Release Notes for SUSE Linux Enterprise Software Development Kit 10 for IBM(R) zSeries(R)

This is for Beta11

GA Release Notes

These release notes cover the following areas:


Novell AppArmor

This release of SUSE Linux Enterprise Server ships with Novell AppArmor. This feature protects your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see /usr/share/doc/packages/apparmor-docs/book.apparmor.admin-online.pdf.

Fine-Tuning Firewall Settings

SuSEfirewall2 is enabled by default unless chosen otherwise. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP, Samba ("Network Neighborhood"), and some games. You can fine-tune the firewall settings using YaST.

KDE and IPv6 Support

By default, IPv6 support is not enabled for KDE. You can enable it using the /etc/sysconfig editor of YaST. The reason for disabling this feature is that IPv6 addresses are not properly supported by all Internet service providers and, as a consequence, this would lead to error messages while browsing the web and delays while displaying web pages.


Switching from Heimdal to MIT Kerberos

MIT Kerberos is now used instead of heimdal. Converting an existing Heimdal configuration automatically is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf will be converted, but check whether the results match your expectations.

Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the command kadmin -l dump -d heimdal-db.txt. This way, you can create a list of available principals that you can restore one-by-one using kdc from MIT Kerberos. Find more information about setting up a KDC in the documentation in the "krb5-doc" package.

To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for "Standard Domain", "Standard Realm", and "KDC Server Address".

LD_ASSUME_KERNEL Environment Variable

Do not set the LD_ASSUME_KERNEL environment variable any longer. In the past, it was possible to use it to enforce LinuxThreads support which got dropped. If you set LD_ASSUME_KERNEL to a kernel version lower than 2.6.5, everything will break because will look for libraries in a version that does not exist anymore.

Migrating from PHP 4 to PHP 5

Although most existing PHP 4 code should work without changes, there are some few backward incompatible changes. A list of this changes can be found at:


Patches required for SLES 10 on z/VM

If SLES 10 should should run on z/VM it is required that the following APARs and patches are installed:

Installing SLES 10 on z/VM

When using re-IPL for Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:

Otherwise re-boot under z/VM will not work anymore.

Using a VSWITCH on z/VM

If SLES 10 should use a VSWITCH on z/VM it is required that the APAR VM63705 and the following patches are installed:

In addition to the above the APAR PQ83743 for th TCP/IP stack and its prereq APARs should be installed.

Mounting Encrypted Partitions

With SUSE Linux Enterprise Server 10 we switched to "cryptoloop" as the default encryption module. SUSE Linux Enterprise Server 9 used twofish256 using loop_fish2 with 256 bits. The old twofish is supported as twofish. Now we are using twofish256 using cryptoloop with 256 bits. The old twofish256 is supported as twofishSL92. The old twofish is supported as twofish.


JFS: Not Supported Anymore

JFS it is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.

Hotplug Events Handled by the udev Daemon

Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.

Becoming Superuser Using su

By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change the default behavior of su.

Forward xauth keys between users with sux

The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.


cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.

YaST Online Update and "Delta Packages"

The YaST Online Update now supports a special kind of RPM package that only stores the binary difference from a given base package. This technique significantly reduces the package size and download time at the expense of higher CPU load for reassembling the final package. In /etc/sysconfig/onlineupdate, configure whether YOU should use these "delta packages." See file:///usr/share/doc/packages/deltarpm/READ ME for technical details.

JPackage Standard for Java Packages

Java packages are changed to follow the "JPackage Standard" ( Read the documentation in file:///usr/share/doc/packages/jpackage-utils/ for information.

Locale Settings in ~/.i18n

If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes, for example, use LANG instead of RC_LANG. For information about locales in general, see "Language and Country-Specific Settings" in the Reference Manual.

Setting Up D-BUS for Interprocess Communication in .xinitrc

Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.

If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise applications like f-spot, banshee, tomboy, or Network Manager banshee might fail. Save your old ~/.xinitrc. Then copy the new template file into your home directory with:

cp /etc/skel/.xinitrc.template ~/.xinitrc

Finally, add your customizations from the saved .xinitrc.

NTP-Related Files Renamed

For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:






Known Problems with KDB

Entering KDB code breakpoints on multiple CPUs in parallel can lead to deadlocks.

mapped-base functionality

For reasons of compatibility with SLES 9 the mapped-base functionality is present in SLES 10. This functionality is used by 32-Bit applications, which need a larger dynamic data space (e.g. database management systems).

With SLES 10 a similar functionality called flexmap is available. As this is now the preferred way mapped-base is deprecated and will vanish in future releases.

CTC, ESCON and IUCV interfaces are no longer supported

CTC, ESCON, and IUCV interfaces are no longer officially supported. For compatibility reasons there are still usable, but with the next release of SUSE Linux Enterprise Server the support of these interfaces will completely be dropped.

Providing Feedback to our products

On the top level of the first CD you will find a very detailed ChangeLog. Please also read the READMEs on the CD.

In case of encountering a bug please report it through your support contact.

Your SUSE Linux Enterprise Team

Sat May 6 10:21:21 UTC 2006