Copyright © 2006 Novell, Inc.
This is just the initial version of the release notes for SUSE Linux 10.1. The release notes will be finalized later.
These release notes cover the following areas:
General: Information that everybody should read.
Update: Changes that are not mentioned in the Start-Up Manual, Chapter 2.
Installation: Additional pertinent information for installation.
Technical: This section contains a number of technical changes and enhancements for the experienced user.
In the Start-Up Manual, find information about installation and basic system configuration. In the Reference Guide, the system configuration is explained in detail. Additionally, the most important applications are described in the Applications Manual.
The new registration procedure helps customers to manage their systems with Novell's infrastructure. Once registered, packages and patch sources suitable for the current system are automatically detected and made available to the package management system (zmd). Register as part of the installation procedure, using the YaST module, or with the suse_register command.
The registration procedure transfers zmd's unique device identifier to Novell's registration Web service. To determine the appropriate packages and package sources, information about the hardware architecture, operating system, and version is also sent. The current time zone is transmitted then used to select a source mirror site in your area.
To provide maximum flexibility, Novell's Web service asks for required parameters depending on the needs of the registration procedure. The following local commands may be run to determine the needed information:
hwinfo
uname
PRIVACY: To allow for maximum customer privacy, the procedure can be configured to deny optionally requested parameters. It is still possible to register, but the experience may be less user-friendly because many human readable system parameters will not be displayed. If you do not register, the underlying system will continue to work. However, the registration service cannot provide the online update configuration unless registration is performed to pass mandatory information, including product, operating system type and version, and CPU type.
If you send only the mandatory information, your system is configured for getting online updates from an appropriate source. If you have a purchased version of SUSE Linux, you can send optional information to register for your installation support. Sending the optional information for SUSE Linux Enterprise products gives access to a wide range of additional features. See the Novell Web site for details.
Read more about applying patches to SUSE Linux in the PDF online-documentation on the first installation medium (docu/en/applying_patches.pdf).
This release of SUSE Linux Server ships with Novell AppArmor, which can protect your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor.
The AppArmor profiles included with SUSE Linux have been developed in conjunction with our best efforts to reproduce how most users will use their software. The profiles we have provided will work unmodified for many users—however, some users will find our profiles too restrictive for their environments.
If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof command line utility) to update your AppArmor profiles. You may place all your profiles into learning mode with the following:
aa-complain /etc/apparmor.d/*
When a program generates many complaints, the system's performance will be degraded; to mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof) to update your profiles even if you choose to leave them in learning mode. This will reduce the number of learning events logged to disk which will improve the performance of the system.
SUSE Linux comes with an add-on CD-ROM (CD6) that contains binary-only software. On this CD-ROM, find, for example, the firmware for WLAN cards such as Intel Centrino or an alternative Java engine.
Include the add-on medium by activating the "Include Add-On Products from Separate Media" option in the YaST installation type dialog at the beginning of the installation or update.
On some computers, Firefox with Pango support enabled is very slow. The performance seems to depend on the X server. Set MOZ_DISABLE_PANGO=0 if you want to switch on font rendering for your environment anyway:
export MOZ_DISABLE_PANGO=0
firefox
The English, German, and Czech manuals are the mandatory reference if the contents of a language version differs from the English text due to late software changes. Here is the list of noteworthy differences in the Start-Up manual:
Chapter 1, "Installation with YaST": The installation workflow is more detailed now: New section about "Selecting the Source of the Installation Data". The "Time Zone" gets set up between "System Analysis" and "Desktop Selection". There are now steps for "Cleanup" and "Completing Installation" with the possibility to "Clone this System for AutoYaST."
Chapter 2, "System Configuration with YaST": Enhancements and adjustments to "Installing and Removing Software", "Installing Add-On Products", "Automatic Online Update", "Registering", "Infrared Device" (IrDa), "Network Services" (Kerberos), and "Update from the Command Line" (rug User Management).
Instead of the Web Updater, use the Online Update YaST module. In "Network Services", NIS and NFS are split to client and server parts. "Start-Up Log" and "System Log" are separate sections now.
The "Saving the Package Selection" feature is not supported at the moment. The "Adding CD and DVD into System" (fstab) module was withdrawn.
To apply security updates and install additional software packages, use the ZENworks updater applet for KDE and GNOME, which replaces the SUSEwatcher. The ZENworks updater helps monitor available patches. The Online Updater from within the YaST Control Center is an alternative for updating software.
For automatic update, use rug, which replaces the YaST Online Update (YOU) in cron tables.
For more information about these features, see the SUSE Linux Start-Up Manual.
Before starting a remote update (for example, with VNC), make sure that the firewall of your system is configured accordingly. Use YaST to open the ports that are required to access your system remotely. Start the YaST Control Center. Then click "Network Services" -> "Remote Administration" and select "Allow Remote Administration". If necessary, activate "Open Port in Firewall".
Read the YaST help text for more information.
Starting with SUSE Linux 10.1, the vsftpd FTP server can be configured to run independently or using the xinetd superdaemon. The default is now for independent use—in previous versions, the default was to use xinetd. To run it with xinetd, enable the service in the xinetd configuration file (/etc/xinetd.d/vsftpd) and set the following option line in /etc/vsftpd.conf:
listen=NO
SUSE Linux comes with MySQL 5.0. As with every major release update, it is strongly recommended to perform a backup of the MySQL table files and create an SQL dump beforehand. After the update, /etc/init.d/mysql automatically executes mysql_fix_privilege_tables. Refer to http://dev.mysql.com/doc/refman/5.0/en/upgrade.html for more information and detailed instructions.
