TechnicalOverview

Differences between revisions 105 and 132 (spanning 27 versions)
Revision 105 as of 2009-10-01 17:06:08
Size: 14903
Editor: cpe-66-69-254-183
Comment: update eucalyptus notes
Revision 132 as of 2009-10-28 16:06:36
Size: 13138
Editor: pD9EB68B8
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
The Ubuntu developers are moving quickly to bring you the latest and greatest software the Open Source Community has to offer. This is the Ubuntu 9.10 beta release, which brings a host of exciting new features.

'''Note: This is a beta release. Do not install it on production machines. The final stable version will be released on October 29th, 2009.'''
The Ubuntu team is happy to bring you the latest and greatest software the Open Source community has to offer. This is their latest result, the Ubuntu 9.10 Release Candidate, which brings a host of exciting new features.
Line 12: Line 10:
To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions.

To upgrade from Ubuntu 9.04 on a server system: install the {{{update-manager-core}}} package if it is not already installed; edit {{{/etc/update-manager/release-upgrades}}} and set {{{Prompt=normal}}}; launch the upgrade tool with the command {{{sudo do-release-upgrade -d}}}; and follow the on-screen instructions.

= Download =

Get it while it's hot. ISOs and torrents are available at:

 http://releases.ubuntu.com/releases/9.10/ (Ubuntu Desktop, Server, and Netbook Remix) <<BR>>
 http://uec-images.ubuntu.com/releases/9.10/ (Ubuntu Server for UEC and EC2) <<BR>>
 http://releases.ubuntu.com/kubuntu/9.10/ (Kubuntu Desktop and Netbook) <<BR>>
 http://cdimage.ubuntu.com/xubuntu/releases/9.10/beta/ (Xubuntu) <<BR>>
 http://cdimage.ubuntu.com/ubuntustudio/releases/9.10/beta/ (Ubuntu``Studio) <<BR>>
 http://cdimage.ubuntu.com/mythbuntu/releases/9.10/beta/ (Mythbuntu) <<BR>>
 http://cdimage.ubuntu.com/edubuntu/releases/9.10/beta/ (Edubuntu) <<BR>>

Local mirrors are also available:

 '''FIXME: import mirror list automatically'''
If you are upgrading from Ubuntu 9.04, we have easy-to-follow [[http://www.ubuntu.com/getubuntu/upgrading|upgrade instructions]].
Line 34: Line 14:
These features are showcased for your attention. Please test them and report any bugs you find:

 http://help.ubuntu.com/community/ReportingBugs
Line 39: Line 15:
As part of our boot performance work, we have now transitioned to [[http://upstart.ubuntu.com/|Upstart]]. If you are testing on your primary machine, we '''strongly''' suggest having an [[http://cdimage.ubuntu.com/releases/9.10/alpha-5/|Ubuntu Karmic Alpha 5 LiveCD]] available, or creating an Alpha 5 USB startup disk before doing an upgrade. This will allow us to help you recover in the case that something goes wrong during the boot of your system after upgrade. We request that all bugs affecting the performance or functionality of boot be tagged with `ubuntu-boot` in Launchpad.

== Boot Experience ==
We've done some work on improving the overall look and feel of booting the system. Please open bugs with the tag "ubuntu-boot-experience" on any messages you see flashed after grub loads and before the new Ubuntu Splash screen (xsplash) displays. If you have trouble catching them before the splash screen loads, you can also check vt1 or `dmesg` output for copies of these messages. We also accept photos or video attachments if that's easier, however please make sure the text is readable.
As part of our boot performance work, we have now transitioned to [[http://upstart.ubuntu.com/|Upstart]] native jobs, to let users get to their desktop faster after boot. Upstart is written by Scott James Remnant.
Line 45: Line 18:
Ubuntu 9.10 Beta includes the [[https://wiki.ubuntu.com/SoftwareCenter|Ubuntu Software Center]], replacing 'Add/Remove' in the '''Applications''' menu.  We kindly request users to try it out, and [[https://bugs.launchpad.net/ubuntu/+source/software-center|report any bugs]] they find. Ubuntu 9.10 RC includes the [[https://wiki.ubuntu.com/SoftwareCenter|Ubuntu Software Center]], developed by Michael Vogt, replacing 'Add/Remove' in the '''Applications''' menu.
Line 49: Line 22:
Ubuntu 9.10 Beta includes the latest [[http://live.gnome.org/TwoPointTwentyseven/|GNOME 2.28]] desktop environment with a number of great new features: Ubuntu 9.10 RC includes the latest [[http://live.gnome.org/TwoPointTwentyseven/|GNOME 2.28]] desktop environment with a number of great new features:
Line 53: Line 26:
 * The gdm 2.28 login manager is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.  * The gdm 2.28 login manager by William Jon Mc``Cann is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.

