network boot options for remotely booting machines. iPXE also provides a large number of device drivers. The following iPXE drivers are no longer in use in the RHEL 10 release, and have therefore been removed:

cloud-init no longer uses python-jsonschema

This update has removed the cloud-init dependency on the python-jsonschema package. As a consequence, it is no longer possible use the cloud-init schema validator to verify cloud-init configuration.

The rsyslog container image has been removed

The rsyslog container image has been removed. Instead, you can use the support-tools container image, which includes diagnostic and troubleshooting tools such as sos report, strace, and tcpdump. With the support-tools image, you can have access to many of the functionalities previously covered by the rsyslog image, along with additional utilities to enhance system support and maintenance workflows.

The cgroupv1 has been removed

The cgroupv1 control group mechanism has been removed, use cgroupv2 instead. The cgroupv2 provides a single control group hierarchy against which all resource controllers are mounted. The default in RHEL 10 is cgroupv2.

The runc container runtime has been removed

The runc container runtime has been removed. The container runtime in RHEL 10 is crun. The crun is a fast and low-memory footprint OCI container runtime written in C. The crun binary is up to 50 times smaller and up to twice as fast as the runc binary. Using crun, you can also set a minimal number of processes when running your container. The crun runtime also supports OCI hooks.