Not a user yet?
Log in Register for free Suggest a product
The manufacturer Fedora Project has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Running SSSD with reduced privileges

Fedora LinuxFedora Linux
Fedora Project
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Changes in Fedora 41 For System Administrators

SPDX Migration
RPM packages use SPDX identifiers as a standard for licenses. 90 % of the packages have been migrated to SPDX identifiers. The remaining packages are estimated to be migrated to SPDX in Fedora 42. A list of all licenses allowed (and used) in Fedora Linux can be found at Fedora Legal page. Out of 90%, nine percent of the packages have a temporary license LicenseRef-Callaway-* that conforms to SPDX, but needs to be assigned the correct license ID from the SPDX organization.

Remove ifcfg support in NetworkManager
NetworkManager removes support for connection profiles stored in ifcfg format. It is deprecated upstream and the native Keyfile format is valid and a better replacement. The following packages are being dropped. NetworkManager-initscripts-ifcfg-rh, NetworkManager-dispatcher-routing-rules and NetworkManager-initscripts-updown.

Running SSSD with reduced privileges
To support general system hardening (running software with least privileges possible), the SSSD service is now configured to run under sssd or root user using the systemd service configuration files. This service user now defaults to sssd and irrespective of what service user is configured, root or sssd, all root capabilities are dropped with the exception of a few privileged helper processes.

Removal of the sss_ssh_knownhostsproxy tool
The sss_ssh_knownhostsproxy tool was deprecated in the previous release and has now been removed. It is replaced by the sss_ssh_knownhosts tool. See man sss_ssh_knownhosts(1) to learn how to use it.

Consistent device naming in Fedora Cloud
Previously, the Fedora Cloud edition used to set the net.ifnames=0 kernel command-line parameter during the kickstart process. This would disable the consistent naming for networking devices and ensured that Ethernet devices kept their traditional names such as eth0, eth1, and so on. With this update, net.ifnames=0 has been removed from the Fedora Cloud kickstart file to ensure consistency in the network device naming and to align with the other Fedora editions.

Remove network-scripts
With this update, the long-deprecated package network-scripts will be removed. The package provided the legacy utilities ifup and ifdown, as well as the network.service. Network scripts heavily depend on the Dynamic Host Configuration Protocol (DHCP) client, and without active development, there is no chance of updating them to use an alternative client.

Packages that depend to some extent on network-scripts:

  • libteam
  • NetworkManager
  • openvswitch
  • ppp

Note that this change also affects all users with local custom network-scripts that require functionality from the network-scripts package.

Access to all versions of Kubernetes and its related components
Starting with Fedora 41, all supported versions of Kubernetes, CRI-O and CRI-Tools will be available concurrently. As an example, Fedora 41 has the following Kubernetes RPMs at release:

  • kubernetes1.29
  • kubernetes1.30
  • kubernetes1.31

This is a significant change from the past Fedora releases, which only had a single version of Kubernetes available in Fedora repositories. CRI-O and CRI-Tools RPMs also share this change with versions available to complement Kubernetes. For more information, see this Fedora Quick Doc.

Pytest 8
Pytest is a testing framework for Python-based projects. With Pytest you can write simple and scalable test cases for your code. Pytest 8 is now available, which removes a lot of deprecated functions and introduces some breaking changes. The notable updates include:

Improved differences that pytest prints when assertion fails.

The internal FixtureManager.getfixtureclosure method has changed. Plugins that use this method or that subclass the FixtureManager component and overwrite FixtureManager.getfixtureclosure, will need to adapt.

The new-style hook wrappers are now used internally.

Sanitized the handling of the default parameter when defining configuration options.

Some packages will likely fail to build.

For more details, see the upstream release notes.

Unprivileged updates for Fedora Atomic Desktops
On Atomic Desktops, the policy controlling access to the rpm-ostree daemon has been updated to:

  • Enable users to update the system without having elevated privileges or typing a password. Note that this change only applies to system updates and repository meta updates; not to other operations.
  • Reduce access to the most privileged operations (such as changing the kernel arguments, or rebasing to another image) of rpm-ostree for administrators to avoid mistakes. Only the following operations will remain password-less to match the behavior of the package mode Fedora with the dnf command:
  • install and uninstall packages
  • upgrade the image
  • rollback the image
  • cancel transactions
  • cleanup deployment
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Fedora Project Fedora Linux updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad