| RHE Linux 6.4 Technical Notesanaconda component, BZ#895982Physical-extents size less than 32MB on top of an MD physical volume leads to problems with calculating the capacity of a volume group. To work around this problem, use a physical-extent size of 32MB or leave space double the physical-extent size free when allocating logical volumes. Another option is to change the default 4MB size of a physical extent to 32MB. anaconda component, BZ#875644After upgrading the system using kickstart, IBM System z machines halt instead of rebooting, despite the instruction to reboot. To work around this problem, boot the system manually. anaconda component Setting the qla4xxx parameter ql4xdisablesysfsboot to 1 may cause boot from SAN failures. anaconda component To automatically create an appropriate partition table on disks that are uninitialized or contain unrecognized formatting, use the zerombr kickstart command. The --initlabel option of the clearpart command is not intended to serve this purpose. anaconda component, BZ#676025Users performing an upgrade using the Anaconda's text mode interface who do not have a boot loader already installed on the system, or who have a non-GRUB boot loader, need to select Skip Boot Loader Configuration during the installation process. Boot loader configuration will need to be completed manually after installation. This problem does not affect users running Anaconda in the graphical mode (graphical mode also includes VNC connectivity mode). anaconda component On s390x systems, you cannot use automatic partitioning and encryption. If you want to use storage encryption, you must perform custom partitioning. Do not place the /boot volume on an encrypted volume. anaconda component The order of device names assigned to USB attached storage devices is not guaranteed. Certain USB attached storage devices may take longer to initialize than others, which can result in the device receiving a different name than you expect (for example, sdc instead of sda). During installation, verify the storage device size, name, and type when configuring partitions and file systems. -
kernel component Recent Red Hat Enterprise Linux 6 releases use a new naming scheme for network interfaces on some machines. As a result, the installer may use different names during an upgrade in certain scenarios (typically em1 is used instead of eth0 on new Dell machines). However, the previously used network interface names are preserved on the system and the upgraded system will still use the previously used interfaces. This is not the case for Yum upgrades. -
anaconda component The kdump default on feature currently depends on Anaconda to insert the crashkernel= parameter to the kernel parameter list in the boot loader's configuration file. firstaidkit component The firstaidkit-plugin-grub package has been removed from Red Hat Enterprise Linux 6.2. As a consequence, in rare cases, the system upgrade operation may fail with unresolved dependencies if the plug-in has been installed in a previous version of Red Hat Enterprise Linux. To avoid this problem, the firstaidkit-plugin-grub package should be removed before upgrading the system. However, in most cases, the system upgrade completes as expected. anaconda component, BZ#623261 In some circumstances, disks that contain a whole disk format (for example, an LVM Physical Volume populating a whole disk) are not cleared correctly using the clearpart --initlabel kickstart command. Adding the --all switch-as in clearpart --initlabel --all-ensures disks are cleared correctly. anaconda component When installing on the IBM System z architecture, if the installation is being performed over SSH, avoid resizing the terminal window containing the SSH session. If the terminal window is resized during the installation, the installer will exit and the installation will terminate. yaboot component, BZ#613929 The kernel image provided on the CD/DVD is too large for Open Firmware. Consequently, on the POWER architecture, directly booting the kernel image over a network from the CD/DVD is not possible. Instead, use yaboot to boot from a network. anaconda component The Anaconda partition editing interface includes a button labeled Resize. This feature is intended for users wishing to shrink an existing file system and an underlying volume to make room for an installation of a new system. Users performing manual partitioning cannot use the Resize button to change sizes of partitions as they create them. If you determine a partition needs to be larger than you initially created it, you must delete the first one in the partitioning editor and create a new one with the larger size. system-config-kickstart component Channel IDs (read, write, data) for network devices are required for defining and configuring network devices on IBM S/390 systems. However, system-config-kickstart-the graphical user interface for generating a kickstart configuration-cannot define channel IDs for a network device. To work around this issue, manually edit the kickstart configuration that system-config-kickstart generates to include the desired network devices.
subscription-manager component When firstboot is running in text mode, the user can only register via Red Hat Network Register, not with subscription-manager. Both are available in GUI mode. subscription-manager component If multiple repositories are enabled, subscription-manager installs product certificates from all repositories instead of installing the product certificate only from the repository from which the RPM package was installed. subscription-manager component firstboot fails to provide Red Hat Network registration to a virtual machine in a NAT-based network; for example, in the libvirt environment. Note that this problem only occurs during the first boot after installation. If you run firstboot manually later, the registration finishes successfully.
389-ds-base component, BZ#878111 The ns-slapd utility terminates unexpectedly if it cannot rename the dirsrv-<instance> log files in the /var/log/ directory due to incorrect permissions on the directory. cpuspeed component, BZ#626893 Some HP Proliant servers may report incorrect CPU frequency values in /proc/cpuinfo or /sys/device/system/cpu/*/cpufreq. This is due to the firmware manipulating the CPU frequency without providing any notification to the operating system. To avoid this ensure that the HP Power Regulator option in the BIOS is set to OS Control. An alternative available on more recent systems is to set Collaborative Power Control to Enabled. releng component, BZ#644778 Some packages in the Optional repositories on RHN have multilib file conflicts. Consequently, these packages cannot have both the primary architecture (for example, x86_64) and secondary architecture (for example, i686) copies of the package installed on the same machine simultaneously. To work around this issue, install only one copy of the conflicting package. grub component, BZ#695951On certain UEFI-based systems, you may need to type BOOTX64 rather than bootx64 to boot the installer due to case sensitivity issues. grub component, BZ#698708 When rebuilding the grub package on the x86_64 architecture, the glibc-static.i686 package must be used. Using the glibc-static.x86_64 package will not meet the build requirements.
kernel component In Red Hat Enterprise Linux 6.4, if Large Receive Offload (LRO) is enabled with the macvtap driver, a kernel panic can occur on the host machine. This problem was observed on machines using Broadcom, QLogic and Intel cards. To work around the problem, disable LRO by running ethtool -K large-receive-offload off. kernel component There is a known issue with the Microsoft Hyper-V host. If a legacy network interface controller (NIC) is used on a multiple-CPU virtual machine, there is an interrupt problem in the emulated hardware when we the IRQ balancing daemon is running. Call trace information is logged in the /var/log/messages file. libvirt component, BZ#888635Under certain circumstances, virtual machines try to boot from an incorrect device after a network boot failure. For more information, please refer to this article on Customer Portal. qemu-kvm component, BZ#894277"Fast startup" used in Microsoft Windows 8 is not fully compatible with qemu-kvm in Red Hat Enterprise Linux 6. Windows 8 can therefore fail to boot the second time after its shutdown. To ensure successful boot of Windows 8 inside qemu-kvm, disable Windows 8 "fast startup" in . numad component, BZ#872524If numad is run on a system with a task that has very large resident memory (>= 50% total system memory), then the numad-initiated NUMA page migrations for that task can cause swapping. The swapping can then induce long latencies for the system. An example is running a 256GB Microsoft Windows KVM Virtual Machine on a 512GB host. The Windows guest will fault in all pages on boot in order to zero them. On a four node system, numad will detect that a 256GB task can fit in a subset of two or three nodes, and then attempt to migrate it to that subset. Swapping can then occur and lead to latencies. These latencies may then cause the Windows guest to hang, as timing requirements are no longer met. Therefore, on a system with only one or two very large Windows machines, it is recommended to disable numad. Note that this problem is specific to Windows 2012 guests that use more memory than exists in a single node. Windows 2012 guests appear to allocate memory more gradually than other Windows guest types, which triggers the issue. Other varieties of Windows guests do not seem to experience this problem. You can work around this problem by: limiting Windows 2012 guests to less memory than exists in a given node -- so on a typical 4 node system with even memory distribution, the guest would need to be less than the total amount of system memory divided by 4; or allowing the Windows 2012 guests to finish allocating all of its memory before allowing numad to run. numad will handle extremely huge Windows 2012 guests correctly after allowing a few minutes for the guest to finish allocating all of its memory.