 * Evince, the GNOME document viewer, now ships with an enforcing AppArmor profile. This greatly increases security by protecting you against flaws in the historically problematic PDF and image libraries. Users who use a non-standard location for their home directory will need to [[https://wiki.ubuntu.com/DebuggingApparmor#Adjusting%20Tunables|adjust the home tunable]] in ```/etc/apparmor.d/tunables/home```. This profile has been developed by the Ubuntu Security team.

== Ubuntu 9.10 translation status ==

Thanks to the efforts of the broad translations community around the globe, Ubuntu is available in the following 25 languages: Spanish, Brazilian Portuguese, French, Italian, Swedish, German, Hungarian, Simplified Chinese, English, Russian, Dutch, Japanese, Portuguese, Finnish, Danish, Catalan, Czech, Polish, Korean, Bulgarian, Greek, Slovenian, Traditional Chinese, Basque and Galician.

This list represents the languages which have achieved the target of what we consider a translated operating system. However, Ubuntu is also available in many other languages with varying degrees of support, a big number of which are close to what we consider complete: Asturian, Serbian, Vietnamese, Estonian, Norwegian Bokmål, Bengali, Hebrew, Gujarati and Hindi. You can see the full list of languages, along with their statistics at [[https://wiki.ubuntu.com/Translations/ReleaseLanguages/9.10]].

== Application development with Quickly ==

Quickly, by Rick Spencer and Didier Roche, makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.
Line 57: Line 42:
Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest [[http://www.kde.org|KDE]] packages. See [[KarmicKoala/Beta/Kubuntu|the Kubuntu technical overview]]. Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest [[http://www.kde.org|KDE]] packages. See [[KarmicKoala/RC/Kubuntu|the Kubuntu technical overview]].
Line 61: Line 46:
Ubuntu 9.10 Beta includes images for common use on [[http://www.ubuntu.com/products/whatisubuntu/serveredition/cloud/UEC|Ubuntu Enterprise Cloud]] (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the [[https://help.ubuntu.com/community/EC2StartersGuide|EC2 Starter's Guide]]. Ubuntu 9.10 RC includes images for common use on [[http://www.ubuntu.com/products/whatisubuntu/serveredition/cloud/UEC|Ubuntu Enterprise Cloud]] (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the [[https://help.ubuntu.com/community/EC2StartersGuide|EC2 Starter's Guide]].
Line 63: Line 48:
== Ubuntu One file sharing == == Ubuntu One ==
Line 65: Line 50:
Ubuntu 9.10 Beta ships the [[https://ubuntuone.com/|Ubuntu One]] file sharing service by default, providing tightly-integrated file synchronization of your computer with other computers and the Ubuntu One network storage service. Ubuntu 9.10 RC ships with [[https://one.ubuntu.com/|Ubuntu One]] by default. Ubuntu One is your personal cloud. You can use it to back up, store, sync and share your data with other Ubuntu One users.

Ubuntu One gives all [[https://one.ubuntu.com/features/|features]] and 2 GB of essential storage to everyone. Synchronize files, contacts, and Tomboy notes across all of your Ubuntu computers and to the cloud. [[https://one.ubuntu.com/plans/|More space is available]] with a monthly subscription.

