Release Notes for SUSE Linux Enterprise Desktop 11 Service Pack 4 (SP4) Version 11.4.10 (2015-06-18) Abstract These release notes are generic for all SUSE Linux Enterprise Desktop 11 based products. Some parts may not apply to particular architectures or products. Where this is not obvious, the respective architectures are listed explicitly. An Installation Quick Start can be found in the docu directory on the media. Any documentation (if installed) can be found below /usr/share/doc/ in the installed system. This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to mailto:sle_source_request@suse.com or as otherwise instructed at http:// www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee to recover distribution costs. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1. SUSE Linux Enterprise Desktop 2. Important Upgrade Information 3. Support Statement for SUSE Linux Enterprise Desktop 4. Installation Related Notes 4.1. Top Level Domain ".site" No Longer Available for Private Use 4.2. Booting i586 Machines 4.3. CJK Languages Support in Text-mode Installation 4.4. Unable to Detect Display with Lid Closed 4.5. Development Packages Moved to the SDK 4.6. Installation Using Persistent Device Names 4.7. MD Devices on Top of iSCSI Not Supported 4.8. Using NetworkManager and DHCP 5. New Features 5.1. Desktop 5.1.1. fbdev Driver Needs Reboot After Resolution Changes 5.1.2. LibreOffice Replaces OpenOffice.org 5.2. Security 5.2.1. Switch repomd from sha to sha26 5.2.2. PAM Configuration 5.3. Server 5.3.1. numactl and libnuma 5.4. Systems Management 5.5. Kernel and Toolchain 5.6. Other Changes and Version Updates 5.6.1. /etc/os-release 6. Update-Related Notes 6.1. General Update Notes 6.1.1. Lower Version Numbers in SUSE Linux Enterprise 11 SP4 Than in Version 11 SP3 6.1.2. Migrating to SLE 11 SP4 Using Zypper 6.1.3. Online Migration from SP3 to SP4 6.1.4. Graphics Drivers Using KMS 6.1.5. Updating KDE 6.1.6. GroupWise 8 Client 6.1.7. Kernel Package Split in Subpackages 6.1.8. Displaying Manual Pages with the Same Name 6.1.9. AppArmor 6.1.10. Fine-Tuning Firewall Settings 7. Driver Updates 7.1. Other Drivers 7.1.1. SaX2: Changing Video Resolution 8. Other Updates 8.1. Update of PostgreSQL to Version 9.4 9. Technology Previews 9.1. eCryptfs Filesystem 9.2. KVM 9.3. Read-Only Root Filesystem 9.4. Linux Filesystem Capabilities 10. Deprecated Functionality 10.1. Adobe Discontinues Support for Adobe Reader on Linux 10.2. Deprecation of Package ncpfs 10.3. Removed Packages 10.4. Deprecated Packages 10.5. JFS File System 11. Infrastructure, Package and Architecture Specific Information 11.1. Architecture Independent Information 11.1.1. Changes in Packaging and Delivery 11.1.2. Cross Architecture Information 11.2. AMD64/Intel64 64-Bit (x86_64) and Intel/AMD 32-Bit (x86) Specific Information 11.2.1. Virtualization 12. Technical Information 12.1. Xen Limits 12.1.1. XEN: Update Xen to Version 4.4 12.2. File Systems 12.2.1. ext4: Runtime Switch for Write Support 12.3. IPv6 Implementation and Compliance 12.4. Other Technical Information 12.4.1. Boot Device Larger Than 2 TiB 12.4.2. Detecting Lenovo ThinkPad Laptops 12.4.3. Stopping Cron Status Messages 13. Known Issues 13.1. Latest Release Notes 13.2. Network Issues After Updating 13.3. Kopete Lacks IRC Support 13.4. Hardware Related Issues 13.4.1. Limited Graphics Support on IBM SurePOS 700 4800-7X3 during Installation 13.4.2. Graphical Distortions on the FIC GE2 Plattform (Transtec SENYO600) 14. Documentation 15. More Information and Feedback 16. Miscellaneous 17. Legal Notices Chapter 1. SUSE Linux Enterprise Desktop SUSE Linux Enterprise Desktop is the market's only enterprise-quality Linux desktop ready for routine business use. Developed and backed by SUSE, SUSE Linux Enterprise Desktop provides market-leading usability, seamless interoperability with existing IT systems, and dozens of essential applications—all at a fraction of the price of proprietary operating systems. It comes bundled with the latest versions of leading applications such as LibreOffice office productivity suite, Mozilla Firefox web browser, and Evolution email and calendar suite. In addition, it integrates with Microsoft SharePoint and Novell Teaming for group collaboration and supports a wide range of multimedia file formats, wireless and networking standards, and plug-and-play devices. Through the latest enhancements in power management and security, SUSE Linux Enterprise Desktop also provides an environmentally friendly IT experience (Green IT) and an error-proof desktop. Finally, SUSE Linux Enterprise Desktop offers unparalleled flexibility. You can