grubby component, BZ#893390When a Red Hat Enterprise Linux 6.4 guest updates the kernel and then the guest is turned of through Microsoft Hyper-V Manager, the guest fails to boot due to incomplete grub information. This is because the data is not synced properly to disk when the machine is turned off through Hyper-V Manager. To work around this problem, execute the sync command before turning the guest off. kernel component Using the mouse scroll wheel does not work on Red Hat Enterprise Linux 6.4 guests that run under Microsoft Hyper-V Manager installed on a physical machine. However, the scroll wheel works as expected when the vncviewer utility is used. kernel component, BZ#874406Microsoft Windows Server 2012 guests using the e1000 driver can become unresponsive consuming 100% CPU during reboot. kernel component When a kernel panic is triggered on a Microsoft Hyper-V guest, the kdump utility does not capture the kernel error information; an error is only displayed on the command line. kernel component Due to a bug in Microsoft Hyper-V Server 2008 R2, attempting to remove and then reload the hv_utils module on a Hyper-V guest running Red Hat Enterprise Linux 6.4 will cause a shutdown and the heartbeat service to not work. To work around this issue, upgrade the host system to Microsoft Hyper-V Server 2012. quemu-kvm component, BZ#871265AMD Opteron G1, G2 or G3 CPU models on qemu-kvm use the family and models values as follows: family=15 and model=6. If these values are larger than 20, the lahfm_lm CPU feature is ignored by Linux guests, even when the feature is enabled. To work around this problem, use a different CPU model, for example AMD Opteron G4. qemu-kvm component, BZ#860929KVM guests must not be allowed to update the host CPU microcode. KVM does not allows this and instead always returns the same microcode revision or patch level value to the guest. If the guest tries to update the CPU microcode, it will fail and show an error message similar to: CPU0: update failed (for patch_level=0x6000624) To work around this, configure the guest to not install CPU microcode updates; for example, uninstall the microcode_ctl package Red Hat Enterprise Linux of Fedora guests. virt-p2v component, BZ#816930Converting a physical server running either Red Hat Enterprise Linux 4 or Red Hat Enterprise Linux 5 which has its file system root on an MD device is not supported. Converting such a guest results in a guest which fails to boot. Note that conversion of a Red Hat Enterprise Linux 6 server which has its root on an MD device is supported. virt-p2v component, BZ#808820When converting a physical host with a multipath storage, Virt-P2V presents all available paths for conversion. Only a single path must be selected. This must be a currently active path. virtio-win component, BZ#615928 The balloon service on Windows 7 guests can only be started by the Administrator user. libvirt component, BZ#622649 libvirt uses transient iptables rules for managing NAT or bridging to virtual machine guests. Any external command that reloads the iptables state (such as running system-config-firewall) will overwrite the entries needed by libvirt. Consequently, after running any command or tool that changes the state of iptables, guests may lose access to the network. To work around this issue, use the service libvirt reload command to restore libvirt's additional iptables rules. virtio-win component, BZ#612801 A Windows virtual machine must be restarted after the installation of the kernel Windows driver framework. If the virtual machine is not restarted, it may crash when a memory balloon operation is performed. qemu-kvm component, BZ#720597Installation of Windows 7 Ultimate x86 (32-bit) Service Pack 1 on a guest with more than 4GB of RAM and more than one CPU from a DVD medium often crashes during the final steps of the installation process due to a system hang. To work around this issue, use the Windows Update utility to install the Service Pack. qemu-kvm component, BZ#612788 A dual function Intel 82576 Gigabit Ethernet Controller interface (codename: Kawela, PCI Vendor/Device ID: 8086:10c9) cannot have both physical functions (PF's) device-assigned to a Windows 2008 guest. Either physical function can be device assigned to a Windows 2008 guest (PCI function 0 or function 1), but not both. virt-v2v component, BZ#618091 The virt-v2v utility is able to convert guests running on an ESX server. However, if an ESX guest has a disk with a snapshot, the snapshot must be on the same datastore as the underlying disk storage. If the snapshot and the underlying storage are on different datastores, virt-v2v will report a 404 error while trying to retrieve the storage. virt-v2v component, BZ#678232 The VMware Tools application on Microsoft Windows is unable to disable itself when it detects that it is no longer running on a VMware platform. Consequently, converting a Microsoft Windows guest from VMware ESX, which has VMware Tools installed, will result in errors. These errors usually manifest as error messages on start-up, and a "Stop Error" (also known as a BSOD) when shutting down the guest. To work around this issue, uninstall VMware Tools on Microsoft Windows guests prior to conversion.
4.5. Storage and File Systemskernel component Storage that reports a discard_granularity that is not a power of two will cause the kernel to improperly issue discard requests to the underlying storage. This results in I/O errors associated with the failed discard requests. To work around the problem, if possible, do not upgrade to newer vendor storage firmware that reports discard_granularity that is not a power of two. parted component Users might be unable to access a partition created by parted. To work around this problem, reboot the machine. lvm2 component, BZ#852812When filling a thin pool to 100% by writing to thin volume device, access to all thin volumes using this thin pool can be blocked. To prevent this, try not to overfill the pool. If the pool is overfilled and this error occurs, extend the thin pool with new space to continue using the pool. dracut component The Qlogic QLA2xxx driver can miss some paths after booting from Storage Area Network (SAN). To workaroud this problem, run the following commands: echo "options qla2xxx ql2xasynclogin=0" > /etc/modprobe.d/qla2xxx.confmkinitrd /boot/initramfs-`uname -r`.img `uname -r` --force lvm2 component, BZ#903411Activating a logical volume can fail if the --thinpool and --discards options are specified on logical-volume creation. To work around this problem, manually deactive all thin volumes related to the changed thin pool prior to running the lvchange command. kernel component Unloading the nfs module can cause the system to terminate unexpectedly if the fsx utility was ran with NFSv4.1 before. kernel component Due to a bug in the CIFS mount code, it is not possible to unmount Distributed File System (DFS) shares in Red Hat Enterprise Linux 6.4. device-mapper-multipath component When the multipathd service is not running, failed devices will not be restored. However, the multipath command gives no indication that multipathd is not running. Users can unknowingly set up multipath devices without starting the multipathd service, keeping failed paths from automatically getting restored. Make sure to start multipathing by multipathd will automatically start on boot, and multipath devices will automatically restore failed paths.
