May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

What's new in SLES 12


SLES Service Packs

Recommended Links

Patching problems

Migrating to SLES 11 SP2 Using Zypper


SLES Documentation

SLES Registration
SPident suse_register System information Startup and shutdown Kernel Updates SLES Service Packs




SLES 12 was released in October 2014. Shipped October 27, 2014. Supported until end of 2018.
Some highlights:

What's New section of Release notes

Release Notes SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12 introduces a number of innovative changes. Here are some of the highlights:

For users upgrading from a previous SUSE Linux Enterprise Server release it is recommended to review:


Top Visited
Past week
Past month


Old News ;-)

Release Notes SUSE Linux Enterprise Server 12

This document provides guidance and an overview to high level general features and updates for SUSE Linux Enterprise Server 12. Besides architecture or product-specific information, it also describes the capabilities and limitations of SLES 12. General documentation may be found at:

Product to be released: Q4 CY 2014

Publication date: 2014-10-10 , Version: 12.0.20141010

SUSE Linux Enterprise Server 12 has a 13 years life cycle,

SUSE Linux Enterprise Server 12 has a 13 years life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (GA) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise Server 12 SP1. If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support you get an additional 12 to 36 months in twelve month increments, giving you a total of 3 to 5 years of support on any given service pack.

For more information, check our Support Policy page or the Long Term Service Pack Support Page

MariaDB Replaces MySQL

The MariaDB open source database replaces the MySQL database system.

To retain compatibility with existing (MySQL based) deployments and dependencies, MariaDB is using the name for shared libraries. Thus, according to the SUSE and openSUSE Shared Library Policy the RPMs for the MariaDB shared libraries are called libmysql .

For more information about the SUSE and openSUSE Shared Library Policy, see ( .

Technology Previews

Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.

Whether a technical preview will be moved to a fully supported package later, depends on customer and market feedback. A technical preview does not automatically result in support at a later point in time. Technical previews could be dropped at any time and SUSE is not committed to provide a technical preview later in the product cycle. openJDK #

openJDK is available as a technical preview. Docker templates #

sle2docker is a convenience tool which creates SUSE Linux Enterprise images for Docker. The tool relies on KIWI and Docker itself to build the images. Packages can be fetched either from SUSE Customer Center (SCC) or from a local Subscription Management Tool (SMT). Docker #

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. Docker is shipped under technology preview in SLE12. Hot-Add Memory #

Hot-add memory is currently only supported on the following hardware:

If your specific machine is not listed, call SUSE support to confirm whether or not your machine has been successfully tested. Also, regularly check our maintenance update information, which will explicitly mention the general availability of this feature. QEMU: Include virtio-blk-data-plane #

The virtio-blk-data-plane is a new experimental performance feature for KVM. It provides a streamlined block I/O path, which favors performance over functionality. KVM: VMCS Shadowing support #

VMCS Shadowing is a new VT-x feature that allows software in VMX non-root operation to execute the VMREAD and VMWRITE instructions. Such executions do not read from the current VMCS (the one supporting VMX non-root operation) but instead from a shadow VMCS. This feature will help improve nested virtualization performance. VMCS shadowing is provided as technology preview. TPM/Trusted Computing #

The experimental QEMU TPM passthrough feature should not be used in environments where non-root access is grated to the host. To enable TPM passthrough, the following actions must be taken in addition to allocating the device in the guest domain xml:

1. The guest must pass tpm_tis.force=1 on the guest kernel command line. This may be done by editing the bootloader configuration, typically found in /boot/grub2/grub.conf , to append tpm_tis.force=1 to the linux line in the menuentry stanza for the kernel being booted.

2. The host administrator must chmod o+w /sys/class/misc/tpm0/device/cancel . As this permits host-wide access to cancel TPM commands by unprivileged users, no unprivileged users must be permitted to access the host when it is put into this configuration. It is anticipated that future versions of libvirt will perform the privileged access of /sys/class/misc/tpm0/device/cancel on QEMU's behalf such that permitting world write access to /sys/class/misc/tpm0/device/cancel will not be necessary. Memory Compression with zswap #

Currently when a system's physical memory is exceeded, the system moves some memory onto reserved space on a hard drive, called "swap" space; that frees physical memory space for additional use. However, this process of "swapping" memory onto (and back from) a hard drive is much, much slower than direct memory access, so it can slow the entire system down.