deploy it on a wide range of thick client devices (including desktops, notebooks, netbooks, and workstations), on thin client devices, or as a virtual desktop. By leveraging the power of SUSE Linux Enterprise Desktop, your business can dramatically reduce costs, improve end-user security and increase workforce productivity. Chapter 2. Important Upgrade Information For users upgrading from a previous SUSE Linux Enterprise Desktop release it is recommended to review: • Chapter 3, Support Statement for SUSE Linux Enterprise Desktop • Section 6.1, “General Update Notes” • Chapter 12, Technical Information These Release Notes are identical across all architectures, and the most recent version is always available online at http://www.suse.com/releasenotes/. Chapter 3. Support Statement for SUSE Linux Enterprise Desktop To receive support, see http://www.suse.com/products/desktop/. Chapter 4. Installation Related Notes This section includes installation related information for this release. 4.1. Top Level Domain ".site" No Longer Available for Private Use Until SLE 11 SP4, when no hostname was provided by the user or DHCP, the installer was generating a hostname ending with .site . Since 2015, the top level domain (tld) ".site" is officially registered and should no longer be used for private purposes. We recommend to rename the system using a proper fully qualified resolveable domain name. If impossible, use .test (or .invalid ) as the domain name instead of .site (for more information, see RFC 6761). A new installation done with the SLE 11 SP4 installer will default to "linux.suse" instead of "linux.site", when none is provided. 4.2. Booting i586 Machines The provided ISO image is able to boot i586 machines if burnt on a DVD medium. It does not work to dump it on a USB device and use it for booting. The x86_64 architecture is not affected by this limitation. On x86_64 booting from a USB device is supported. 4.3. CJK Languages Support in Text-mode Installation CJK (Chinese, Japanese, and Korean) languages do not work properly during text-mode installation if the framebuffer is not used (Text Mode selected in boot loader). There are three alternatives to resolve this issue: 1. Use English or some other non-CJK language for installation then switch to the CJK language later on a running system using YaST+System+Language. 2. Use your CJK language during installation, but do not choose Text Mode in the boot loader using F3 Video Mode. Select one of the other VGA modes instead. Select the CJK language of your choice using F2 Language, add textmode=1 to the boot loader command-line and start the installation. 3. Use graphical installation (or install remotely via SSH or VNC). 4.4. Unable to Detect Display with Lid Closed During the installation YaST resp. SaX2 tries to detect displays and determine the display size and resolution. If you are installing on a notebook with a closed lid it is not be possible to detect the display. To avoid this problem you must keep the lid open during installation. If the detection fails, start YaST and click Hardware+Graphics Card and Monitor. Then configure the display manually. 4.5. Development Packages Moved to the SDK As many development packages and sub-packages as possible have been moved to the SDK. 4.6. Installation Using Persistent Device Names The installer uses persistent device names by default. If you plan to add storage devices to your system after the installation, we strongly recommend you use persistent device names for all storage devices. To switch to persistent device names on a system that has already been installed, start the YaST2 partitioner. For each partition, select Edit and go to the FStab Options dialog. Any mount option except Device name provides you persistent device names. In addition, rerun the boot loader module in YaST to switch the bootloader to using the persistent device name. Start the module Boot Loader and select Finish to write the new proposed configuration to disk. This needs to be done before adding new storage devices. For further information, visit http://en.opensuse.org/ SDB:Persistant_storage_device_names. 4.7. MD Devices on Top of iSCSI Not Supported iSCSI devices cannot be used for Linux Software RAID. Using MD devices on top of iSCSI triggers a cyclic dependency that leads to a system crash. 