lvm2 component, BZ#837603When the administrator disables use of the lvmetad daemon in the lvm.conf file, but the daemon is still running, the cached metadata are remembered until the daemon is restarted. However, if the use_lvmetad parameter in lvm.conf is reset to 1 without an intervening lvmetad restart, the cached metadata can be incorrect. Consequently, VG metadata can be overwritten with previous versions. To work around this problem, stop the lvmedat daemon manually when disabling use_lvmetad in lvm.conf. The daemon can only be restarted after use_lvmetad has been set to 1. To recover from an out-of-sync lvmetad cache, execute the pvscan --cache command or restart lvmetad. To restore metadata to correct versions, use vgcfrestore with a corresponding file in /etc/lvm/archive. lvm2 component, BZ#563927Due to the limitations of the LVM 'mirror' segment type, it is possible to encounter a deadlock situation when snapshots are created of mirrors. The deadlock can occur if snapshot changes (e.g. creation, resizing or removing) happen at the same time as a mirror device failure. In this case, the mirror blocks I/O until LVM can respond to the failure, but the snapshot is holding the LVM lock while trying to read the mirror. If the user wishes to use mirroring and take snapshots of those mirrors, then it is recommended to use the 'raid1' segment type for the mirrored logical volume instead. This can be done by adding the additional arguments '--type raid1' to the command that creates the mirrored logical volume, as follows: ~]$ lvcreate --type raid1 -m 1 -L 1G -n my_mirror my_vg kernel component, BZ#606260 The NFSv4 server in Red Hat Enterprise Linux 6 currently allows clients to mount using UDP and advertises NFSv4 over UDP with rpcbind. However, this configuration is not supported by Red Hat and violates the RFC 3530 standard. -
lvm2 component The pvmove command cannot currently be used to move mirror devices. However, it is possible to move mirror devices by issuing a sequence of two commands. For mirror images, add a new image on the destination PV and then remove the mirror image on the source PV: ~]$ lvconvert -m +1 <vg/lv> <new PV>~]$ lvconvert -m -1 <vg/lv> <old PV> Mirror logs can be handled in a similar fashion: ~]$ lvconvert --mirrorlog core <vg/lv>~]$ lvconvert --mirrorlog disk <vg/lv> <new PV> or ~]$ lvconvert --mirrorlog mirrored <vg/lv> <new PV>~]$ lvconvert --mirrorlog disk <vg/lv> <old PV>
kernel component Destroying the root port before any NPIV ports can cause unexpected system behavior, including a full system crash. Note that one instance where the root port is destroyed before the NPIV ports is when the system is shut down. To work around this problem, destroy NPIV ports before destroying the root port that the NPIV ports were created on. This means that for each created NPIV port, the user should write to the sysfs vport_delete interface to delete that NPIV port. This should be done before the root port is destroyed. Users are advised to script the NPIV port deletion and configure the system such that the script is executed before the fcoe service is stopped, in the shutdown sequence. kernel component A Linux LIO FCoE target causes the bfa driver to reset all FCoE targets which might lead to data corruption on LUN. To avoid these problems, do not use the bfa driver with a Linux FCoE target. NetworkManager component, BZ#896198 A GATEWAY setting in the /etc/sysconfig/network file causes NetworkManager to assign that gateway to all interfaces with static IP addresses, even if their configuration did not specify a gateway or specified a different gateway. Interfaces have the incorrect gateway information and the wrong interface may have the default route. Instead of using GATEWAY in /etc/sysconfig/network to specify which interface receives the default route, set DEFROUTE=no in each ifcfg file that should not have the default route. Any interface connected using configuration from an ifcfg file containing DEFROUTE=no will never receive the default route. kernel component Typically, on platforms with no Intelligent Platform Management Interface (IPMI) hardware the user can see the following message the on the boot console and in dmesg log: Could not set up I/O space This message can be safely ignored, unless the system really does have IPMI hardware. In that case, the message indicates that the IPMI hardware could not be initialized. In order to support Advanced Configuration and Power Interface (ACPI) opregion access to IPMI functionality early in the boot, the IPMI driver has been statically linked with the kernel image. This means that the IPMI driver is "loaded" whether or not there is any hardware. The IPMI driver will try to initialize the IPMI hardware, but if there is no IPMI hardware present on the booting platform, the driver will print error messages on the console and in the dmesg log. Some of these error messages do not identify themselves as having been issued by the IPMI driver, so they can appear to be serious, when they are harmless. kernel component Shutting down the fcoe-target service while the Fibre Channel over Ethernet (FCoE) can lead to a kernel crash. Please minimize FCoE traffic before stopping or restarting this service. fcoe-utils component After an ixgbe Fibre Channel over Ethernet (FCoE) session is created, server reboot can cause some or all of the FCoE sessions to not be created automatically. To work around this problem, follow the following steps (assuming that eth0 is the missing NIC for the FCoE session): ifconfig eth0 downifconfig eth0 upsleep 5dcbtool sc eth0 dcb onsleep 5dcbtool sc eth0 pfc e:1 a:1 w:1dcbtool sc eth0 app:fcoe e:1 a:1 w:1service fcoe restart fcoe-target-utils component Using targetcli to configure the FCoE Target will fail with the message Could not create RTSRoot in configFS. To prevent this, ensure that the fcoe-target service is running by executing service fcoe-target start. libibverbs component The InfiniBand UD transport test utility could become unresponsive when the ibv_ud_pingpong command was used with a packet size of 2048 or greater. UD is limited to no more than the smallest MTU of any point in the path between point A and B, which is between 0 and 4096 given that the largest MTU supported (but not the smallest nor required) is 4096. If the underlying Ethernet is jumbo frame capable, and with a 4096 IB MTU on an RoCE device, the max packet size that can be used with UD is 4012 bytes. bind-dyndb-ldap component IPA creates a new DNS zone in two separate steps. When the new zone is created, it is invalid for a short period of time. A/AAAA records for the name server belonging to the new zone are created after this delay. Sometimes, BIND attempts to load this invalid zone and fails. In such a case, reload BIND by running either rndc reload or service named restart. selinux-policy component SELinux can prevent the nmbd service from writing into the /var/, which breaks NetBIOS name resolution and leads to SELinux AVC denials. kernel component If multiple DHCP6 servers are configured on multiple VLANs, for example two DHCP6 servers on VLAN1 and VLAN3, the bna driver NIC does not set up a VLAN interface but can get the VLAN3 IPv6 address. kernel component The latest version of the sfc NIC driver causes lower UDP and TX performance with large amounts of fragmented UDP packets. This problem can be avoided by setting a constant interrupt moderation period (not adaptive moderation) on both sides, sending and receiving. kernel component When IPv6 is administratively disabled via disable=1 module parameter, all of the IPv6 protocol handlers are disabled. This includes any offload handlers that support TSO/GSO. The lack of handlers results in the host dropping any TSO/GSO IPv6 packets it may receive from the guest. This can cause problems with retransmission on the guest and throughput. If you want to disable IPV6 support on the host administratively while enabling and providing IPv6 support to the guest without incurring a performance penalty: kernel component Some network interface cards (NICs) may not get an IPv4 address assigned after the system is rebooted. To work around this issue, add the following line to the /etc/sysconfig/network-scripts/ifcfg-<interface> file: LINKDELAY=10 NetworkManager component, BZ#758076If a Certificate Authority (CA) certificate is not selected when configuring an 802.1x or WPA-Enterprise connection, a dialog appears indicating that a missing CA certificate is a security risk. This dialog presents two options: ignore the missing CA certificate and proceed with the insecure connection, or choose a CA certificate. If the user elects to choose a CA certificate, this dialog disappears and the user may select the CA certificate in the original configuration dialog. samba component Current Samba versions shipped with Red Hat Enterprise Linux 6.4 are not able to fully control the user and group database when using the ldapsam_compat back end. This back end was never designed to run a production LDAP and Samba environment for a long period of time. The ldapsam_compat back end was created as a tool to ease migration from historical Samba releases (version 2.2.x) to Samba version 3 and greater using the new ldapsam back end and the new LDAP schema. The ldapsam_compat back end lack various important LDAP attributes and object classes in order to fully provide full user and group management. In particular, it cannot allocate user and group IDs. In the Red Hat Enterprise Linux Reference Guide, it is pointed out that this back end is likely to be deprecated in future releases. Refer to Samba's documentation for instructions on how to migrate existing setups to the new LDAP schema. When you are not able to upgrade to the new LDAP schema (though upgrading is strongly recommended and is the preferred solution), you may work around this issue by keeping a dedicated machine running an older version of Samba (v2.2.x) for the purpose of user account management. Alternatively, you can create user accounts with standard LDIF files. The important part is the assignment of user and group IDs. In that case, the old Samba 2.2 algorithmic mapping from Windows RIDs to Unix IDs is the following: user RID = UID * 2 + 1000, while for groups it is: group RID = GID * 2 + 1001. With these workarounds, users can continue using the ldapsam_compat back end with their existing LDAP setup even when all the above restrictions apply. kernel component Because Red Hat Enterprise Linux 6.4 defaults to using Strict Reverse Path filtering, packets are dropped by default when the route for outbound traffic differs from the route of incoming traffic. This is in line with current recommended practice in RFC3704. For more information about this issue please refer to /usr/share/doc/kernel-doc-<version>/Documentation/networking/ip-sysctl.txt and https://access.redhat.com/knowledge/solutions/53031.
