These release notes cover the following areas:
This release of SUSE Linux Enterprise Server ships with Novell AppArmor. This feature protects your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see /usr/share/doc/packages/apparmor-docs/book.apparmor.admin-online.pdf.
SuSEfirewall2 is enabled by default unless chosen otherwise. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP, Samba ("Network Neighborhood"), and some games. You can fine-tune the firewall settings using YaST.
By default, IPv6 support is not enabled for KDE. You can enable it using the /etc/sysconfig editor of YaST. The reason for disabling this feature is that IPv6 addresses are not properly supported by all Internet service providers and, as a consequence, this would lead to error messages while browsing the web and delays while displaying web pages.
MIT Kerberos is now used instead of heimdal. Converting an existing Heimdal configuration automatically is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf will be converted, but check whether the results match your expectations.
Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the command kadmin -l dump -d heimdal-db.txt. This way, you can create a list of available principals that you can restore one-by-one using kdc from MIT Kerberos. Find more information about setting up a KDC in the documentation in the "krb5-doc" package.
To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for "Standard Domain", "Standard Realm", and "KDC Server Address".
Do not set the LD_ASSUME_KERNEL environment variable any longer. In the past, it was possible to use it to enforce LinuxThreads support which got dropped. If you set LD_ASSUME_KERNEL to a kernel version lower than 2.6.5, everything will break because ld.so will look for libraries in a version that does not exist anymore.
Although most existing PHP 4 code should work without changes, there are some few backward incompatible changes. A list of this changes can be found at: http://www.zend.com/manual/migration5.incompatible.php
If SLES 10 should should run on z/VM it is required that the following APARs and patches are installed:
When using re-IPL for Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:
If SLES 10 should use a VSWITCH on z/VM it is required that the APAR VM63705 and the following patches are installed:
With SUSE Linux Enterprise Server 10 we switched to "cryptoloop" as the default encryption module. SUSE Linux Enterprise Server 9 used twofish256 using loop_fish2 with 256 bits. The old twofish is supported as twofish. Now we are using twofish256 using cryptoloop with 256 bits. The old twofish256 is supported as twofishSL92. The old twofish is supported as twofish.
JFS it is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.
Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.
By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change the default behavior of su.
The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.
cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.
The YaST Online Update now supports a special kind of RPM package that only stores the binary difference from a given base package. This technique significantly reduces the package size and download time at the expense of higher CPU load for reassembling the final package. In /etc/sysconfig/onlineupdate, configure whether YOU should use these "delta packages." See file:///usr/share/doc/packages/deltarpm/READ ME for technical details.
Java packages are changed to follow the "JPackage Standard" (http://www.jpackage.org/). Read the documentation in file:///usr/share/doc/packages/jpackage-utils/ for information.
If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes, for example, use LANG instead of RC_LANG. For information about locales in general, see "Language and Country-Specific Settings" in the Reference Manual.
Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.
If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise applications like f-spot, banshee, tomboy, or Network Manager banshee might fail. Save your old ~/.xinitrc. Then copy the new template file into your home directory with:
cp /etc/skel/.xinitrc.template ~/.xinitrc
Finally, add your customizations from the saved .xinitrc.
For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:
Entering KDB code breakpoints on multiple CPUs in parallel can lead to deadlocks.
For reasons of compatibility with SLES 9 the mapped-base functionality is present in SLES 10. This functionality is used by 32-Bit applications, which need a larger dynamic data space (e.g. database management systems).
With SLES 10 a similar functionality called flexmap is available. As this is now the preferred way mapped-base is deprecated and will vanish in future releases.
CTC, ESCON, and IUCV interfaces are no longer officially supported. For compatibility reasons there are still usable, but with the next release of SUSE Linux Enterprise Server the support of these interfaces will completely be dropped.
On the top level of the first CD you will find a very detailed ChangeLog. Please also read the READMEs on the CD.
In case of encountering a bug please report it through your support contact.
Your SUSE Linux Enterprise Team
Sat May 6 10:21:21 UTC 2006