4.8. Using NetworkManager and DHCP To make NetworkManager send the hostname to the DHCP server, create a new network profile (see the Administration Guide for more information). Modify this profile with GNOME Configuration Editor (gconf-editor) and add the key / system/networking/connections/$number/ipv4/dhcp-hostname (replace "$number" with the actual number) with a string value. NetworkManager will send this value to the DHCP server. A special value system-hostname can be used to send the current hostname. Chapter 5. New Features 5.1. Desktop • GNOME 2.28 GNOME was updated to version 2.28 with SP1, only selected packages got an update for SP2 or SP3. • KDE 4.3 SUSE introduced KDE 4 with SUSE Linux Enterprise Desktop 11 as an innovative free software desktop and applications such as the Konqueror web browser, the Dolphin file manager, the Okular document reader, the System Settings control center and more. KDE was updated to 4.3.4 version with SP1. This new version of KDE is built on KDE Libraries which provide easy access to resources on the network by means of KIO and advanced visual capabilities through Qt4. Phonon and Solid. Customers migrating from SUSE Linux Enterprise Desktop 10 using KDE are getting a new user experience in version 11 Service Pack 1 and later. We recommend backing up your user home directory when upgrading from SUSE Linux Enterprise Desktop 10. (Partly based on http://www.kde.org/announcements/4.0/.) • X.org 7.4 The X server libraries were updated to version 1.6.5. The client libraries were kept the same, except for libgl. 5.1.1. fbdev Driver Needs Reboot After Resolution Changes SaX2 offers to change the resolution even for the fbdev driver. Because this is controlled via a VGA kernel option, rebooting is needed after resolution changes. In other words: Modifications will take effect the next time the graphics system is restarted; in some cases a reboot of the machine is needed. 5.1.2. LibreOffice Replaces OpenOffice.org Since SUSE Linux Enterprise Desktop 11 SP1, Openoffice.org has been replaced with LibreOffice. If you perform an upgrade, manual interaction is needed, otherwise you will stay with the old OpenOffice.org packages. Future updates will only be prepared and published for LibreOffice. Some parts of the documentation packages still mention 'OpenOffice.org'. 5.2. Security 5.2.1. Switch repomd from sha to sha26 The update repository integrity used by SUSE is ensured by a GPG signature and the checksums of the YUM repomd XML metadata. SUSE Linux Enterprise 11 so far used sha1 as intermediate checksum, which should no longer be used. With SUSE Linux Enterprise 12 and SUSE Linux Enterprise 11 SP4 we start to use sha256 for the XML integrity handling and so get rid of the old sha1 hashing methods. If you have tools parsing the XML metadata yourself, please verify they can handle also the newer sha256 hashes. 5.2.2. PAM Configuration The common PAM configuration files (/etc/pam.d/common-*) are now created and managed with pam-config. 5.3. Server 5.3.1. numactl and libnuma numactl and libnuma have been updated to the latest version. This update comes with many bug fixes and some new features that are especially important for large NUMA systems, e.g.: • IO affinity support • New option to memhog to disable transparent huge pages • Show distances on machines without a node 0 5.4. Systems Management • Improved Update Stack SUSE Linux Enterprise Desktop 11 comes with an improved update stack and the command line tool zypper to manage the install/update packages and repositories. • Enhanced YaST Partitioner • Extended Built-in Management Infrastructure CIM enablement with SFCB CIMON. 5.5. Kernel and Toolchain • GCC 4.3.4 • glibc 2.11 • Linux kernel 3.0 5.6. Other Changes and Version Updates • EVMS2 Replaced with LVM2 • Default Filesystem The default file system in new installations was changed from ReiserFS to ext3 with SUSE Linux Enterprise Desktop 11. A public statement can be found at http://www.suse.com/products/server/technical-information/#FileSystem. • Samba 3.4.3 • UEFI Enablement on AMD64 • SWAP over NFS • Python 2.6.0 • Perl 5.10 • Ruby 1.87 5.6.1. /etc/os-release In addition to the /etc/SuSE-release file the file /etc/os-release is now available. /etc/os-release is a cross-distribution standard to identify a Linux system. For more information about the syntax, see the os-release man page ( man os-release ). Chapter 6. Update-Related Notes This section includes update-related information for this release. 