selinux-policy component The fence-sanlock agent does not support Selinux in Enforcing mode at the moment. lvm2 component, BZ#814779Clustered environment is not supported by lvmetad at the moment. If global/use_lvmetad=1 is used together with global/locking_type=3 configuration setting (clustered locking), the use_lvmetad setting is automatically overriden to 0 and lvmetad is not used in this case at all. Also, the following warning message is displayed: WARNING: configuration setting use_lvmetad overriden to 0 due to locking_type 3. Clustered environment not supported by lvmetad yet. luci component, BZ#615898 luci will not function with Red Hat Enterprise Linux 5 clusters unless each cluster node has ricci version 0.12.2-14.
ipa component, BZ#894388The Identity Management installer configures all integrated services to listen on all interfaces. The administrator has no means to instruct the Identity Management installer to listen only on chosen interfaces even though the installer requires a valid interface IP address as one installation parameter. To work around this problem, change service configuration after Identity Management installation. ipa component, BZ#894378Identity Management LDAP permission manipulation plugin validates subtree and filter permission specifiers as mutually exclusive even though it is a valid combination in the underlying LDAP Access Control Instruction (ACI). Permissions with filter and subtree specifiers can be neither created nor modified. This affects for example the Add Automount Keys permission which cannot be modified. ipa component, BZ#817080In some cases the certificates tracked by certmonger are not cleared when running the ipa-server-install --uninstall command. This will cause a subsequent re-installation to fail with an unexpected error. sssd component, BZ#892604The ssh_cache utility sets the DEBUG level after it processes the command-line parameters. If the command-line parameters cannot be processed, the utility prints DEBUG lines that are not supposed to be printed by default. To avoid this, correct parameters must be used. sssd component, BZ#891647It is possible to specify the enumerate=true value in the sssd.conf file to access all users in the system. However, using enumerate=true is not recommended in large environments as this can lead to high CPU consumption. As a result, operations like login or logout can be slowed down. ipa component, BZ#888579The Identity Management server processes Kerberos Password Expiration Time field as a 32-bit integer. If Maximum Lifetime of a user password in Identity Management Password Policy is set to a value causing the resulting Kerberos Password Expiration Time timestamp to exceed 32 bits and to overflow, the passwords that are being changed are configured with an expiration time that lies in the past and are always rejected. To ensure that new user passwords are valid and can be changed properly, do not set password Maximum Lifetime in Identity Management Password Policy to values that would cause the Kerberos Password Expiration Time timestamp to exceed 32 bits; that is, passwords that would expire after 2038-01-19. At the moment, recommended values for the Maximum Lifetime field are numbers lower than 9000 days. sssd component, BZ#785877When reconnecting to an LDAP server, SSSD does not check it was re-initialized during the downtime. If the server was re-initialized during the downtime and was filled with completely different data, SSSD does not update its database. As a consequence, the user can get invalid information from SSSD. To work around this problem: stop SSSD before reconnecting to the re-initialized server; clear the SSSD caches manually before reconnecting; start SSSD.
krb5 component In environments where entropy is scarce, the kadmind tool can take longer to initialize after startup than it did in previous releases as it attempts to read data from the /dev/random file and seed its internal random number generator (RNG). Clients which attempt to connect to the kadmin service can time out and fail with a GSS-API or Kerberos error. After the service completely finishes initializing itself, it will process messages received from now-disconnected clients and can log clock-skew or decrypt-integrity-check-failed errors for those connections. To work around this problem, use a service such as rngd to seed the system RNG using hardware sources of entropy. ipa component, BZ#887193The Identity Management server in Red Hat Enterprise Linux 6.3 introduced a technical preview of SELinux user mapping feature, which enabled a mapping of SELinux users to users managed by the Identity Management based on custom rules. However, the default configured SELinux user (guest_u:s0) used when no custom rule matches is too constraining. An Identity Management user authenticating to Red Hat Enterprise Linux 6.4 can be assigned the too constraining SELinux user in which case a login through graphical session would always fail. To work around this problem, change a too constraining default SELinux user in the Identity Management server from guest_u:s0 to a more relaxed value unconfined_u:s0-s0:c0.c1023: kinit adminipa config-mod --ipaselinuxusermapdefault=unconfined_u:s0-s0:c0.c1023 An unconfined SELinux user will be now assigned to the Identity Management user by default, which will allow the user to successfully authenticate through graphical interface. ipa component, BZ#761574When attempting to view a host in the web UI, the following message can appear: Certificate operation cannot be completed: Unable to communicate with CMS (Unauthorized) Attempting to to delete installed certificates through the web UI or command-line interface can fail with the same error message. To work around this problem, run the following command: ~]# yum downgrade ipa-server libipa_hbac libipa_hbac-python ipa-python ipa-client ipa-admintools ipa-server-selinux ipa component, BZ#877324After upgrading to Red Hat Identity Manager 2.2, it is not possible to add SSH public keys in the web UI. However, SSH public keys can be added on the command line by running ipa user-mod <user> --sshpubkey. sssd component, BZ#880150Rules with sudoUser specified as +netgroup are always matched with the sssd sudoers plugin. sssd component When the ldap_sasl_authid is not configured in the sssd.conf file, SSSD terminates unexpectedly with a segmentation fault. To avoid this problem, ensure that the option is configured. ipa component When upgrading the ipa-server package using anaconda, the following error message is logged in the upgrade.log file: /sbin/restorecon: lstat(/var/lib/pki-ca/publish*) failed: No such file or directory This problem does not occur when using yum. sssd component In the Identity Manager subdomain code, a User Principal Name (UPN) is by default built from the SAM Account Name and Active Directory trust users, that is user@DOMAIN. The UPN can be changed to differ from the UPN in Active Directory, however only the default format, user@DOMAIN, is supported. sssd component, BZ#805921Sometimes, group members may not be visible when running the getent group groupname command. This can be caused by an incorrect ldap_schema in the [domain/DOMAINNAME] section of the sssd.conf file. SSSD supports three LDAP schema types: RFC 2307, RFC 2307bis, and IPA. By default, SSSD uses the more common RFC 2307 schema. The difference between RFC 2307 and RFC 2307bis is the way which group membership is stored in the LDAP server. In an RFC 2307 server, group members are stored as the multi-valued memberuid attribute which contains the name of the users that are members. In an RFC2307bis server, group members are stored as the multi-valued attribute member (or sometimes uniqueMember) which contains the DN of the user or group that is a member of this group. RFC2307bis allows nested groups to be maintained as well. When encountering this problem: add ldap_schema = rfc2307bis in the sssd.conf file, detele the /var/lib/sss/db/cache_DOMAINNAME.ldb file, and restart SSSD.
