SUSE Linux Enterprise Desktop 10 Release Notes

August 28, 2006

Table of Contents

1.0 Xgl

1.0 Xgl

1.1 Registering SLED 10 to Enable Xgl

If you want to enable Xgl and are using either ATI* or NVIDIA cards, you must register SLED 10 during or after installation in order to have the proper video drivers automatically installed when you enable Xgl.

To register after installation, open the YaST Control Center and click Software > Novell Customer Center Configuration. Follow the online instructions to enable online updates and register your copy of SLED 10.

1.2 New Xgl Configuration Option

The new Xgl configuration option is called Desktop Effects in the GNOME* Control Center. For ATI and NVIDIA cards, you need the drivers from the vendor (see section 1.1 for instructions on how to get the drivers). For Intel* cards, the appropriate drivers are included. 3D support must be enabled in sax2.

If this option fails on your card, undo the switch by logging in as root to a virtual console and running the following command:

gnome-xgl-switch --disable-xgl

1.3 Semi-transparent Application Windows with Xgl

Under Xgl, some programs (such as Eagle CAD) have a bug where the application window is always semi-transparent. This is caused by the application using an ARGB visual. Export XLIB_SKIP_ARGB_VISUALS=1 when running the program to work around this. For example:

XLIB_SKIP_ARGB_VISUALS=1 /opt/eagle/bin/eagle

1.4 Using Full Screen Mode When Running VMware on SLED 10 Workstations

When trying to use the Xgl full screen mode (that is, pressing Alt+Enter or clicking View > Full Screen) on SLED workstations running VMware in host mode, you might receive a message saying that you need to add settings to the /etc/X11/XF86Config file. However, this file does not exist on SLED 10.

To use the full screen mode, click Edit > Preferences in VMware, then click the Display tab. Change the Full Screen option from Resize Host to Resize Guest or Don't Resize.

1.5 Suspending with Desktop Effects Enabled

Desktop Effects (Xgl) and laptop suspend (both suspend-to-disk and suspend-to-ram) are known to have problems, particularly on ATI and Intel hardware. We are working with our hardware partners to resolve these issues and hope to have updates available soon that make it possible to suspend with Desktop Effects enabled.

2.0 Installation

2.1 Installation Instructions

For detailed installation instructions, see the SUSE Linux Enterprise Desktop 10 Deployment Guide.

2.2 Installing ConsoleOne

If you chose to not install the Java* runtime environment (JRE) during the installation of ConsoleOne® and your existing JRE is not the one noted in System Requirements for Linux* or System Requirements for Solaris, you might want to add the bundled JRE to your ConsoleOne installation (type c1-install -c jre at the system prompt). If you are sure you want to run with a different JRE, then set the JRE_HOME or C1_JRE_HOME environment variable to the location of that JRE. ConsoleOne determines which JRE to use as follows:

  • If C1_JRE_HOME is specified, that JRE is used.
  • If the JRE bundled with ConsoleOne is installed, that JRE is used.
  • If JRE_HOME is specified, that JRE is used.
  • Otherwise, ConsoleOne displays an error message and quits.

IMPORTANT:For ConsoleOne 1.3.6d and later, if the Linux Kernel version installed on your system is 2.6, the JRE included in the ConsoleOne installation package is not installed.

2.3 Using iSCSI-discs at Installation

To use iSCIS-discs during installation, add the following parameter to the kernel parameter line:


During installation, an additional screen displays that gives you the opportunity to attach iSCSI-discs to the system and use them in the installation process.

2.4 Using EDD Information for Storage Device Identification

If you want to use EDD information (/sys/firmware/edd/) to identify your storage devices, you must change the installer default settings using an additional kernel parameter.


  • BIOS provides full EDD information (found in /sys/firmware/edd/).
  • Disks are signed with a unique MBR signature (found in /sys/firmware/edd/mbr_signature).


  • Add parameter use_edd=1 to the kernel parameters during initial installation.
  • The device-id list in the installer shows the edd ID (for example, edd_dev80_part1) instead of the default device-id name.
  • The system uses those device IDs for installation and runtime (for example, in /etc/fstab and bootloader).