6.1. General Update Notes 6.1.1. Lower Version Numbers in SUSE Linux Enterprise 11 SP4 Than in Version 11 SP3 When upgrading from SUSE Linux Enterprise Server or Desktop 11 SP3 to version 11 SP4, you may encounter a version downgrade of specific software packages, including the Linux Kernel. SLE 11 SP4 has all its software packages and updates in the SLE 11 SP4 repositories. No packages from SLE 11 SP3 repositories are needed for installation or upgrade, not even from the SLE 11 SP3 update repositories. Note It is important to remember that the version number is not sufficient to determine which bugfixes are applied to a software package. In case you add SLE 11 SP3 update repositories, be aware of one characteristic of the repository concept: Version numbers in the SP3 update repository can be higher than those in the SP4 repository. Thus, if you update with the SP3 repositories enabled, you may get the SP3 version of a package instead of the SP4 version. This is admittedly unfortunate. It is recommended to avoid using the version from a lower product or SP, because using the SLE 11 SP3 package instead of the SP4 package can result in unexpected side effects. Thus we advise to switch off all the SLE 11 SP3 repositories, if you do not really need them. Keep old repositories only, if your system depends on a specific older package version. If you need a package from a lower product or SP though, and thus have SLE 11 SP3 repositories enabled, make sure that the packages you intended to upgrade have actually been upgraded. Summarizing: If you have an SLE 11 SP3 installation with all patches and updates applied, and then migrate off-line to SLE 11 SP4, you will see a downgrade of some packages. This is expected behavior. 6.1.2. Migrating to SLE 11 SP4 Using Zypper To migrate the system to the Service Pack 4 level with zypper, proceed as follows: • Open a root shell. • To refresh all services and repositories, run: zypper ref -s • To install package management updates, run: zypper patch • Now it is possible to install all available updates for SLES/SLED 11 SP3; run again: zypper patch • Now the installed products contain information about distribution upgrades and which migration products should be installed to perform the migration. Read the migration product information from /etc/products.d/*.prod and install them. • Enter the following command: grep 'sle-sdk-SP4-migration SUSE_SLED-SP4-migration • Install these migration products (example): zypper in -t product sle-sdk-SP4-migration SUSE_SLED-SP4-migration • Run suse_register -d 2 -L /root/.suse_register.log to register the products in order to get the corresponding SP4 Update repositories. • To avoid a dependency conflict enable the SLED11-Extras repository with: zypper mr -e SLED11-Extras On SLES this extra step is not needed. • Run zypper ref -s to refresh services and repositores. • Check the repositories using zypper lr. Disable SP1, SP2, and SP3 repositories after the registration and enable the new SP4 repositories (such as SP4-Pool, SP4-Updates): zypper mr --disable zypper mr --enable Also disable repositories you do not want to update from. • Then perform a distribution upgrade by entering the following command: zypper dup --from SLES11-SP4-Pool --from SLES11-SP4-Updates \ --from SLE11-SP2-WebYaST-1.3-Pool --from SLE11-SP2-WebYaST-1.3-Updates Add more SP4 repositories here if needed, e.g. in case add-on products are installed. For WebYaST, it is actually SLE11-SP2-*, because there is one WebYaST release that runs on two SP code bases. Note If you make sure that only repositories, which you migrate from, are enabled, you can omit the --from parameters. • zypper will report that it will delete the migration product and update the main products. Confirm the message to continue updating the RPM packages. • To do a full update, run zypper patch. • After the upgrade is finished, register the new products again: suse_register -d 2 -L /root/.suse_register.log • Run zypper patch after re-registering. Some products do not use the update repositories during the migration and they are not active at this point of time. • Reboot the system. 6.1.3. Online Migration from SP3 to SP4 Online migration from SP3 to SP4 is not supported, if debuginfo packages are installed. 6.1.4. Graphics Drivers Using KMS Beginning with SLE 11 SP1, we switched to use KMS (Kernel Mode Setting) for Intel graphics support. This means that mode setting is now done in kernel space instead of user space (X driver). If—in rare cases—the new driver concept does not work for you, create an X.Org configuration manually: 1. Boot into failsafe mode without X (add "3" to the failsafe mode options) and run 'sax2 -r -m 0=fbdev' to create an fbdev based xorg.conf. 2. Then disable KMS permanently by setting the NO_KMS_IN_INITRD sysconfig variable to "yes" and run mkinitrd. 3. Finally, reboot again (normal mode) to activate this new X.Org configuration. 