The installation is described in the Start-Up Guide.
SUSE Linux can be installed from either the DVD or a set of CD-ROM media. However, not all packages fit on the CD-ROMs. Only those users install most often are included. Find an overview listing the differences at http://www.novell.com/products/linuxpackages/professional/diff_cd_dvd.html.
If your system lacks a DVD drive and you need a certain package, either put the DVD in another machine connected with your network and mount it remotely for installation or use YaST to select a public FTP server as an installation source.
If you encounter nonfunctional hardware, check the Hardware Compatibility List at http://en.opensuse.org/HCL. The list also offers tips on how to get certain hardware working, including information about third-party drivers for hardware, such as video cards.
Because some laptops cannot be detected properly, the "Laptop Selection" will not be enabled automaticaly. To add the "Laptop Selection", start the YaST software package management and select the "Laptop Selection" manually. If NetworkManager is not setup by default on your laptop, configure it manually during the network configuration.
For security reasons, sudo no longer does X forwarding. If you want to start an X program such as YaST that requires root permissions, either become root first using su or call it through ssh as follows:
ssh -X -l root localhost yast2
With X.Org 6.9, the latest radeon driver is included, which supports nonrectangular MergedFB, RN50/ES1000 chips, VIVO, and BIOS hotkeys among other features. Our customers have been waiting for this impatiently for quite some time. Because several of these features touch very low level parts of the driver and customers have experienced problems with some chipset revisions, we also ship the version of the radeon driver already available on SUSE Linux 10.0 as a fallback with a reduced feature set—for example, it does not support DRI ("3D"). This old driver is called "radeonold". This old driver is not supported, because it is no longer actively developed.
If you encounter problems with the radeon driver, switch to the "radeonold" driver, which can be configured using SaX2. On a console prompt, enter sax2 -m 0=radeonold for configuration.
With some older i830 chipsets, dual head support for the X Window System is not available. Deactivate the dual head setting in the YaST hardware configuration dialog when installing SUSE Linux or manually run SaX2 (sax2) after installing SUSE Linux to deactivate dual head.
Because the sonypi kernel module does not work on recent Sony laptops, automatic loading of this module has been disabled. If you know that this kernel module does not cause trouble on your laptop, add sonypi to MODULES_LOADED_ON_BOOT in /etc/sysconfig/kernel.
The following kernel modules are no longer available:
AVM Fritz!Card DSL
AVM FRITZ! ISDN Adapters
The following kernel module package was changed internally:
Various drivers for wireless LAN cards. The madwifi driver for Atheros WLAN cards was removed.
For technical reasons, it was necessary to drop support for Ralink WLAN cards. The old driver no longer works with kernel version 2.6.16 and the new version is not yet stable enough. We intend to release an update as soon as the new version is stable enough.
Find additional drivers in the kmp packages. For background information, see http://en.opensuse.org/Kernel_Module_Packages.
On some machines, CPU frequency scaling can cause hangs when the machine is idle or when powersaved starts. In these cases, disable the powersave daemon at the installation with POWERSAVE=off as a boot parameter.
When this parameter is not given at the initial CD boot of the installation, powersaved must be disabled later using chkconfig powersaved off.
The local and IO APIC for the 32-bit x86 architecture has changed. A local and IO APIC (I/O Advanced Programmable Interrupt Controller) is an SMP-capable replacement for PC-style interrupt controllers. SMP systems and all recent uniprocessor systems have such a controller.
Until now, local and IO APIC was disabled on uniprocessor systems by default and had to be manually activated by using the "apic" kernel parameter. Now it runs by default and can be manually deactivated. For 64-bit systems, APIC is always enabled by default.
Any system with a BIOS version newer than 2001 gets local and IO APIC activated by default unless local and IO APIC is disabled in the BIOS or by the user.
Any BIOS from Intel newer than 1998 gets local and IO APIC activated by default.
Any system with more than one CPU gets local and IO APIC activated by default.
If you experience problems with devices not working properly, you can manually apply the following configuration options:
To disable local APIC, use nolapic (this implies disabling IO APICs).
To disable IO APIC, use noapic.
To get the same default as earlier releases, use nolapic.
The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults:
SOFTVIRTUALLIMIT=80 limits a single process so that it does not allocate more than 80% of the available virtual memory (RAM and swap).
SOFTRESIDENTLIMIT=85 limits a single process so that it does not occupy more than 85% of the physical memory (RAM).
These soft limits can be overridden with the ulimit command by the user. Hard limits could only be overridden by root.
The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against run-away processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage.
To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel. The limits configured in limits.conf override the global defaults from the ulimit package.
On SUSE Linux 10.1 a new mounting mechanism replaces the submount system used earlier. This new mechanism does not unmount media automatically, but on hardware request. Some devices, most notably older CD drives but also some new drives with broken firmware, do not send this signal. To eject the media on such devices, select Eject in the context menu (opened by right-clicking) of the device in "My Computer" or select Eject in the context menu of the device icon on the desktop.