2.5 EVMS Volumes Might Not Appear When Using iSCSI

If you have installed and configured an iSCSI SAN, and have created and configured EVMS Disks/Volumes on that iSCSI SAN, your EVMS volumes might not be visible or accessible. This problem is caused by EVMS starting before the iSCSI service. iSCSI must be started and running before any disks or volumes on the iSCSI SAN can be accessed.

To resolve this problem, enter either chkconfig evms on or chkconfig boot.evms on at the Linux server console of every server that is part of your iSCSI SAN. This ensures that EVMS and iSCSI start in the proper order each time your servers reboot.

2.6 Installation Using Persistent Device Names

If you plan to add additional storage devices to your system after the OS installation, we strongly recommend using persistent device names for all storage devices during installation. By default, the installer uses the kernel device names.

During installation, enter the partitioner. For each partition, select Edit and go to the FStab Options dialog. Any mount option except Device name provides you persistent device names.

To switch an already installed system to use persistent device names, proceed as described above for all existing partitions. In addition, you must rerun the bootloader module in YaST to switch the bootloader to also use the persistent device name. Start the module and select Finish to write the new proposed configuration to disk. This needs to be done before adding the new storage devices.

2.7 Mounting Encrypted Partitions

With SUSE® Linux Enterprise Desktop 10, we switched to cryptoloop as the default encryption module. Novell® Linux Desktop 9 used twofish256 with loop_fish2 and 256 bits. The old twofish is supported as twofish. Now we are using twofish256 with cryptoloop and 256 bits. The old twofish256 is supported as twofishSL92.

2.8 Bootloader and Mount by UUID/LABEL

When the way the root device is mounted (for example, by UUID or by label) is changed in YaST2, the bootloader configuration needs to be saved again to make the change effective for the bootloader.

The mount by setting displayed by YaST2 bootloader is the setting that is in effect after saving the configuration.

3.0 Upgrade

3.1 Software Changes from NLD 9 to SLED 10

For a list of software changes from Novell Linux Desktop 9 to SUSE Linux Enterprise Desktop 10, see Section 8.3 in the SUSE Linux Enterprise Desktop 10 Deployment Guide.

3.2 Upgrading from NLD 9 or SLES 9

When upgrading to SLED 10 from NLD 9 or SLES 9, extended attributes (which increase Beagle’s indexing performance of the Beagle search engine) might not be turned on by default. To enable extended attributes, add the user_xattr option for mounting in /etc/fstab. For example:

/dev/hda4 /home ext3 acl,user_xattr 1 2

The UI layout is also reset when upgrading from NLD 9. The old configuration is stored in the user's home directory as panel-settings-backup-<datetimestamp>.xml. To restore the former configuration, run gconftool-2 --load panel-settings-backup-<datetimestamp>.xml and then killall gnome-panel. To prevent an upgrade on login, touch ~/.skel/sled10-run.

3.3 Upgrading from NLD 9 to SLED 10 When the Novell Client for Linux is Installed

If you are upgrading an NLD 9 machine running the Novell Client™ for Linux 1.0 or 1.1 to SUSE Linux Enterprise Desktop 10, the update process breaks the Novell Client for Linux 1.0 or 1.1 (neither of which are supported on SLED 10).

You need to uninstall the Novell Client for Linux 1.0 or 1.1, and then install the Novell Client for Linux 1.2 on SLED 10.

3.4 Switching from Heimdal to MIT Kerberos

MIT Kerberos is now used instead of Heimdal. Automatically converting an existing Heimdal configuration is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf are converted, but check whether the results match your expectations.

Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the kadmin -l dump -d heimdal-db.txt command. This way, you can create a list of available principals that you can restore one by one using KDC from MIT Kerberos. For more information about setting up a KDC, see the documentation in the krb5-doc package.

To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for Standard Domain, Standard Realm, and KDC Server Address.

3.5 Re-configuring Intel and NVIDIA Sound Drivers

When updating a system with the snd-intel8x0 module (for Intel, SIS, AMD and NVIDIA on-board chips), the system might be unable to load the module at reboot because the module option joystick was removed from the newer version. To fix the problem, re-configure the sound system using YaST.

4.0 General Issues

4.1 Novell AppArmor

This release of SUSE Linux Enterprise Desktop ships with Novell AppArmor™. This feature protects your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see /usr/share/doc/packages/apparmor-docs/book.apparmor.admin-online.pdf.