If the workaround does not work, add ldap_group_member = uniqueMember in the sssd.conf file, delete the cache file and restart SSSD. - Identity Management component, BZ#826973
When Identity Management is installed with its CA certificate signed by an external CA, the installation is processed in 2 stages. In the first stage, a CSR is generated to be signed by an external CA. The second stage of the installation then accepts a file with the new signed certificate for the Identity Management CA and a certificate of the external CA. During the second stage of the installation, a signed Identity Management CA certificate subject is validated. However, there is a bug in the certificate subject validation procedure and its default value (O=$REALM, where $REALM is the realm of the new Identity Management installation) is never pulled. Consequently, the second stage of the installation process always fails unless the --subject option is specified. To work around this issue, add the following option for the second stage of the installation: --subject "O=$REALM" where $REALM is the realm of the new Identity Management installation. If a custom subject was used for the first stage of the installation, use its value instead. Using this work around, the certificate subject validation procedure succeeds and the installation continues as expected. - Identity Management component, BZ#822350
When a user is migrated from a remote LDAP, the user's entry in the Directory Server does not contain Kerberos credentials needed for a Kerberos login. When the user visits the password migration page, Kerberos credentials are generated for the user and logging in via Kerberos authentication works as expected. However, Identity Management does not generate the credentials correctly when the migrated password does not follow the password policy set on the Identity Management server. Consequently, when the password migration is done and a user tries to log in via Kerberos authentication, the user is prompted to change the password as it does not follow the password policy, but the password change is never successful and the user is not able to use Kerberos authentication. To work around this issue, an administrator can reset the password of a migrated user with the ipa passwd command. When reset, user's Kerberos credentials in the Directory Server are properly generated and the user is able to log in using Kerberos authentication. - Identity Management component
In the Identity Management webUI, deleting a DNS record may, under come circumstances, leave it visible on the page showing DNS records. This is only a display issue and does not affect functionality of DNS records in any way. - Identity Management component, BZ#790513
The ipa-client package does not install the policycoreutils package as its dependency, which may cause install/uninstall issues when using the ipa-client-install setup script. To work around this issue, install the policycoreutils package manually: ~]# yum install policycoreutils - Identity Management component, BZ#813376
Updating the Identity Management LDAP configuration via the ipa-ldap-updater fails with a traceback error when executed by a non-root user due to the SASL EXTERNAL bind requiring root privileges. To work around this issue, run the aforementioned command as the root user. - Identity Management component, BZ#794882
With netgroups, when adding a host as a member that Identity Management does not have stored as a host already, that host is considered to be an external host. This host can be controlled with netgroups, but Identity Management has no knowledge of it. Currently, there is no way to use the netgroup-find option to search for external hosts. Also, note that when a host is added to a netgroup as an external host, rather than being added in Identity Management as an external host, that host is not automatically converted within the netgroup rule. - Identity Management component, BZ#786629
Because a permission does not provide write access to an entry, delegation does not work as expected. The 389 Directory Server (389-ds) distinguishes access between entries and attributes. For example, an entry can be granted add or delete access, whereas an attribute can be granted read, search, and write access. To grant write access to an entry, the list of writable attributes needs to be provided. The filter, subtree, and other options are used to target those entries which are writable. Attributes define which part(s) of those entries are writable. As a result, the list of attributes will be writable to members of the permission. sssd component, BZ#808063The manpage entry for the ldap_disable_paging option in the sssd-ldap man page does not indicate that it accepts the boolean values True or False, and defaulting to False if it is not explicitly specified. - Identity Management component, BZ#812127
Identity Management relies on the LDAP schema to know what type of data to expect in a given attribute. If, in certain situations (such as replication), data that does not meet those expectations is inserted into an attribute, Identity Management will not be able to handle the entry, and LDAP tools have do be used to manually clean up that entry. - Identity Management component, BZ#812122
Identity Management sudo commands are not case sensitive. For example, executing the following commands will result in the latter one failing due to the case insensitivity: ~]$ ipa sudocmd-add /usr/bin/Xâ‹®~]$ ipa sudocmd-add /usr/bin/xipa: ERROR: sudo command with name "/usr/bin/x" already exists - Identity Management component
When an Identity Management server is installed with a custom hostname that is not resolvable, the ipa-server-install command should add a record to the static hostname lookup table in /etc/hosts and enable further configuration of Identity Management integrated services. However, a record is not added to /etc/hosts when an IP address is passed as an CLI option and not interactively. Consequently, Identity Management installation fails because integrated services that are being configured expect the Identity Management server hostname to be resolvable. To work around this issue, complete one of the following: Run the ipa-server-install without the --ip-address option and pass the IP address interactively. Add a record to /etc/hosts before the installation is started. The record should contain the Identity Management server IP address and its full hostname (the hosts(5) man page specifies the record format).
As a result, the Identity Management server can be installed with a custom hostname that is not resolvable. sssd component Upgrading SSSD from the version provided in Red Hat Enterprise Linux 6.1 to the version shipped with Red Hat Enterprise Linux 6.2 may fail due to a bug in the dependent library libldb. This failure occurs when the SSSD cache contains internal entries whose distinguished name contains the \, character sequence. The most likely example of this is for an invalid memberUID entry to appear in an LDAP group of the form: memberUID: user1,user2 memberUID is a multi-valued attribute and should not have multiple users in the same attribute.
If the upgrade issue occurs, identifiable by the following debug log message: (Wed Nov 2 15:18:21 2011) [sssd] [ldb] (0): A transaction is still active inldb context [0xaa0460] on /var/lib/sss/db/cache_<DOMAIN>.ldb remove the /var/lib/sss/db/cache_<DOMAIN>.ldb file and restart SSSD. Removing the /var/lib/sss/db/cache_<DOMAIN>.ldb file purges the cache of all entries (including cached credentials). sssd component, BZ#751314When a group contains certain incorrect multi-valued memberUID values, SSSD fails to sanitize the values properly. The memberUID value should only contain one username. As a result, SSSD creates incorrect users, using the broken memberUID values as their usernames. This, for example, causes problems during cache indexing. - Identity Management component
Two Identity Management servers, both with a CA (Certificate Authority) installed, use two replication replication agreements. One is for user, group, host, and other related data. Another replication agreement is established between the CA instances installed on the servers. If the CA replication agreement is broken, the Identity Management data is still shared between the two servers, however, because there is no replication agreement between the two CAs, issuing a certificate on one server will cause the other server to not recognize that certificate, and vice versa. - Identity Management component