[[https://launchpad.net/ubuntuone/|Ubuntu One project information]] is available on Launchpad.
Line 69: Line 58:
Ubuntu 9.10 Beta includes the 2.6.31-11.36 [[http://kernel.org|kernel]] based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). `linux-restricted-modules` is deprecated in favour of DKMS packages. Ubuntu 9.10 RC includes the 2.6.31-14.48 [[http://kernel.org|kernel]] based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). `linux-restricted-modules` is deprecated in favour of DKMS packages.
Line 73: Line 62:
Ubuntu 9.10 Beta's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "Device``Kit-power", "Device``Kit-disks" and "udev". When testing Ubuntu 9.10 Beta, please be alert for regressions in those areas and report any bugs you find. Ubuntu 9.10 RC's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "Device``Kit-power", "Device``Kit-disks" and "udev".
Line 75: Line 64:
== New Intel video driver architecture available for testing == == New Intel video driver architecture ==
Line 77: Line 66:
The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 Beta also features [[https://wiki.ubuntu.com/X/KernelModeSetting|kernel mode setting]] by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume. The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 RC also features [[https://wiki.ubuntu.com/X/KernelModeSetting|kernel mode setting]] by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.
Line 81: Line 70:
The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 Beta; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded. The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 RC; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.
Line 83: Line 72:
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the [[http://ext4.wiki.kernel.org/index.php/Ext4_Howto#Converting_an_ext3_filesystem_to_ext4|Ext4 Howto]]. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 Beta.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3. If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the [[http://ext4.wiki.kernel.org/index.php/Ext4_Howto#Converting_an_ext3_filesystem_to_ext4|Ext4 Howto]]. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 RC.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.
Line 87: Line 76:
GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 Beta, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation. GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 RC, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.
Line 101: Line 90:
App``Armor in Ubuntu 9.10 Beta features an improved parser that uses cache files, greatly speeding up App``Armor initialisation on boot. App``Armor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not. AppArmor in Ubuntu 9.10 RC features an improved parser that uses cache files, greatly speeding up App``Armor initialisation on boot. App``Armor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.

Please see the [[https://help.ubuntu.com/community/AppArmor|AppArmor documentation]] for information on using App``Armor in Ubuntu.
Line 105: Line 96:
In addition to the above changes to App``Armor itself, several profiles were added. Enforcing profiles for ```ntpd```, the GNOME document viewer (```evince```), and ```libvirt``` are enabled by default. Complain mode profiles for Dovecot are now available in the ```apparmor-profiles``` package. A new profile is provided for Firefox as well, though it is disabled by default. Users can enable App``Armor sandboxing of their browser by running: {{{ In addition to the above changes to App``Armor itself, several profiles were added. Enforcing profiles for ```ntpd```, ```evince```, and ```libvirt``` are enabled by default. Complain mode profiles for Dovecot are now available in the ```apparmor-profiles``` package.

A new profile is provided for Firefox as well, though it is disabled by default. Users can enable App``Armor sandboxing of their browser by running: {{{
Line 108: Line 101:

This profile can be disabled again by performing: {{{
$ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox-3.5
$ sudo ln -s /etc/apparmor.d/usr.bin.firefox-3.5 /etc/apparmor.d/disable/usr.bin.firefox-3.5
}}}

An App``Armor profile is now available for Apache in the libapache2-mod-apparmor package. When used in combination with the mod_apparmor Apache module, web applications can now be protected and isolated from each other. Instructions for enabling the profile are in the /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 file.
Line 130: Line 130:
== New input method framework ==

Ubuntu has switched to IBus as preferred input method framework. Unlike the previously used SCIM, IBus is under active development and fixes a number of SCIM's design limitations.

The language selector tool now gives the user the possibility to select the preferred input method framework.

== Language-selector improvements ==

Chinese language-packs, formerly containing both Simplified Chinese and Traditional Chinese translations, have been split into separate packages for these languages. This reduces the amount of data Chinese users need to download.

The language-support-extra and language-support-translations metapackages have been removed from the archive. Packages which provide additional translations for applications such as Thunderbird or OpenOffice.org are now installed by language-selector only if the application package is already installed on the system.

