From Fedora Project Wiki

No edit summary
(add security features)
Line 53: Line 53:
== For administrators ==
== For administrators ==
''These talking points concern innovations that help make system administrators' lives better.''
''These talking points concern innovations that help make system administrators' lives better.''
=== Lower Process Capabilities ===
<small>[[Features/LowerProcessCapabilities | lower process capabilities feature]]</small>
This is a new security feature in Fedora 12. When someone attacks a system, they normally can't do much unless they can escalate privileges. While the underlying feature has been there for sometime, it hasn't been used much because libcap, the library to access that feature was not easy to use for application developers. Steve Grubb from Red Hat has developed a new library (libcap-ng-utils) which is much more easier to use and integrated into many core components by default in Fedora 12 to reduce the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.
=== SELinux Sandbox ===
[http://danwalsh.livejournal.com/28545.html SELinux Sandbox] developed by Red Hat SELinux developer Dan Walsh provides a way to run a filter-type program within a locked-down sandbox. This allows administrators to take untrusted content, run it through one or more filters, and be able to trust that the content can't cause the filter programs to do evil things. It has been extended [http://danwalsh.livejournal.com/31146.html further] to constrain specific applications and restrict access.


=== libguestfs ===
=== libguestfs ===
<small>[[Features/libguestfs | libguestfs feature]]</small>
<small>[[Features/libguestfs | libguestfs feature]]</small>


Fedora has long been a leader in making it easier for administrators to manage virtual machines, evidenced in the early development and integration of virt-manager. Fedora 12 continues this tradition by introducing [http://libguestfs.org/ libguestfs] and [http://libguestfs.org/guestfish.1.html guestfish]. libguestfs is a library for accessing and modifying the disk images of virtual machines, and when combined with guestfish --- the libguestfs interactive shell --- replaces the old and cumbersome methods of creating loopback mounts as root, kpartx and reconfiguring LVM. It is particularly adept at making batch configuration changes to guests, collecting disk statistics, migrating between virtualisation systems, performing backups, cloning guests and [https://fedoraproject.org/wiki/Features/libguestfs more]. Libguestfs uses Linux kernel and qemu code, and as a result can access all of the same file systems they are capable of, including but not limited to ext2/3/4, btrfs, FAT and NTFS.
Fedora has long been a leader in making it easier for administrators to manage virtual machines, evidenced in the early development and integration of KVM, lib-virt and virt-manager. Fedora 12 continues this tradition by introducing [http://libguestfs.org/ libguestfs] and [http://libguestfs.org/guestfish.1.html guestfish]. libguestfs is a library for accessing and modifying the disk images of virtual machines, and when combined with guestfish --- the libguestfs interactive shell --- replaces the old and cumbersome methods of creating loopback mounts as root, kpartx and reconfiguring LVM. It is particularly adept at making batch configuration changes to guests, collecting disk statistics, migrating between virtualisation systems, performing backups, cloning guests and [https://fedoraproject.org/wiki/Features/libguestfs more]. Libguestfs uses Linux kernel and qemu code, and as a result can access all of the same file systems they are capable of, including but not limited to ext2/3/4, btrfs, FAT and NTFS.


''The libguestfs feature lets administrators work directly with virtual guest machine disk images without booting those guests.''
''The libguestfs feature lets administrators work directly with virtual guest machine disk images without booting those guests.''

Revision as of 04:39, 19 September 2009

This page contains the highest-level talking points for the Fedora 12 release. When adding to this page, consider points that have a wide appeal, and consider whether or not there is a "bigger picture" that needs to be described. In some cases, a feature is part of a multi-release arc of work, and that context can be useful to provide.

For desktop users and everyone

These items are of general interest to most people using F12.

Automatic Reporting on Crashes

Abrt

Abrt, a tool to help even non technical users report crashes to developers with just a few mouse clicks is installed by default replacing Bug Buddy. With detailed information provided by this tool, developers will be able to analyse and fix these issues more easily resulting in rapid improvements in the robustness of software in Fedora.