6.1.5. Updating KDE You can update your previous KDE installation (SUSE Linux Enterprise Desktop 11 or earlier) during system upgrade as described in the manual or as a package update using YaST or zypper. Because of a huge amount of package renaming, it is not possible to update your previous KDE installation using plain rpm commands. For more information about KDE 4.3, see Section 5.1, “Desktop”. 6.1.6. GroupWise 8 Client We ship the GroupWise 8 client with this release. If you want to keep the GroupWise 7 client, enter Software Manager and disable the GroupWise update. The Groupwise 7 client is available in the extras-repository which can be enabled after registration. 6.1.7. Kernel Package Split in Subpackages With SUSE Linux Enterprise Desktop 11 the kernel RPMs are split into different parts: • kernel-flavor-base Very reduced hardware support, intended to be used in virtual machine images. • kernel-flavor Extends the base package; contains all supported kernel modules. • kernel-flavor-extra All other kernel modules which may be useful but are not supported. This package will not be installed by default. 6.1.8. Displaying Manual Pages with the Same Name The man command now asks which manual page the user wants to see if manual pages with the same name exist in different sections. The user is expected to type the section number to make this manual page visible. If you want to get back the previous behavior, set MAN_POSIXLY_CORRECT=1 in a shell initialization file such as ~/.bashrc. 6.1.9. AppArmor This release of SUSE Linux Enterprise Desktop ships with AppArmor. The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Security and Users. For detailed information about using AppArmor, see the documentation in /usr/share/ doc/packages/apparmor-docs. The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments. If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. Place all your profiles into learning mode with the following: aa-complain /etc/ apparmor.d/* When a program generates a high number of complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles, even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system. 6.1.10. Fine-Tuning Firewall Settings SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP and Samba ("Network Neighborhood"). You can fine-tune the firewall settings using YaST. Chapter 7. Driver Updates 7.1. Other Drivers 7.1.1. SaX2: Changing Video Resolution With the update to SLE 11 SP4, SaX2 no longer lets you select a video resolution when KMS is active. With KMS and the native or the modesetting driver RandR > 1.1 is available, which lets you change the resolution on the fly. The Gnome desktop provides a tool to do this and save the settings persistently across sessions. For any UMS (and RandR 1.1) drivers you will still get the full list of video modes. If you select an unsupported mode, it will be ignored and a monitor preferred default mode will be used instead. Chapter 8. Other Updates 8.1. Update of PostgreSQL to Version 9.4 The upstream end-of-life for version 9.1 is announced for September 2016. Customers need to switch to a newer supported version until then. PostgreSQL was updated to version 9.4, prolonging the timeframe during which PostgreSQL is supported. Thus there is enough time for switching. Chapter 9. Technology Previews Technology Preview features are either not supported or supported in a limited fashion. These features are mainly included for customer convenience and be functionally incomplete, unstable or in other ways not suitable for production use. 9.1. eCryptfs Filesystem The eCryptfs kernel modules and the ecryptfs-utils package shipped with SUSE Linux Enterprise Desktop 11 are a preview of a stacked cryptographic filesystem for Linux. 9.2. KVM SUSE Linux Enterprise Desktop 11 contains KVM as an additional virtualization solution. It is not supported by SUSE, but is an area of interest for future development and deliveries. 9.3. Read-Only Root Filesystem It is possible to run SUSE Linux Enterprise Desktop 11 on a read-only root filesystem. Due to the huge number of possible configurations, this is currently not a supported scenario. The /tmp and /var directories need to be on a separate partition and cannot be mounted read-only. After the installation has finished and all services are configured, login as root and do the following modifications: Modify /etc/fstab and add "ro" to the mount options of the root filesystem entry. rm /etc/mtab ln -s /proc/mounts /etc/mtab mkdir /var/lib/hwclock mv /etc/adjtime /var/lib/hwclock ln -s /var/lib/hwclock/adjtime /etc/adjtime # the following two steps are only necessary if you use dhcp: mv /etc/resolv.conf /var/lib/misc/ ln -s /var/lib/misc/resolv.conf /etc/resolv.conf # Now mount root filesystem read-only and reboot