In Ubuntu 9.10 it is necessary to run language-selector manually to get the missing localisation packages installed. An automatic solution for this is planned for the next Ubuntu release.
Line 133: Line 146:
As is to be expected at this stage of the release process, there are several known bugs that users are likely to run into with Ubuntu 9.10 Beta. We have documented them here for your convenience along with any known workarounds, so that you don't need to spend time reporting these bugs again:

 * Some users with Intel video chipsets will experience a black screen on reboot after install because the fbcon module is not being loaded. As a workaround, users can boot with the {{{i915.modeset=0}}} option. Investigation of this issue is ongoing. (Bug:431812)

 * If a RAID partitioning scheme is used during installation the grub boot loader will only be installed on the first hard drive instead of all the drives. Booting the system if the first drive has failed will not work. As a workaround users can manually install grub to each disk in the array using the '''grub-install''' command (Bug:427048).

 * Some users report that, in connection with the conversion of the base system to native upstart jobs, the system will fail to boot if the root partition has errors. As a workaround for this problem, users can boot from external media and run fsck manually. Investigation of this issue is ongoing. (Bug:432237)

 * A bug in the boot-time ordering of NFS-related init scripts will prevent systems from booting if any "core" filesystems (including /usr or /home) are mounted over NFS. Users with such configurations are advised to wait for the Ubuntu 9.10 Release Candidate before ugrading. (Bug:431248)

 * When performing an Ubuntu Enterprise Cloud setup from the Server CD, Eucalyptus components fail to automatically register the components. To solve this, immediately upgrade to the latest Eucalyptus packages after installation, and {{{sudo restart eucalyptus}}}. (Bug:438602, Bug:439251).

 * In the Ubuntu Moblin Remix developer preview, the sources.list in the live image and installed systems will miss the ~moblin PPA; you can add it manually for now (Bug:420048). Also, the web browser does not function correctly in the released image; a fix for this bug is available in the ~moblin PPA (Bug:439677).

= Reporting bugs =

It should come as no surprise that this beta release of Karmic Koala contains other bugs. Your comments, bug reports, patches and suggestions will help fix bugs and improve future releases. Please [[http://help.ubuntu.com/community/ReportingBugs|report bugs using the tools provided]].

If you want to help out with bugs, the [[http://wiki.ubuntu.com/BugSquad|Bug Squad]] is always looking for help.

= Participate in Ubuntu =

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at

 http://www.ubuntu.com/community/participate/

= More information =

You can find out more about Ubuntu on the [[http://www.ubuntu.com|Ubuntu website]] and [[http://wiki.ubuntu.com|Ubuntu wiki]].

To sign up for future Ubuntu development announcements, please subscribe to Ubuntu's development announcement list at:

 http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce
For a full list of errata for Ubuntu 9.10, please see the [[http://www.ubuntu.com/getubuntu/releasenotes/910|Ubuntu 9.10 release notes]].

Introduction

The Ubuntu team is happy to bring you the latest and greatest software the Open Source community has to offer. This is their latest result, the Ubuntu 9.10 Release Candidate, which brings a host of exciting new features.

Upgrading from Ubuntu 9.04

If you are upgrading from Ubuntu 9.04, we have easy-to-follow upgrade instructions.

New features since Ubuntu 9.04

Upstart

As part of our boot performance work, we have now transitioned to Upstart native jobs, to let users get to their desktop faster after boot. Upstart is written by Scott James Remnant.

Software Center

Ubuntu 9.10 RC includes the Ubuntu Software Center, developed by Michael Vogt, replacing 'Add/Remove' in the Applications menu.

GNOME

Ubuntu 9.10 RC includes the latest GNOME 2.28 desktop environment with a number of great new features:

  • Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework.

  • The gdm 2.28 login manager by William Jon McCann is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.

  • Evince, the GNOME document viewer, now ships with an enforcing AppArmor profile. This greatly increases security by protecting you against flaws in the historically problematic PDF and image libraries. Users who use a non-standard location for their home directory will need to adjust the home tunable in /etc/apparmor.d/tunables/home. This profile has been developed by the Ubuntu Security team.

Ubuntu 9.10 translation status

Thanks to the efforts of the broad translations community around the globe, Ubuntu is available in the following 25 languages: Spanish, Brazilian Portuguese, French, Italian, Swedish, German, Hungarian, Simplified Chinese, English, Russian, Dutch, Japanese, Portuguese, Finnish, Danish, Catalan, Czech, Polish, Korean, Bulgarian, Greek, Slovenian, Traditional Chinese, Basque and Galician.