The zswap driver inserts itself between the system and the swap hard drive, and instead of writing memory to a hard drive it compresses memory. This speeds up both the writing to swap and reading back from swap, which results in better overall system performance while using swap. However, compressed memory still uses some smaller amount of memory, so zswap has a limit to the amount of memory which will be stored compressed, which is controllable by the /sys/module/zswap/parameters/max_pool_percent file - by default, this is 20, which indicates zswap will use only 20% of the total system physical memory to store compressed memory. Additionally, zswap is disabled by default, so the boot parameter zswap.enabled=1 must be used (it can be manually added at the boot prompt, or the boot loader configuration can be updated to include it). Multi-queue SSD Access #

Multi-core systems with fast solid state storage are were unable to take advantage of the storage hardware speed to full extent. This especially demonstrated itself as a lock contention in the kernel block layer.

A new multi-queue block layer extension now helps to reach the maximum hardware speed with multiple hardware dispatch queue devices. This multi-queue block layer extension is offered as a technology preview. Xen: Performance Monitoring Tool for VMs #

If Xen is booted with the vpmu=1 parameter, perf can be used within a PVHVM guest to identify the source of performance problems. Virtual Machine Sandbox #

virt-sandbox provides a way for the administrator to run a command under a confined virtual machine using qemu/kvm or LXC libvirt virtualization drivers. The default sandbox domain only allows applications the ability to read and write stdin, stdout, and file descriptors handed to it. It is not allowed to open any other files. Enable SELinux on your system to get it usable. For more information, see ( . Technology Previews: POWER (ppc64le) # KVM on ppc64le #

Linux has managed to unify the Operating System layer nicely across different architectures. This challenge still exists in the hypervisor space.

KVM solves the universal hypervisor challenge. It is now available across all targets that SLES supports. KVM allows the administrator to create virtual machines in the exact same fashion using the exact same set of tools on x86_64, s390x and ppc64le.

This makes SLES the perfect platform for virtualization and cloud scenarios in heterogeneous environments. Technology Previews: System z (s390x) # Kdump on System z #

Kdump for System z is included as technical preview. KVM for s390x #

Using Linux and virtualization technologies on System z, with good Linux and KVM skills, but limited knowledge of System z and z/VM.

KVM is included on the s390x platform as a technology preview.

Running Linux with KVM in an LPAR allows x86 skilled administrators to explore the potential of Linux on the mainframe. KVM on Linux allows the administrator to create and manage virtual machines by himself, assign resources and benefit from the workload isolation and protection, as well as the flexibility of KVM based virtual machines, with the same tools and commands as know from a x86 based environment.

Over time, business requirements may increase the need and interest to explore the full potential of the underlying platform. This can be achieved by getting more and more insight into the unique hardware and performance characteristics of System z, as well as the option to operate other environments on the mainframe, also in collaboration with Linux. Disk mirroring with real-time enhancement for System z #

This functionality is currently included as technology preview in SLES 12 Hot-patching Support for Linux on System z Binaries #

Hot-patch support in gcc implements support for online patching of multi-threaded code for Linux on System binaries. It is possible to select specific functions for hot-patching using a function attribute and to enable hot-patching for all functions ( -mhotpatch ) via command line option. Because enabling of hot-patching has negative impact on software size and performance it is recommended to use hot-patching for specific functions and not to enable hot-patch support in general.

For online documentation, see ( . qeth: Accurate ethtool Output #

Provides improved monitoring and service via more timely and accurate display of settings and values via the ethtool when running on hardware that supports the improved query of network cards. Linux support for concurrent Flash MCL updates #

Apply concurrent hardware microcode level upgrades (MCL) without impacting I/O operations to the Flash storage media and notify users of the changed Flash hardware service level. PCI infrastructure enablement for IBM System z #

This feature provides prerequisites for the System z specific PCI support. snIPL Interface to Control Dynamic CPU Capacity #

Remote control of the capacity of target systems in high available configurations, allows to maintain the bandwidth during failure situation, and removes the need for keeping unused capacity activated during normal operation. Query OSA Address Table #

Provide infrastructure to gather and display OSA and TCP/IP configuration information via the OSA Query Address Table hardware function to ease administration of OSA and TCP/IP configuration information.