mount -o remount,ro / reboot 9.4. Linux Filesystem Capabilities Our kernel is compiled with support for Linux Filesystem Capabilities. It is disabled by default. Enable it by adding file_caps=1 as a kernel boot option. Chapter 10. Deprecated Functionality 10.1. Adobe Discontinues Support for Adobe Reader on Linux Adobe has discontinued support for Adobe Reader 9 on Linux ( http:// www.adobe.com/support/products/enterprise/eol/eol_matrix.html#863 ), and thus no longer provides security updates. In order not to lose functionality, Adobe Acrobat Reader will be kept on released products. But to avoid security issues with accessing PDFs online, the PDF viewer browser plugin will however be removed. In order to maintain functionality the latest Firefox ESR releases include a feature to display PDF documents, which receives maintenance and security updates via Firefox updates. 10.2. Deprecation of Package ncpfs The package ncpfs was deprecated since SLED 11 SP3 and is no longer available with SP4. The functionality provided by ncpfs is also provided by novell-qtgui-cli in combination with novell-novfsd. 10.3. Removed Packages The following list of current functionalities has been removed with this SUSE Linux Enterprise Desktop release. 10.4. Deprecated Packages The following packages are deprecated and will be removed with SUSE Linux Enterprise Desktop 12: • lprng • sendmail • qt3 10.5. JFS File System The JFS file system is no longer supported for new installations. The kernel file system driver is still available, but YaST does not offer partitioning with JFS. Chapter 11. Infrastructure, Package and Architecture Specific Information 11.1. Architecture Independent Information 11.1.1. Changes in Packaging and Delivery 11.1.1.1. Updating tcsh tcsh 6.15 has a locking issue when used concurrently. On SLE 11 SP3, SUSE updated tcsh to version 6.18 to solve a locking issue when used concurrently. 11.1.1.2. New Ruby Packaging Scheme with the Update to Ruby 1.8 The different Ruby package versions cannot clearly be handled on one system with the old packaging scheme. To help packagers with the new scheme introduced with SLE 12, two new scripts in the ruby package helps to find the correct version suffix for new packages. This improvement is now available as a backport in SLE 11 SP4, too. 11.1.2. Cross Architecture Information 11.1.2.1. Myricom 10-Gigabit Ethernet Driver and Firmware SUSE Linux Enterprise 11 (x86, x86_64 and IA64) is using the Myri10GE driver from mainline Linux kernel. The driver requires a firmware file to be present, which is not being delivered with SUSE Linux Enterprise 11. Download the required firmware at http://www.myricom.com. 11.2. AMD64/Intel64 64-Bit (x86_64) and Intel/AMD 32-Bit (x86) Specific Information 11.2.1. Virtualization 11.2.1.1. open-vm-tools Now Included In the past, it was necessary to install VMware tools separately, because they had not been shipped with the distribution. SUSE Linux Enterprise 11 SP4 includes the open-vm-tools package. These tools are pre-selected when installing on a VMware platform. Partnering with VMware, SUSE provides full support for these tools. For more information, see http://kb.vmware.com/kb/2073803 . Chapter 12. Technical Information This section contains a number of technical changes and enhancements for the experienced user. 12.1. Xen Limits 12.1.1. XEN: Update Xen to Version 4.4 Xen updated to Version 4.4. 12.2. File Systems 12.2.1. ext4: Runtime Switch for Write Support The SUSE Linux Enterprise 11 kernel contains a fully supported ext4 file system module, which provides read-only access to the file system. A separate package is not required. Read-write access to an ext4 file system can be enabled by using the rw=1 module parameter. The parameter can be passed while loading the ext4 module manually, by adding it for automatic use by creating /etc/modprobe.d/ext4 with the contents options ext4 rw=1 , or after loading the module by writing 1 to / sys/module/ext4/parameters/rw . Note that read-write ext4 file systems are still officially unsupported by SUSE Technical Services. ext4 is not supported for the installation of the SUSE Linux Enterprise operating system. Since SLE 11 SP2 we support offline migration from ext4 to the supported btrfs file system. The ext4-writeable package is still available for compatibility with systems with kernels from both the SLE 11 SP2 and SLE 11 SP3 releases installed. 12.3. IPv6 Implementation and Compliance SUSE Linux Enterprise Desktop 11 is compliant to IPv6 Logo Phase 2. However, when running the respective tests, you may see some tests failing. For various reasons, we cannot enable all the configuration options by default, which are necessary to pass all the tests. 