The AppArmor profiles included with SUSE Linux have been developed in conjunction with our best efforts to reproduce how most users will use their software. The profiles we have provided work unmodified for many users; however, some users might find our profiles too restrictive for their environments.

If you discover that some of your applications do not function as you expected, you might need to use the AppArmor Update Profile Wizard in YaST, or use the aa-logprof(8) command line utility to update your AppArmor profiles. You can place all your profiles into learning mode with the following command:

aa-complain /etc/apparmor.d/*

When a program generates many complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard or aa-logprof(8) to update your profiles even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.

4.2 Fine-Tuning Firewall Settings

SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. This firewall also interferes with network browsing and multicast applications, such as SLP, Samba (Network Neighborhood), and some games. You can fine-tune the firewall settings using YaST.

4.3 KDE and IPv6 Support

By default, IPv6 support is not enabled for KDE because IPv6 addresses are not properly supported by all Internet service providers, which causes error messages when browsing the Web and delays when displaying Web pages. You can enable it using the /etc/sysconfig editor or YaST.

4.4 Unlocking CD and DVD Drives and Ejecting Media

On SUSE Linux Enterprise Desktop 10, a new mounting mechanism replaces the submount system used in Novell Linux Desktop 9. This new mechanism does not automatically unmout media, only on hardware request. Some devices (most notably older CD drives, but also some new drives with broken firmware) won't send this signal. Right-click the device icon (for example, the CD icon) on the desktop to eject the media.

4.5 Firefox with Pango Support

On some computers, Firefox* with Pango support enabled is very slow. The performance seems to depend on the X server. Set MOZ_DISABLE_PANGO=1 if font rendering is rather slow.

4.6 Configuring eDirectory Authentication

The LUM workstation context option on the Linux User Management Configuration screen in YaST is specified as Optional for Desktop, but if an admin name and context were specified on the previous configuration screen, the LUM workstation context option is mandatory.

Step 5 in “Section 33.1: Setting Up Workstations to Use eDirectory Authentication” in the SUSE Linux Enterprise Desktop 10 Deployment Guide says to place the CA certificate for the LDAP server in the /var/nam directory. The certificate should be placed in the /var/lib/novell-lum directory.

4.7 Running Helix Banshee on 64-bit Systems

On 64-bit systems, the Helix* Banshee* music player does not support burning audio CDs from AAC or MP3 file formats.

4.8 Using the IMAP Protocol for Mail Support in Evolution

If you want to use the IMAP protocol for mail support (using SOAP for calendars), set the environment variable USE_IMAP=1.

4.9 The Novell VPN Client

To function properly, the Novell VPN Client package (turnpike) requires a root-level daemon. This service is named racoon and it is part of the ipsec-tools package. This daemon is not started automatically after every reboot or after installation, so you must start it when you want to connect to remote services. This daemon requires root privileges.

If you plan to use VPN functionality often, we recommend making this service run by default during boot time. If you don’t have root privileges to your workstation, contact your system administrator.

To start the service when needed, use the following command:

/etc/init.d/racoon start

To stop the service, use the following command:

/etc/init.d/racoon stop

To make this service start by default during boot time:

  1. Open YaST (in KDE, click the main menu > System > YaST; in GNOME, click Computer > More Applications > System > YaST).

  2. Click System > System Services (Runlevel).

  3. Select racoon, then click Enable.

4.10 Authenticating Against an eDirectory Server

If you have configured your system to authenticate with an eDirectory server, you should reboot once before you log in to your system to ensure that all daemons that use /etc/nsswitch.conf are restarted.

5.0 NetworkManager

5.1 NetworkManager Documentation

For more detailed information on networking using NetworkManager, see the Connectivity Guide.

5.2 Supported Sysconfig Options

NetworkManager does not support the sysconfig DHCLIENT_BIN option. It uses dhclient exclusively. NetworkManager and dhclient also do not support automatically configuring xntpd via DHCP.