Software Requiring Specific Contracts

The following packages require additional support contracts to be obtained by the customer in order to receive full support:

PostgreSQL Database

Software Development Kit (SDK)

SUSE provides a Software Development Kit (SDK) for SUSE Linux Enterprise 12. This SDK contains libraries, development environments, and tools along the following patterns:

SUSE Linux Enterprise Server can be deployed in three ways

Installing with LVM2, Without a Separate /boot Partition

SUSE Linux Enterprise 12 generally supports the installation with a linear LVM2 without a separate /boot partition, for example to use it with Btrfs as the root file system, to achieve full system snapshot and rollback.

However, this setup is only supported under the following conditions:

For a migration from an existing SUSE Linux Enterprise 11 system with LVM2 to SUSE Linux Enterprise 12 the /boot partition must be preserved.

UEFI 2.3.1 Support

SLE 12 is supporting booting systems following UEFI specification up to version 2.3.1 errata C.

Note: Installing SLE 12 on Apple hardware is not supported.

UEFI Secure Boot

SLES 12 and SLED 12 implement UEFI Secure Boot. Installation media supports Secure Boot. Secure Boot is only supported on new installations, if Secure Boot flag is enabled in the UEFI firmware at installation time.

For more informations, see Administration Guide , section Secure Boot .

Current Features and Limitations in a UEFI Secure Boot Context

Support for Secure Boot on EFI machines is enabled by default.

When booting with Secure Boot mode enabled in the firmware, the following features apply:

Simultaneously, the following limitations apply:

When booting with Secure Boot mode disabled in the firmware, the following features apply:

Simultaneously, the following limitations apply:

Secure boot on EFI machines can be disabled during installation by deactivating the respective option on the installation settings screen under "Bootloader".

Rollback with Snapper on Btrfs

For general information about the file system layout, see the Administration Guide, Chapter Snapper.

If an update fails or causes trouble, it is sometimes helpful to be able to go back to the last working state.

Requirements to Create Atomic Snapshots

That is needed since snapshots need to be atomic, and that is not possible if the data is stored on different partitions, devices, or subvolumes.

How to Do the Rollback

During boot, you can select an old snapshot. This snapshot will then be booted in something like a read-only modus. All the snapshot data is read-only, all other filesystems or btrfs subvolumes are in read-write mode and can be modified. To make this snapshot the default for the next reboot and switch it into a read-write mode, use "snapper rollback".

What Will Not Be Rolled Back

The following directories are excluded from rollback. This means that changes below this subdirectory will not be reverted when an old snapshot is booted, in order to not lose valuable data. On the other hand, this may prevent some third-party services from starting correctly when booting from an old snapshot.

/boot/grub2/i386-pc (We cannot rollback bootloader)
/boot/grub2/x86_64-efi (We cannot rollback bootloader)
/boot/grub2/power-ieee1275 (We cannot rollback bootloader)
/home (if not already on an own partition)
/opt (Prevents rollback if addons or packages are installed there)
/srv (web services may not be functional after a rollback anymore)
/var/log (services which move files and/or permissions may not be functional anymore after a rollback)
/var/mail (if not a symlink to /var/spool/mail)
/var/spool (services which move/convert files and/or permissions may not be functional anymore after rollback)

Known Issues or Limitations

In general, roolback can result in inconsistencies between the data on the root partition (which has been rolled back to an earlier state) and data on other subvolumes or partitions. These inconsistencies may include the use of different file paths, formats and permissions.

Installing from a USB Flash Disk #

The ISO installation images can be directly dumped to a USB device such as a flash disk. This way you can install the system without the need of a DVD drive.

Several tools for dumping are listed at ( .

UEFI Secure Boot #

When booting the installer from the DVD product media on a secure boot enabled system, the installation process is validated by the secure boot signature.

For more information about UEFI and secure boot, see the Administration Guide .

VMware Does Not Support Migrating from SUSE Linux Enterprise Server 11 to 12 #

VMware does not support the installation of major update releases on an operating system as an upgrade in a virtual machine, such as Windows 7 to Windows 8 or RHEL 5.x to RHEL 6.0. VMware recommends the installation of a new major releases in a new virtual machine. The same applies to updates from SUSE Linux Enterprise 11 to 12. See ( for reference.