12.4. Other Technical Information • Locale Settings in ~/.i18n If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig /language. Use the same variable names but without the RC_ namespace prefixes. For example, use LANG instead of RC_LANG. For information about locales in general, see "Language and Country-Specific Settings" in the Administration Guide. • Configuration of kdump The kernel is crashing or otherwise not behaving normally and a kernel core dump needs to be captured for analysis. A description on how to setup kdump can be found at http://www.novell.com/ support/search.do?cmd=displayKC&docType=kc&externalId=3374462&sliceId= SAL_Public. • Realtime Applications When running real-time applications on larger systems, lower maximum latencies can be achieved by employing the new disable_buffer_lru kernel command-line option. This disables the per-CPU LRU in the buffer cache, and may thus decrease overall filesystem performance. • JPackage Standard for Java Packages Java packages are changed to follow the JPackage Standard (http:// www.jpackage.org/). Read the documentation in /usr/share/doc/packages/ jpackage-utils/ for information. • Loading Unsupported Kernel Drivers Every kernel module has a 'supported' flag. If this flag is not set, then loading this module will taint the kernel. Kernels which are tainted are not supported. To avoid this, unsupported Kernel modules are part of an extra RPM (kernel--extra). Since this would a problem for most desktops, the loading of those drivers is allowed by default. To prevent the loading of unsupported kernel drivers automatically during boot, change the line allow_unsupported_modules 1 in /etc/modprobe.d/ unsupported-modules to allow_unsupported_modules 0. • Nonexecutable Stack Already introduced for SUSE Linux Enterprise Desktop 9 on the x86-64 (AMD64) architecture with 64-bit kernels, the Linux kernel in SUSE Linux Enterprise Desktop also supports nonexecutable stack (NX) on x86 for CPUs that support it (Intel Prescott and AMD64) with 32-bit kernels. For this to work, the kernel with PAE support, kernel-pae, must be installed. Go into YaST and install that kernel instead of your default kernel. For 64-bit kernels, all kernels support NX. The nonexecutable stack improves the security of your system. Many security vulnerabilities are stack overflows, where an attacker overwrites the stack of your program by feeding oversized data to the application that fails to properly check the length. Depending on the details of the program (with a nonexecutable stack), these vulnerabilities may either not be exploitable (and only crash the program, resulting in a Denial of Service) or at least be significantly harder to exploit. Some applications do require executable stacks. The compiler detects this during compilation and marks the binaries accordingly. The kernel enables an executable stack to allow them to work. To provide a higher level of security on x86-64, the user can pass noexec= on on the kernel command line. The kernel then uses a nonexecutable stack unconditionally and also marks the data section of a program as nonexecutable. This provides a higher protection level than just the nonexecutable stack, but potentially causes problems for some applications. SUSE has not found any problems during testing the most commonly used applications and services. Because it is not the default, this has not been tested as extensively as the stack protection alone, so SUSE only recommends this setup for servers after the administrator has verified that all needed services continue to function properly. 12.4.1. Boot Device Larger Than 2 TiB Due to limitations of the legacy x86 and x86_64 BIOS implementations booting from devices larger than 2 TiB is technically not possible using legacy partition tables (DOS MBR). Starting with SUSE Linux Enterprise Desktop 11 SP2 we support installation and boot using UEFI on the x86_64 architecture and certified hardware. 12.4.2. Detecting Lenovo ThinkPad Laptops Lenovo ThinkPad laptops have special code in the MBR (master boot record) because of the "Blue ThinkVantage button" functionality. If proper detection and preparation fails, it might be necessary to restore the boot sector. If you have a ThinkPad, ensure that the bootloader is not installed into the MBR (verify it in the installation proposal!) and the MBR is not rewritten by generic code (in installation proposel select Bootloader -> Boot Loader Installation -> Boot Loader Options -> Write Generic Boot Code to MBR -- should be unchecked). If your MBR gets rewritten, the ThinkVantage button will not work anymore. The back-up of the MBR is stored in /var/lib/YaST2/backup_boot_sectors/. 