PackageKit command-line and browser plugins

Browser plugin feature, Command plugin feature

PackageKit is a technology that was first introduced in Fedora 9 to provide a set of distribution-neutral software management tools. It has since been included in a number of other distributions and is growing quickly in popularity due to its flexibility and quick feature integration. In Fedora 12, PackageKit has grown the ability to automatically install the software packages that provide new commands when the user is operating a text terminal. It also now supports a browser plugin that allows software vendors of any size to provide automatic installation of software packages using simple HTML <object> tags.

PackageKit now makes it easier to install software through your browser or at the command line.

NetworkManager enhancements

System connections feature, Mobile broadband feature

NetworkManager, which was introduced in Fedora 7, has become the de facto network configuration solution for distributions everywhere. Fedora 12 includes enhancements to NetworkManager to make both system-wide connections and mobile broadband connections easier than ever. Signal strength and network selection are available for choosing the best mobile broadband connection when you're on the road. And if you're at a system that requires an always-on connection or static addressing, NetworkManager will now allow you to configure that connection directly from the desktop, and includes PolicyKit integration so configuration management can be done via central policy where needed.

NetworkManager now makes it easier for you to be online using mobile broadband, or configure servers or other special situations.

Next-generation Ogg Theora video

Thusnelda feature

For several years, the open, free, and patent-unencumbered Ogg Theora format has provided a way for freedom-loving users to share video. Fedora 12 includes the new Theora 1.1, which achieves near-H.264 quality in a completely free and open codec and format. Already, as a direct result of Red Hat contributions, in partnership with Xiph and Mozilla, users of the Firefox 3.5 browser can immediately enjoy free media on the web, using the Ogg Theora video and Ogg Vorbis audio formats. With the introduction of Theora 1.1, the quality of free video can meet or exceed user expectations, delivering crisp, vibrant media in both streaming and downloadable form.

Ogg Theora video lets you stream and download near-Blu-Ray video quality while using 100% free and open software, codecs, and formats.

Smaller downloads and faster updates

XZ payload feature

Fedora is used in a wide range of circumstances, and not all have the luxury of a high speed broadband connection with unlimited downloads. This presents a number of challenges, not the least of which is making it easier for users to get updates which will help ensure their system is secure and stable. In Fedora 11, Presto was made available which reduced update size by transmitting only the changes in the updated RPM packages. In Fedora 12, RPMs are being switched from using gzip to XZ for compression, providing smaller package sizes without the memory and CPU penalties associated with bzip2. Not only does this result in smaller downloads, but it also allows for more software to be squeezed into the final release, and less space to be taken up on our mirrors, making their administrators' lives a little easier.

Presto yum plugin is installed by default in the GNOME and KDE groups in Fedora 12 and users will get much faster updates since only the difference between updates will be downloaded.

Better file compression saves disk space for administrators and time for everyone.

Preview of GNOME Shell

GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy to use experience. This is still a VERY EARLY version of GNOME Shell and should not be taken of indicative of the final user interface or performance.

Moblin Netbook Interface

Moblin netbook interface

Moblin netbook interface has been integrated in Fedora 12. The Moblin Architecture is designed to support multiple platforms and usage models ranging from Netbooks and NetTops to Mobile Internet Devices (MID) and various embedded usage models, such as In Vehicle Infotainment systems. The central piece of the architecture is the common layer called "Moblin Core". Moblin Core is built on the GNOME Mobile platform, extending and enriching it with new technologies like Clutter, GUPnP and mojito. The Moblin Core is the core desktop environment that sits of top of Fedora, and above the Moblin Core are the specific user interface and user interaction model for the target device(s).

For administrators

These talking points concern innovations that help make system administrators' lives better.

Lower Process Capabilities

lower process capabilities feature

This is a new security feature in Fedora 12. When someone attacks a system, they normally can't do much unless they can escalate privileges. While the underlying feature has been there for sometime, it hasn't been used much because libcap, the library to access that feature was not easy to use for application developers. Steve Grubb from Red Hat has developed a new library (libcap-ng-utils) which is much more easier to use and integrated into many core components by default in Fedora 12 to reduce the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.

