The latest Linux kernel now supports persistent memory. In addition, version 5.1 has received a new security update with SafeSetID Linux Security Module (LSM) and Atomic Replace prevents the need for rebooting, according to ZDnet.
According to Finnish-American computer scientist Linus Torvalds, developer and coordinator of the Linux kernel, there are no exciting updates in this version. Linux 5.1 looks very common according to him with only a little over 13,000 commits now. In case you count the mergers, there’s an additional 1,000. Something we consider quite normal these days.
Persistent memory
However, the persistent memory is now supported. Although non-volatile memory (NVM) is not nearly as fast as classic RAM, newer systems do offer the possibility to expand memory. We can therefore carefully conclude that we are on the way to combining RAM and storage.
This is intended for use with NVDIMMs, which are physically persistent. Physical as in flash. This allows them to be used as a cost-effective RAM replacement. Intel Optane DC persistent memory is an implementation of this type of NVDIMM, said Dave Hansen, Linux developer.
SafeSetID Linux Security Module (LSM)
Linux 5.1 has also received a new security update with SafeSetID Linux Security Module (LSM). This update allows users to switch to root users in order to be able to execute commands more securely at system level. However, there is a danger here: if a command is executed as a root user, that command can most likely do anything the root user can do.
In contrast, LSM can execute a non-root program whitelisted root-level commands without full root privileges. Think of setting up the Setuid-naar-User-ID (UID) or creating a new user namespace. This solution does involve work in progress, but it should make Linux scripts more secure.
Atomic Replace
Now most changes can be made to a Linux system without rebooting. However, really big changes still require a restart. A problem, especially since Linux is used on servers, which you prefer not to let pause for a second. Linux add-on programs have been available for this for some time now, which keep a system running during a reboot. Ksplce, Kpatch and kGraft are in these the most famous add-ons.
Atomic Replace is now built into version 5.1 by default and prevents a restart by allowing the creation of cumulative patches. These include all desired changes to all older live patches, which are completely replaced at one time. Server maintenance or the removal of a patch, which is located in the middle of a stack of live updates, can therefore take place without the need for a reboot.
Read also: Microsoft stops full-fledged Linux kernel in Windows 10
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.