Chapter 19. System and Subscription Management

The cockpit packages, which provide the Cockpit browser-based administration console, have been upgraded to version 173. This version provides a number of bug fixes and enhancements. Notable changes include:

Previously, the reposync command did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of reposync to not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new --allow-path-traversal option. (BZ#1609302, BZ#1600618)

When using the yum clean all command, the following hint was always displayed:

Maybe you want: rm -rf /var/cache/yum

Maybe you want: rm -rf /var/cache/yum

With this update, the hint has been removed, and yum clean all now prints a disk usage summary for remaining repositories that were not affected by yum clean all (BZ#1481220)

Previously, the yum versionlock plug-in, which is used to lock RPM packages, did not display any information about packages excluded from the update. Consequently, users were not warned that such packages will not be updated when running the yum update command. With this update, yum versionlock has been changed. The plug-in now prints a message about how many package updates are being excluded. In addition, the new status subcommand has been added to the plug-in. The yum versionlock status command prints the list of available package updates blocked by the plug-in. (BZ#1497351)

The --repofrompath option, which is already supported by the repoquery and repoclosure commands, has been added to the repotrack command. As a result, non-root users can now add custom repositories to track without escalating their privileges. (BZ#1506205)

Previously, subscription manager did not respect changes to the default proxy_port configuration from the /etc/rhsm/rhsm.conf file. Consequently, the default value of 3128 was used even after the user had changed the value of proxy_port.

With this update, the underlying source code has been fixed, and subscription manager now respects changes to the default proxy_port configuration. However, making any change to the proxy_port value in /etc/rhsm/rhsm.conf requires an selinux policy change. To avoid selinux denials when changing the default proxy_port, run this command for the benefit of the rhsmcertd daemon process:

semanage port -a -t squid_port_t -p tcp <new_proxy_port>

semanage port -a -t squid_port_t -p tcp <new_proxy_port>

(BZ#1576423)

sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. (BZ#1481861)