The Identity Management (ipa) package cannot be build with a 6ComputeNode subscription. sssd component, BZ#741264 Active Directory performs certain LDAP referral-chasing that is incompatible with the referral mechanism included in the openldap libraries. Notably, Active Directory sometimes attempts to return a referral on an LDAP bind attempt, which used to cause a hang, and is now denied by the openldap libraries. As a result, SSSD may suffer from performance issues and occasional failures resulting in missing information. To work around this issue, disable referral-chasing by setting the following parameter in the [domain/DOMAINNAME] section of the /etc/sssd/sssd.conf file: ldap_referrals = false
kernel component A Linux LIO FCoE target causes the bnx2fc driver to perform sequence level error recovery when the target is down. As a consequence, the FCoE session cannot be resumed after the Ethernet link is bounced, the bnx2fc kernel module cannot be unloaded and the FCoE session cannot be removed when running the fcoeadm -d eth0 command. To avoid these problems, do not use the bnx2fc driver with a Linux FCoE target. kernel component When using large block size (1MB), the tape driver sometimes returns an EBUSY error. To work around this problem, use a smaller block size, that is 256KB. kernel component On some of the older Broadcom tg3 devices, the default Maximum Read Request Size (MRRS) value of 512 byte is known to cause lower performance. It is because these devices perform direct memory access (DMA) requests serially. 1500-byte ethernet packet will be broken into 3 PCIE read requests using 512 byte MRRS. When using a higher MRRS value, the DMA transfer can be faster as fewer requests will be needed. However, the MRRS value is meant to be tuned by system software and not by the driver. PCIE Base spec 3.0 section 7.8.4 contains an implementation note that illustrates how system software might tune the MRRS for all devices in the system. As a result, Broadcom modified the tg3 driver to remove the code that sets the MRRS to 4K bytes so that any value selected by system software (BIOS) will be preserved. kernel component The Brocade BFA Fibre Channel and FCoE driver does not currently support dynamic recognition of Logical Unit addition or removal using the sg3_utils utilities (for example, the sg_scan command) or similar functionality. Please consult Brocade directly for a Brocade equivalent of this functionality. kernel componentiSCSI and FCoE boot support on Broadcom devices is not included in Red Hat Enterprise Linux 6.4. These two features, which are provided by the bnx2i and bnx2fc Broadcom drivers, remain a Technology Preview until further notice. kexec-tools component Starting with Red Hat Enterprise Linux 6.0 and later, kexec kdump supports dumping core to the Brtfs file system. However, note that because the findfs utility in busybox does not support Btrfs yet, UUID/LABEL resolving is not functional. Avoid using the UUID/LABEL syntax when dumping core to Btrfs file systems. trace-cmd component The trace-cmd service does start on 64-bit PowerPC and IBM System z systems because the sys_enter and sys_exit events do not get enabled on the aforementioned systems. trace-cmd component trace-cmd's subcommand, report, does not work on IBM System z systems. This is due to the fact that the CONFIG_FTRACE_SYSCALLS parameter is not set on IBM System z systems. libfprint component Red Hat Enterprise Linux 6 only has support for the first revision of the UPEK Touchstrip fingerprint reader (USB ID 147e:2016). Attempting to use a second revision device may cause the fingerprint reader daemon to crash. The following command returns the version of the device being used in an individual machine: ~]$ lsusb -v -d 147e:2016 | grep bcdDevice kernel component The Emulex Fibre Channel/Fibre Channel-over-Ethernet (FCoE) driver in Red Hat Enterprise Linux 6 does not support DH-CHAP authentication. DH-CHAP authentication provides secure access between hosts and mass storage in Fibre-Channel and FCoE SANs in compliance with the FC-SP specification. Note, however that the Emulex driver (lpfc) does support DH-CHAP authentication on Red Hat Enterprise Linux 5, from version 5.4. Future Red Hat Enterprise Linux 6 releases may include DH-CHAP authentication. kernel component The recommended minimum HBA firmware revision for use with the mpt2sas driver is "Phase 5 firmware" (that is, with version number in the form 05.xx.xx.xx). Note that following this recommendation is especially important on complex SAS configurations involving multiple SAS expanders.
kernel component In Red Hat Enterprise Linux 6.4, irqbalance has been updated to upstream version 1.0.4. This version of irqbalance requires /sys/device/system/cpu/cpu?/node* to exist; however, kernel-2.6.32-358 or earlier does not include support for this sysfs node. To work around this problem, use the irqbalance-0.55-35.el6_3 package or earlier. kernel component Red Hat Enterprise Linux 6.4 changed the maximum read/write socket memory default value to be higher, allowing for better performance on some machines. It was observed that if the values of ?mem_max are not symmetrical between two machines, the performance can be negatively affected. To work around this problem, adjust the value of ?mem_max to be equal across all Red Hat Enterprise Linux systems in the network. kabi-whitelists component The vxfs module might not work properly on Red Hat Enterprise Linux 6.4 because of the broken radix_tree_gang_lookup_slot symbol. Consult Symantec should you require a workaround for this issue. kernel component Enabling TCP Segmentation Offload (TSO) on TAP interface may cause low throughput when the uplink is a high-speed interface. To improve throughput, turn off TSO on the tap interface of the virtual machine. kabi-whitelists component, BZ#871580A patch submitted in Red Hat Enterprise Linux 6.3 broke a kABI symbol. Consequently, the previously working Red Hat Enterprise Linux 6.2 Veritas vxfs module did not work on the 6.3 kernel; a newer compiled version of the Red Hat Enterprise Linux 6.3 Veritas vxfs module had to be used. In Red Hat Enterprise Linux 6.4, the kABI issue has been fixed, and the Red Hat Enterprise Linux 6.3 Veritas vxfs module works as expected. Refer to Table 4.1, "Functionality Matrix" for a summary of what versions of Red Hat Enterprise Linux 6 and vxfs function as expected. Table 4.1. Functionality Matrix | Red Hat Enterprise Linux Version (Kernel Version) |
|---|
| | 6.2 GA (2.6.32-220.el6) | 6.3 GA (2.6.32-279.el6) | 6.4 pre-alpha (2.6.32-330.el6) |
|---|
vxfs Module Version | 5.1.120.000-SP1PR2 | works | fails | works | | 5.1.133.000-SP1RP3 | - | works | fail |
kernel component When using Chelsio's iSCSI HBAs for an iSCSI root partition, the first boot after install fails. This occurs because Chelsio's iSCSI HBA is not properly detected. To work around this issue, users must add the iscsi_firmware parameter to grub's kernel command line. This will signal to dracut to boot from the iSCSI HBA. kernel component The installation of Red Hat Enterprise Linux 6.4 i386 may occasionally fail. To work around this issue, add the following parameter to the kernel command line: vmalloc=256MB kernel component If a device reports an error, while it is opened (via the open(2) system call), then the device is closed (via the close(2) system call), and the /dev/disk/by-id link for the device may be removed. When the problem on the device that caused the error is resolved, the by-id link is not re-created. To work around this issue, run the following command: ~]# echo 'change' > /sys/class/block/sdX/uevent kernel component When an HBA that uses the mpt2sas driver is connected to a storage using an SAS switch LSI SAS 6160, the driver may become unresponsive during Controller Fail Drive Fail (CFDF) testing. This is due to faulty firmware that is present on the switch. To fix this issue, use a newer version (14.00.00.00 or later) of firmware for the LSI SAS 6160 switch. kernel component, BZ#745713In some cases, Red Hat Enterprise Linux 6 guests running fully-virtualized under Red Hat Enterprise Linux 5 experience a time drift or fail to boot. In other cases, drifting may start after migration of the virtual machine to a host with different speed. This is due to limitations in the Red Hat Enterprise Linux 5 Xen hypervisor. To work around this, add the nohpet parameter or, alternatively, the clocksource=jiffies parameter to the kernel command line of the guest. Or, if running under Red Hat Enterprise Linux 5.7 or newer, locate the guest configuration file for the guest and add the hpet=0 parameter in it. kernel component On some systems, Xen full-virt guests may print the following message when booting: WARNING: BIOS bug: CPU MTRRs don't cover all of memory, losing <number>MB of RAM It is possible to avoid the memory trimming by using