This list represents the languages which have achieved the target of what we consider a translated operating system. However, Ubuntu is also available in many other languages with varying degrees of support, a big number of which are close to what we consider complete: Asturian, Serbian, Vietnamese, Estonian, Norwegian Bokmål, Bengali, Hebrew, Gujarati and Hindi. You can see the full list of languages, along with their statistics at https://wiki.ubuntu.com/Translations/ReleaseLanguages/9.10.

Application development with Quickly

Quickly, by Rick Spencer and Didier Roche, makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.

Kubuntu

Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview.

Ubuntu Enterprise Cloud Images

Ubuntu 9.10 RC includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide.

Ubuntu One

Ubuntu 9.10 RC ships with Ubuntu One by default. Ubuntu One is your personal cloud. You can use it to back up, store, sync and share your data with other Ubuntu One users.

Ubuntu One gives all features and 2 GB of essential storage to everyone. Synchronize files, contacts, and Tomboy notes across all of your Ubuntu computers and to the cloud. More space is available with a monthly subscription.

Ubuntu One project information is available on Launchpad.

Linux kernel 2.6.31

Ubuntu 9.10 RC includes the 2.6.31-14.48 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages.

hal deprecation

Ubuntu 9.10 RC's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev".

New Intel video driver architecture

The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 RC also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.

ext4 by default

The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 RC; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.

If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 RC.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.

GRUB 2 by default

GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 RC, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.

If you wish to upgrade your system to GRUB 2, then see the GRUB 2 testing page for instructions. See also the upstream draft manual.

Some features are still missing relative to GRUB Legacy. Notable among these are lock/password support, an equivalent of grub-reboot, and Xen handling.

iSCSI installation

The iSCSI installation process has been improved, and no longer requires iscsi=true as a boot parameter; the installer will offer you the option of logging into iSCSI targets if there are no local disks, or you can select "Configure iSCSI" in the manual partitioner.

Putting the root filesystem on iSCSI is now supported.

AppArmor

AppArmor in Ubuntu 9.10 RC features an improved parser that uses cache files, greatly speeding up AppArmor initialisation on boot. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.

Please see the AppArmor documentation for information on using AppArmor in Ubuntu.

New profiles

In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, evince, and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package.

A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:

$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5

This profile can be disabled again by performing:

$ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox-3.5
$ sudo ln -s /etc/apparmor.d/usr.bin.firefox-3.5 /etc/apparmor.d/disable/usr.bin.firefox-3.5

An AppArmor profile is now available for Apache in the libapache2-mod-apparmor package. When used in combination with the mod_apparmor Apache module, web applications can now be protected and isolated from each other. Instructions for enabling the profile are in the /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 file.

Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu.

Libvirt

Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation.

Uncomplicated Firewall

The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features.

Non-eXecutable Emulation

Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature.

For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory.

Blocking Module Loading

To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.

Position-Independent Executables

Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel.

In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits.

New input method framework

Ubuntu has switched to IBus as preferred input method framework. Unlike the previously used SCIM, IBus is under active development and fixes a number of SCIM's design limitations.

The language selector tool now gives the user the possibility to select the preferred input method framework.

Language-selector improvements

Chinese language-packs, formerly containing both Simplified Chinese and Traditional Chinese translations, have been split into separate packages for these languages. This reduces the amount of data Chinese users need to download.

The language-support-extra and language-support-translations metapackages have been removed from the archive. Packages which provide additional translations for applications such as Thunderbird or OpenOffice.org are now installed by language-selector only if the application package is already installed on the system.

In Ubuntu 9.10 it is necessary to run language-selector manually to get the missing localisation packages installed. An automatic solution for this is planned for the next Ubuntu release.

Known issues

For a full list of errata for Ubuntu 9.10, please see the Ubuntu 9.10 release notes.

KarmicKoala/TechnicalOverview (last edited 2009-10-28 16:06:36 by pD9EB68B8)