Review: Red Hat’s Fedora 12 Beta Operating System

eWEEK Labs’ tests show that Fedora 12 will provide the latest and greatest versions of popular open-source applications, as well as features that strengthen not only Fedora but also Linux distributions in general

In Fedora 12, this DAC scheme becomes more granular, with new work around limiting the privileges of processes that have previously run with all-powerful root privileges. The concept of “capabilities” enables applications that require certain root privileges to run with only those rights.

So, where SELinux works to limit the range of what applications are allowed to do, capabilities allow applications to request fewer rights in the first place. The capabilities work in Fedora 12 taps a library called libcap-ng that is meant to simplify the capability-dropping process for application developers. For more information on libcap-ng, check out this writeup from Red Hat’s Steve Grubb.

A third privilege management enhancement coming in Fedora 12 comes in the form of a rewrite of the PolicyKit framework for granting system users particular elevated rights – such as the right to modify date and time information, create and modify user and group settings, or install software packages on a machine.

The current version of PolicyKit – which ships on Red Hat and Fedora distributions, as well as on Ubuntu, SUSE, and other distributions – doesn’t lend itself to integration with networked resources such as directory servers, a major limitation in managed deployments.

The version of PolicyKit that ships with Fedora 12, while still implemented for storing its policies locally, has been reworked to allow for future directory integration – a major gain not only for Fedora but for Linux distributions in general. For more information on PolicyKit, see this reference manual for the project.

Virtualization

No new Fedora release hits the streets without a handful of new virtualisation enhancements, and Fedora 12 is no exception.

In this release, one of the most compelling virtualisation features is the system’s support for Kernel Shared Memory, or KSM, a recent addition to the Linux kernel that enables applications to identify and share duplicate memory pages. In conjunction with Fedora’s KVM hypervisor, KSM promises to boost virtual machine density on a given host by enabling administrators to overcommit memory without requiring that VMs swap to disk.

I tested KSM out by creating a couple of Ubuntu 9.04 VMs with 1GB of RAM apiece and a Windows 7 VM with 2GB of RAM. Together, these VMs laid claim to the bulk of the 4GB of RAM available on my test Fedora 12 system.

When I switched KSM on, I watched the memory usage on my test machine fall, fairly quickly, from 3.1GB to 2.1GB as my system identified and merged duplicate memory pages. I want to see KSM in action on a more realistically outfitted system, but I’m impressed the capability as I’ve seen it so far.

Beyond KSM, I’m pleased to see that in Fedora 12, KVM will support hotplugging for virtual network adapters, and will present guest machines with an emulated hardware platform that remains consistent across upgrades of the hypervisor. Linux OSes tend not to care when hardware is changed underneath them, but this can cause problems with Windows. I’ve experienced broken Windows VM installs following KVM upgrades, and I welcome this improvement.