the disable_mtrr_trim kernel command line option. kernel component The perf record command becomes unresponsive when specifying a tracepoint event and a hardware event at the same time. kernel component On 64-bit PowerPC, the following command may cause kernel panic: ~]# ./perf record -agT -e sched:sched_switch -F 100 -- sleep 3 kernel component Applications are increasingly using more than 1024 file descriptors. It is not recommended to increase the default soft limit of file descriptors because it may break applications that use the select() call. However, it is safe to increase the default hard limit; that way, applications requiring a large amount of file descriptors can increase their soft limit without needing root privileges and without any user intervention. kernel component In network only use of Brocade Converged Network Adapters (CNAs), switches that are not properly configured to work with Brocade FCoE functionality can cause a continuous linkup/linkdown condition. This causes continuous messages on the host console: bfa xxxx:xx:xx.x: Base port (WWN = xx:xx:xx:xx:xx:xx:xx:xx) lost fabric connectivity To work around this issue, unload the Brocade bfa driver. kernel component In Red Hat Enterprise Linux 6, a legacy bug in the PowerEdge Expandable RAID Controller 5 (PERC5) which causes the kdump kernel to fail to scan for scsi devices. It is usually triggered when a large amounts of I/O operations are pending on the controller in the first kernel before performing a kdump. kernel component, BZ#679262In Red Hat Enterprise Linux 6.2 and later, due to security concerns, addresses in /proc/kallsyms and /proc/modules show all zeros when accessed by a non-root user. kernel component Superfluous information is displayed on the console due to a correctable machine check error occurring. This information can be safely ignored by the user. Machine check error reporting can be disabled by using the nomce kernel boot option, which disables machine check error reporting, or the mce=ignore_ce kernel boot option, which disables correctable machine check error reporting. -
kernel component The order in which PCI devices are scanned may change from one major Red Hat Enterprise Linux release to another. This may result in device names changing, for example, when upgrading from Red Hat Enterprise Linux 5 to 6. You must confirm that a device you refer to during installation, is the intended device. One way to assure the correctness of device names is to, in some configurations, determine the mapping from the controller name to the controller's PCI address in the older release, and then compare this to the mapping in the newer release, to ensure that the device name is as expected. The following is an example from /var/log/messages: kernel: cciss0: <0x3230> at PCI 0000:1f:00.0 IRQ 71 using DAC…kernel: cciss1: <0x3230> at PCI 0000:02:00.0 IRQ 75 using DAC If the device name is incorrect, add the pci=bfsort parameter to the kernel command line, and check again. kernel component The minimum firmware version for NIC adapters managed by netxen_nic is 4.0.550. This includes the boot firmware which is flashed in option ROM on the adapter itself. kernel component High stress on 64-bit IBM POWER series machines prevents kdump from successfully capturing the vmcore. As a result, the second kernel is not loaded, and the system becomes unresponsive. kernel component Triggering kdump to capture a vmcore through the network using the Intel 82575EB ethernet device in a 32 bit environment causes the networking driver to not function properly in the kdump kernel, and prevent the vmcore from being captured. -
kernel component Memory Type Range Register (MTRR) setup on some hyperthreaded machines may be incorrect following a suspend/resume cycle. This can cause graphics performance (specifically, scrolling) to slow considerably after a suspend/resume cycle. To work around this issue, disable and then re-enable the hyperthreaded sibling CPUs around suspend/resume, for example: case $1 in hibernate|suspend) echo 0 > /sys/devices/system/cpu/cpu1/online echo 0 > /sys/devices/system/cpu/cpu3/online ; thaw|resume) echo 1 > /sys/devices/system/cpu/cpu1/online echo 1 > /sys/devices/system/cpu/cpu3/online ;esac kernel component In Red Hat Enterprise Linux 6.2, nmi_watchdog registers with the perf subsystem. Consequently, during boot, the perf subsystem grabs control of the performance counter registers, blocking OProfile from working. To resolve this, either boot with the nmi_watchdog=0 kernel parameter set, or run the following command to disable it at run time: echo 0 > /proc/sys/kernel/nmi_watchdog
To re-enable nmi-watchdog, use the following command echo 1 > /proc/sys/kernel/nmi_watchdog
kernel component, BZ#603911 Due to the way ftrace works when modifying the code during start-up, the NMI watchdog causes too much noise and ftrace can not find a quiet period to instrument the code. Consequently, machines with more than 512 CPUs will encounter issues with the NMI watchdog. Such issues will return error messages similar to BUG: NMI Watchdog detected LOCKUP and have either ftrace_modify_code or ipi_handler in the backtrace. To work around this issue, disable NMI watchdog by setting the nmi_watchdog=0 kernel parameter, or using the following command at run time: echo 0 > /proc/sys/kernel/nmi_watchdog
kernel component On 64-bit POWER systems the EHEA NIC driver will fail when attempting to dump a vmcore via NFS. To work around this issue, utilize other kdump facilities, for example dumping to the local file system, or dumping over SSH. kernel component, BZ#587909 A BIOS emulated floppy disk might cause the installation or kernel boot process to hang. To avoid this, disable emulated floppy disk support in the BIOS. kernel component The preferred method to enable nmi_watchdog on 32-bit x86 systems is to use either nmi_watchdog=2 or nmi_watchdog=lapic parameters. The parameter nmi_watchdog=1 is not supported. -
kernel component The kernel parameter, pci=noioapicquirk, is required when installing the 32-bit variant of Red Hat Enterprise Linux 6 on HP xw9300 workstations. Note that the parameter change is not required when installing the 64-bit variant.
Red_Hat_Enterprise_Linux-Release_Notes-6 componentlibwacom component The Lenovo X220 Tablet Touchscreen is not supported in the kernel shipped with Red Hat Enterprise Linux 6.4. wacomcpl package, BZ#769466The wacomcpl package has been deprecated and has been removed from the package set. The wacomcpl package provided graphical configuration of Wacom tablet settings. This functionality is now integrated into the GNOME Control Center. acroread component Running a AMD64 system without the sssd-client.i686 package installed, which uses SSSD for getting information about users, causes acroread to fail to start. To work around this issue, manually install the sssd-client.i686 package. kernel component, BZ#681257 With newer kernels, such as the kernel shipped in Red Hat Enterprise Linux 6.1, Nouveau has corrected the Transition Minimized Differential Signaling (TMDS) bandwidth limits for pre-G80 NVIDIA chipsets. Consequently, the resolution auto-detected by X for some monitors may differ from that used in Red Hat Enterprise Linux 6.0. fprintd component When enabled, fingerprint authentication is the default authentication method to unlock a workstation, even if the fingerprint reader device is not accessible. However, after a 30 second wait, password authentication will become available. evolution component Evolution's IMAP backend only refreshes folder contents under the following circumstances: when the user switches into or out of a folder, when the auto-refresh period expires, or when the user manually refreshes a folder (that is, using the menu item ⤍ ). Consequently, when replying to a message in the Sent folder, the new message does not immediately appear in the Sent folder. To see the message, force a refresh using one of the methods describe above. anaconda component The clock applet in the GNOME panel has a default location of Boston, USA. Additional locations are added via the applet's preferences dialog. Additionally, to change the default location, left-click the applet, hover over the desired location in the Locations section, and click the Set... button that appears. xorg-x11-server component, BZ#623169 In some multi-monitor configurations (for example, dual monitors with both rotated), the cursor confinement code produces incorrect results. For example, the cursor may be permitted to disappear off the screen when it should not, or be prevented from entering some areas where it should be allowed to go. Currently, the only workaround for this issue is to disable monitor rotation.