12.4.3. Stopping Cron Status Messages To avoid the mail-flood caused by cron status messages, the default value of SEND_MAIL_ON_NO_ERROR in /etc/sysconfig/cron is now set to "no" for new installations. Even with this setting to "no", cron data output will still be send to the MAILTO address, as documented in the cron manpage. In the update case it is recommended to set these values according to your needs. Chapter 13. Known Issues 13.1. Latest Release Notes For the latest version of SUSE Linux Enterprise Desktop 11 SP4 Release Notes, see http://www.suse.com/releasenotes/x86_64/SUSE-SLED/11-SP4/. 13.2. Network Issues After Updating If you were using a static IP with NetworkManager, you will lose this configuration while updating from SLED 10 SP4 to SLED 11. You must re-enter this information. The traditional networking method with ifup is not affected by this issue. Name server lookup information of resolv.conf configured with the traditional networking method with ifup is missing after updating. 13.3. Kopete Lacks IRC Support Kopete as shipped with KDE4 does not support the IRC protocol. Install and use xchat, if you want to participate in IRC messaging. 13.4. Hardware Related Issues 13.4.1. Limited Graphics Support on IBM SurePOS 700 4800-7X3 during Installation There is only limited graphics support on IBM SurePOS 700 4800-7X3 systems with 4820-2GN monitors. During a graphical installation you can encounter an error message from the monitor (OSD = On Screen Display) such as: OUT OF RANGE H: -48.4 KHz V: -60.1 Hz. To work around this issue try a different resolution, VESA or text-mode for installation. Another option is to choose the native driver by specifying acceleratedx=1 on the boot prompt. It might also help to update the BIOS. After system installation the problem no longer occurs and the graphics system is fully supported. 13.4.2. Graphical Distortions on the FIC GE2 Plattform (Transtec SENYO600) On the FIC GE2 platform (when using 24 BPP color depth and resolutions >= 1280x1024 on the DVI interface) stripes are displayed on the X server. This distorts all windows. Changing to 16 BPP color depth seems to solve this problem. Chapter 14. Documentation For SUSE Linux Enterprise Desktop 11 documentation, see http://www.suse.com/ documentation/sled11/, where you can download PDF documents. For installation with YaST software management or with zypper, packages are available on the installation media. Some of these packages are installed by default. These are the package names: • sled-installquick_en-pdf: SLED 11 Installation Quick Start • sled-gnomequick_en-pdf: SLED 11 GNOME Quick Start • sled-kdequick_en-pdf: SLED 11 KDE Quick Start • sled-gnomeuser_en-pdf: SLED 11 GNOME User Guide • sled-kdeuser_en-pdf: SLED 11 KDE User Guide • sled-apps_en-pdf: SLED 11 Application Guide • sled-admin_en-pdf: SLED 11 Administration Guide • sled-deployment_en-pdf: SLED 11 Deployment Guide • sled-security_en-pdf: SLED 11 Security Guide • sle-apparmor-quick_en-pdf : AppArmor 2.3.1 Quick Start • sle-audit-quick_en-pdf: Linux Audit Quick Start • sled-xen_en-pdf: SLED 11 Virtualization Guide • sled-tuning_en-pdf: SLED 11 Tuning Guide • sled-manuals_en: the set of all SLED books in HTML format Chapter 15. More Information and Feedback • Read the READMEs on the CDs. • Get the detailed changelog information about a particular package from the RPM: rpm --changelog -qp .rpm . is the name of the RPM. • Check the ChangeLog file in the top level of CD1 for a chronological log of all changes made to the updated packages. • Find more information in the docu directory of CD1 of the SUSE Linux Enterprise Desktop 11 CDs. This directory includes PDF versions of the SUSE Linux Enterprise Desktop 11 Installation Quick Start and Deployment Guides. • http://www.suse.com/documentation/sled11/ contains additional or updated documentation for SUSE Linux Enterprise Desktop 11. • Visit http://www.suse.com/products/ for the latest product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products. Chapter 16. Miscellaneous Chapter 17. Legal Notices SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes. Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to http://www.suse.com/ company/legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals. Copyright (c) 2010, 2011, 2012, 2013, 2014, 2015 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries. For SUSE trademarks, see the Trademark and Service Mark List (http:// www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.