The following sysconfig options are supported in NetworkManager (no other sysconfig options are supported):

  • DHCLIENT_SET_HOSTNAME: Specifies whether NetworkManager should set the hostname (if DHCP provides it).
  • DHCLIENT_SET_DOMAINNAME: Specifies whether NetworkManager should set the domain name via NIS.
  • DHCLIENT_MODIFY_NIS_CONF: Specifies whether NetworkManager should update yp.conf in response to DHCP information.
  • DHCLIENT_MODIFY_RESOLV_CONF: Specifies whether NetworkManager should update resolv.conf in response to DHCP information.
  • DHCLIENT_HOSTNAME_OPTION: Specifies what hostname to send to the DHCP server.

5.3 Wireless Drivers

Wireless drivers that are unable to return hidden ESSID's in scan results, such as prism, do not find and connect automatically with NetworkManager to a hidden ESSID end point. You must left-click the NetworkManager applet and select Connect to Other Wireless Network each time.

5.4 madwifi Driver

The madwifi driver does not scan.

6.0 Technical Issues

This section contains a number of technical changes and enhancements for the experienced user.

6.1 JFS Not Supported Anymore

JFS is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.

6.2 Hotplug Events Handled by the udev Daemon

Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead, udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.

6.3 Becoming Superuser Using su

By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to Yes in /etc/default/su if you want to change the default behavior of su.

6.4 Forward xauth Keys between Users with sux

The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.


Cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.

6.6 JPackage Standard for Java Packages

Java packages are changed to follow the JPackage Standard ( Read the documentation in file:///usr/share/doc/packages/jpackage-utils/ for more information.

6.7 Locale Settings in ~/.i18n

If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes (for example, use LANG instead of RC_LANG). For information about locales in general, see “Section 18.4: Language and Country-Specific Settings” in the SUSE Linux Enterprise Desktop 10 Deployment Guide.

6.8 Setting Up D-BUS for Interprocess Communication in .xinitrc

Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.

If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise, applications like F-Spot, Helix Banshee, Tomboy, or NetworkManager might fail. Save your old ~/.xinitrc, then copy the new template file into your home directory with:

cp /etc/skel/.xinitrc.template ~/.xinitrc

Finally, add your customizations from the saved .xinitrc.

6.9 NTP-Related Files Renamed

For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:

  • /etc/slp.reg.d/ntp.reg
  • /etc/init.d/ntp
  • /etc/logrotate.d/ntp
  • /usr/sbin/rcntp
  • /etc/sysconfig/ntp

6.10 Disabling the Powersave Daemon

On some machines, CPU frequency scaling can cause hangs when the machine is idle or when powersaved starts. In this case, disable the powersave daemon at the installation with POWERSAVE=off as a boot parameter.

When this parameter is not given at the initial CD boot of the installation, powersaved must be disabled later using chkconfig powersaved off.

6.11 Local and IO APIC

The local and IO APIC for the 32-bit x86 architecture has changed. A local and IO APIC (I/O Advanced Programmable Interrupt Controller) is an SMP-capable replacement for PC-style interrupt controllers. SMP systems and all recent uniprocessor systems have such a controller.

Until now, local and IO APIC was disabled on uniprocessor systems by default was manually activated by using the apic kernel parameter. Now it runs by default and can be manually deactivated. For 64-bit systems, APIC is always enabled by default.

  • Any system with a BIOS version newer than 2001 has local and IO APIC activated by default unless local and IO APIC is disabled in the BIOS or by the user.
  • Any BIOS from Intel newer than 1998 has local and IO APIC activated by default.
  • Any system with more than one CPU has local and IO APIC activated by default.

If you experience problems with devices not working properly, you can manually apply the following configuration options:

  • To disable local APIC, use nolapic (this implies disabling IO APICs).
  • To disable IO APIC, use noapic.
  • To get the same default as earlier releases, use nolapic.

6.12 ulimit Settings

The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults:

  • SOFTVIRTUALLIMIT=80 limits a single process so that it does not allocate more than 80% of the available virtual memory (RAM and swap).
  • SOFTRESIDENTLIMIT=85 limits a single process so that it does not occupy more than 85% of the physical memory (RAM).

These soft limits can be overridden with the ulimit command by the user. Hard limits can only be overridden by root.

The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against runaway processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage.

To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel. The limits configured in limits.conf override the global defaults from the ulimit package.

7.0 Documentation

For SUSE Linux Enterprise Desktop 10 documentation, see

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.

8.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and in other countries.

For Novell trademarks, see the Novell Trademark ad Service Mark list. All third-party trademarks are the property of their respective owners.