SELinux Sandbox

SELinux Sandbox developed by Red Hat SELinux developer Dan Walsh provides a way to run a filter-type program within a locked-down sandbox. This allows administrators to take untrusted content, run it through one or more filters, and be able to trust that the content can't cause the filter programs to do evil things. It has been extended further to constrain specific applications and restrict access.

libguestfs

libguestfs feature

Fedora has long been a leader in making it easier for administrators to manage virtual machines, evidenced in the early development and integration of KVM, lib-virt and virt-manager. Fedora 12 continues this tradition by introducing libguestfs and guestfish. libguestfs is a library for accessing and modifying the disk images of virtual machines, and when combined with guestfish --- the libguestfs interactive shell --- replaces the old and cumbersome methods of creating loopback mounts as root, kpartx and reconfiguring LVM. It is particularly adept at making batch configuration changes to guests, collecting disk statistics, migrating between virtualisation systems, performing backups, cloning guests and more. Libguestfs uses Linux kernel and qemu code, and as a result can access all of the same file systems they are capable of, including but not limited to ext2/3/4, btrfs, FAT and NTFS.

The libguestfs feature lets administrators work directly with virtual guest machine disk images without booting those guests.

Virtualization improvements

KVM huge page backed memory feature, KVM stable guest ABI feature, KVM NIC hotplugging feature, KVM qcow2 performance feature, Network interface management feature, Privileges feature, GPXE feature, Storage management feature

As virtualization becomes an increasingly important part of IT infrastructures, the Fedora community has stepped up with a large number of virt-related features in Fedora 12. Administrators can now choose to use huge page backed memory to reduce memory consumption and improve performance by reducing CPU cache pressure, retain VM hardware profiles across qemu upgrades, add network interfaces to a KVM guest without restarting, and enable VM hosts to discover new SAN storage and issue NPIV operations. Several changes have been introduced to QEMU/KVM virtual machines to improve host security in the event of a flaw in the QEMU binary, and the deprecated etherboot pxe booting infrastructure has been replaced by gpxe. Fedora 12 also features the qcow2 image format for disk images, which improves the I/O performance of virtual machines, as well as improved tools for interface configuration. These are only a few virt-related improvements in Fedora 12; many more are available.

New higher-performance virtualization capabilities help administrators build more secure, powerful, scalable, and easy to manage solutions.

For developers

Here are some innovations that make Fedora a great platform for software developers.

SystemTap Eclipse integration and tracing improvements

Eclipse integration feature, Tracing refresh feature

SystemTap provides a scriptable free software infrastructure to simplify the gathering of information about the running Linux system, eliminating the need to go through the instrument, recompile, install and reboot sequence that is other wise needed to collect data when diagnosing performance or functional problems. Fedora 12 brings two significant improvements to SystemTap. First, a new version has been packaged which brings with it a number of benefits, including the ability to take advantage of updated gcc debuginfo and kernel tracepoints, as well as providing better examples, tools and development extensions, which enables programmers to include static probe markers in their programs. Secondly, it has been closely integrated with the Eclipse IDE so developers can now launch SystemTap scripts on their C/C++ projects from within Eclipse itself, as well as providing an anchor for linking SystemTap data with Eclipse graphics.

SystemTap helps developers trace and gather information for writing and debugging programs, and is also integrated with the popular and widely-used Eclipse IDE.

NetBeans 6.7.1

NetBeans 6.7.1 feature

The NetBeans Platform and NetBeans IDE have been part of Fedora for a long time now, and developers who use Fedora have come to appreciate the fact that the latest features have always been available to them. Fedora 12 ensures their expectations continue to be met and exceeded, with packages being rebased to the latest stable release, NetBeans 6.7.1. As part of this, two new packages have also been introduced, jemmy and cobertura. All of this results in a number of new features, including maven support for the creation of plugins and web services, C++ support for profiling and Java ME support CDC projects in the bundled Java ME SDK 3.0.

Java developers have access to the latest stable release of NetBeans (6.7.1) and the numerous new features it provides.