coolkey component, BZ#906537 Personal Identity Verification (PIV) Endpoint Cards which support both CAC and PIV interfaces might not work with the latest coolkey update; some signature operations like PKINIT can fail. To work around this problem, downgrade coolkey to the version shipped with Red Hat Enterprise Linux 6.3. libreport component Even if the stored credentials are used , the report-gtk utility can report the following error message: Wrong settings detected for Red Hat Customer Support [..] To work around this problem, close the dialog window; the Login=<rhn-user> and Password=<rhn-password> credentials in the /etc/libreport/plugins/rhtsupport.conf will be used in the same way they are used by report-rhtsupport. For more information, refer to this Knowledge Base article. vlock component When a user password is used to lock a console with vlock, the console can only be unlocked with the user password, not the root password. That is, even if the first inserted password is incorrect, and the user is prompted to provide the root password, entering the root password fails with an error message. libreoffice component Libreoffice contains a number of harmless files used for testing purposes. However, on Microsoft Windows system, these files can trigger false positive alerts on various anti-virus software, such as Microsoft Security Essentials. For example, the alerts can be triggered when scanning the Red Hat Enterprise Linux 6 ISO file. gnome-power-manager component When the computer runs on battery, custom brightness level is not remembered and restored if power saving features like "dim display when idle" or "reduce backlight brightness when idle" are enabled. rsyslog component rsyslog does not reload its configuration after a SIGHUP signal is issued. To reload the configuration, the rsyslog daemon needs to be restarted: ~]# service rsyslog restart parted component The parted utility in Red Hat Enterprise Linux 6 cannot handle Extended Address Volumes (EAV) Direct Access Storage Devices (DASD) that have more than 65535 cylinders. Consequently, EAV DASD drives cannot be partitioned using parted, and installation on EAV DASD drives will fail. To work around this issue, complete the installation on a non EAV DASD drive, then add the EAV device after the installation using the tools provided in the s390-utils package.
New dev86 and iasl packages are now available for Red Hat Enterprise Linux 6. The dev86 and iasl packages are build dependencies of the qemu-kvm package. This enhancement update adds the dev86 and iasl packages to the 32-bit x862 Optional channels of Red Hat Enterprise Linux 6. (BZ# 901677, BZ# 901678) All users who require dev86 and iasl are advised to install these new packages. New hypervkvpd packages are now available for Red Hat Enterprise Linux 6. The hypervkvpd packages contain hypervkvpd, the guest Hyper-V Key-Value Pair (KVP) daemon. Using VMbus, hypervkvpd passes basic information to the host. The information includes guest IP address, fully qualified domain name, operating system name, and operating system release number. An IP injection functionality is also provided which allows you to change the IP address of a guest from the host via the hypervkvpd daemon. This enhancement update adds the hypervkvpd packages to Red Hat Enterprise Linux 6. For more information about inclusion of, and guest installation support for, Microsoft Hyper-V drivers, refer to the Red Hat Enterprise Linux 6.4 Release Notes. (BZ#850674) All users who require hypervkvpd are advised to install these new packages. After installing the hypervkvpd packages, rebooting all guest machines is recommended, otherwise the Microsoft Windows server with Hyper-V might not be able to get information from these guest machines. New libjpeg-turbo packages are now available for Red Hat Enterprise Linux 6. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. This enhancement update adds the libjpeg-turbo packages to Red Hat Enterprise Linux 6. (BZ#788687) All users who require libjpeg-turbo are advised to install these new packages. New pcs packages are now available for Red Hat Enterprise Linux 6. The pcs packages provide a command-line tool and graphical web interface to configure and manage pacemaker and corosync. This enhancement update adds the pcs package as a Technology Preview. (BZ# 657370) More information about Red Hat Technology Previews is available here: All users who want to use the pcs Technology Preview are advised to install these new packages. A new haproxy package is now available for Red Hat Enterprise Linux 6. The haproxy package provides a reliable, high-performance network load balancer for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. This enhancement update adds the haproxy package to Red Hat Enterprise Linux 6 as a Technology Preview. (BZ#846067) More information about Red Hat Technology Previews is available at All users who want to use the haproxy Technology Preview should install this newly-released package, which adds this enhancement. A new keepalived package is now available as a Technology Preview for Red Hat Enterprise Linux 6. The keepalived package provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on the well-know and widely used Linux Virtual Server kernel module providing Layer4 network load-balancing. The keepalived daemon implements a set of health checkers to load-balanced server pools according their state. The keepalived daemon also implements the Virtual Router Redundancy Protocol (VRRP), allowing router or director failover to achieve high availability. This enhancement update adds the keepalived package to Red Hat Enterprise Linux 6 as a Technology Preview. (BZ#846064) More information about Red Hat Technology Previews is available at All users who want to use the keepalived Technology Preview should install this newly-released package, which adds this enhancement. New linuxptp packages are now available as a Technology Preview for Red Hat Enterprise Linux 6. The Linux PTP project is a software implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. These packages provide a robust implementation of the standard and use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal. This enhancement update adds the linuxptp packages to Red Hat Enterprise Linux 6 as a Technology preview. (BZ#848856) More information about Red Hat Technology Previews is available here: All users who want to use the linuxptp Technology Preview should install these newly-released packages, which add this enhancement. New libitm packages are now available for Red Hat Enterprise Linux 6. The libitm packages contain the GNU Transactional Memory runtime library that provides GCC transactional memory support. This enhancement update adds the libitm packages to Red Hat Enterprise Linux 6. (BZ#813301) All users who require libitm are advised to install these new packages. New scipy packages are now available for Red Hat Enterprise Linux 6. The SciPy package provides software for mathematics, science, and engineering. The NumPy package, which is designed to manipulate large multi-dimensional arrays of arbitrary records, is the core library for SciPy. The SciPy library is built to work with NumPy arrays and provides various efficient numerical routines, for example routines for numerical integration and optimization. This enhancement update adds the scipy packages to Red Hat Enterprise Linux 6. (BZ# 697530) All users who require scipy are advised to install these new package. New suitesparse packages are now available for Red Hat Enterprise Linux 6. The suitesparse packages are a collection of libraries for computations involving sparse matrices. This enhancement update adds the suitesparse packages to Red Hat Enterprise Linux 6. (BZ# 844974) All users who require suitespare should install these new packages. New tbb packages are now available for Red Hat Enterprise Linux 6. The tbb packages contain a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. This enhancement update adds the tbb packages to Red Hat Enterprise Linux 6. (BZ# 844976) All users who require tbb are advised to install these new packages. A new tuna package is now available for Red Hat Enterprise Linux 6. The tuna package provides an interface for changing both scheduler and IRQ tunables, at whole CPU, per-thread or per-IRQ levels. tuna allows CPUs to be isolated for use by a specific application and threads and interrupts to be moved to a CPU simply by dragging and dropping them. This enhancement update adds the tuna package to Red Hat Enterprise Linux 6. (BZ#812455) All users who require tuna should install this new package. A new mtdev package is now available for Red Hat Enterprise Linux 6. The new mtdev package contains a library that converts kernel input events from multitouch protocol A into multitouch protocol B events. Protocol B events provide per-touchpoint tracking which is required by the xorg-x11-drv-evdev and xorg-x11-drv-synaptics packages. This enhancement update adds the mtdev package to Red Hat Enterprise Linux 6. (BZ# 860177) All users who require mtdev should install this new package. New cpupowerutils packages are now available for Red Hat Enterprise Linux 6. The cpupowerutils packages provide a suite of tools to manage power states on appropriately enabled central processing units (CPU). This enhancement update adds the cpupowerutils packages to Red Hat Enterprise Linux 6. (BZ#697418) All users who require cpupowerutils are advised to install these new packages. New cgdcbxd packages are now available for Red Hat Enterprise Linux 6. The cgdcbxd packages provide a daemon to manage the priority of network traffic in Data Center Bridging (DCB) enabled environments. By using the information exchanged over the DCB Capability Exchange Protocol (DCBX) on a LAN, cgdcbxd enforces network priority on running applications on your host with the net_prio cgroup. This enhancement update adds the cgdcbxd packages to Red Hat Enterprise Linux 6. (BZ#835171) All users who require cgdcbxd are advised to install these new packages. |
| |
