Chapter 39. Red Hat Enterprise Linux Atomic Host 7.2.5
39.1. Atomic Host
OStree update:
New Tree Version: 7.2.5 (hash: 9bfe1fb65094d43e420490196de0e9aea26b3923f1c18ead557460b83356f058)
Changes since Tree Version 7.2.4 (hash: b060975ce3d5abbf564ca720f64a909d1a4d332aae39cb4de581611526695a0c)
Updated packages:
- rpm-ostree-client-2016.3.1.g5bd7211-2.atomic.el7.1
- rpm-ostree-2016.3.1.g5bd7211-1.atomic.el7
- ostree-2016.5-3.atomic.el7
- cockpit-ostree-0.108-1.el7
New packages:
- openscap-daemon-0.1.5-1.el7
39.2. Extras
Updated packages:
- atomic-1.10.5-5.el7
- cockpit-0.108-1.el7
- docker-1.10.3-44.el7
- docker-distribution-2.4.1-1.el7 *
- docker-latest-1.10.3-44.el7
- dpdk-2.2.0-3.el7 *
- etcd-2.2.5-2.el7
- kubernetes-1.2.0-0.12.gita4463d9.el7
- runc-0.1.1-4.el7 (Technology Preview) *
The asterisk (*) marks packages which are available for Red Hat Enterprise Linux only.
39.2.1. Container Images
Updated:
- Red Hat Enterprise Linux Container Image (rhel7/rhel)
- Red Hat Enterprise Linux Atomic Tools Container Image (rhel7/rhel-tools)
- Red Hat Enterprise Linux Atomic rsyslog Container Image (rhel7/rsyslog)
- Red Hat Enterprise Linux Atomic sadc Container Image (rhel7/sadc)
- Red Hat Enterprise Linux Atomic cockpit-ws Container Image (rhel7/cockpit-ws)
- Red Hat Enterprise Linux Atomic etcd Container Image (rhel7/etcd)
- Red Hat Enterprise Linux Atomic Kubernetes-controller Container Image (rhel7/kubernetes-controller-mgr)
- Red Hat Enterprise Linux Atomic Kubernetes-apiserver Container Image (rhel7/kubernetes-apiserver)
- Red Hat Enterprise Linux Atomic Kubernetes-scheduler Container Image (rhel7/kubernetes-scheduler)
- Red Hat Enterprise Linux Atomic SSSD Container Image (rhel7/sssd) (Technology Preview)
New:
- Red Hat Enterprise Linux Atomic openscap Container Image (rhel7/openscap) (Technology Preview)
39.3. New Features
ostree admin unlock command now available
Red Hat Enterprise Linux Atomic Host 7.2.5 introduces the new command ostree admin unlock. It allows users to unlock the current ostree deployment and install packages temporarily. This is done by mounting a writable overlayfs on /usr. When a user reboots, the overlayfs is unmounted and the packages are no longer installed. Use the ostree admin unlock --hotfix option for the changes, such as package installs to persist across reboots. This command provides the same capabilities as atomic-pkglayer, which is now deprecated. There are known issues with overlayfs and SELinux, so this functionality is not intended for long term use.
Strict browser security policy for Cockpit is now enforced
This defines what code can be run in a Cockpit session and mitigates a number of browser-based attacks.