Therefore SUSE will not recommend or support the migration between major versions of SUSE Linux Enterprise as the guest OS on VMware either.

In case you still would like to perform such a migration—although unsupported—, we suggest the following steps:

  1. Before starting the migration, run the special VMware uninstall script /usr/bin/ .
  2. Perform the migration.

After the migration install the package open-vm-tools manually.

dhcpcd Replaced by wicked and dhcp-client #

dhcpcd package was replaced by wicked and dhcp-client packages.

Migrating to SUSE Linux Enterprise 12 #

Migration is supported from SUSE Linux Enterprise 11 SP3 (or higher) using the following methods:

For more information, see the Deployment Guide coming with SUSE Linux Enterprise.

Ext4: Experimental Features

Ext4 has some features that are under development and still experimental. Thus, using these features poses a significant risk to data. To clearly indicate such features, the Ext4 driver in SUSE Linux Enterprise 12 refuses to mount (or mount read-write) file systems with such features. To mount such file systems set the allow_unsupported module parameter (either when loading the module or via /sys/module/ext4/parameters/allow_unsupported ). However setting this option will render your kernel, and thus your system unsupported.

Features which are treated this way are: bigalloc, metadata checksumming, and journal checksumming.

Enabling Full Heap Randomization

[All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomisation of the start address of the userspace heap. This can break old binaries based on libc5. To revert to the old behavior, set the kernel.randomize_va_space sysctl to 2.

[x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of the VDSO address of 32bit binaries on x86_64. This can break 32bit binaries using glibc older than 2.3.3. To revert to the old behavior, specify vdso=2 on the kernel command line.

Format of the 'microcode' Field in /proc/cpuinfo Changed

Due to a missing backport, the SLE 11 SP3 kernel is displaying the microcode revision in /proc/cpuinfo as a decimal number.

The SLE 12 kernel changed the format to a hexadecimal number. Now it is compatible with the mainline kernel.

Preparation for Non-linear Memory Mapping Deprecation

Non-linear mappings are considered for deprecation in upstream as part of code cleanup. Of course, the existing syscall API (remap_file_pages) will stay and will be implemented as an emulation on top of regular mmap interface. To ensure a stable kernel application binary interface (kABI) during SLE 12 lifetime, SUSE is preparing this change. As a result, the first use of the syscall will trigger a warning and the module source code will not compile without modification. If your software encounters this condition, get in touch with your SUSE contact to get support during migration.

Kernel Package Layout Changed

The kernel-default package now contains the kernel image and all supported modules. The kernel-default-base package is thus not necessary in normal setups. Also, all the debugging symbols are packaged in the kernel-default-debuginfo package.

Do not attempt to install the kernel-default-base package unless building a minimal system. When using utilities like crash or systemtap , you only need to install the kernel-default-debuginfo package. The kernel-default-devel-debuginfo package is no longer needed and does not exist.

zone_reclaim_mode Autotuning

zone_reclaim_mode was enabled automatically if distance between any two NUMA nodes is higher than RECLAIM_DISTANCE (which is 30 by for x86_64). This auto tuning has led to many issues in the past and we expect it to cause even more of them in the future as NUMA machines are more widespread.

Now auto-tuning is not active anymore. In sysctl.conf you can enable it for those loads that need NUMA locality.

Initrd File Compression Format

By default, the initrd file is now compressed with:

xz -0 --check=crc32 --memlimit-compress=50%

Previsously, it was compressed with gzip.

Removing the sync_supers Kernel Thread

The 'sync_supers' kernel thread will periodically wake-= up and synchronize all dirty superblocks for all the mounted file systems. It makes the system's sleep time shorter, and forces the CPU to leave the low power state every 5 seconds.

This kernel thread is gone and now each file system manages its own superblock in a smart way without waking up the system unnecessarily.

Scaling of Dumps to Support 16S/24TB System

Both kexec-tools and the kernel are updated to support crashkernel sizes larger than 896MB and crashkernels that load above 4GB.

SDIO 3.0 Support

Linux Kernel version 3.3 started supporting SD/SDIO version 3.0 that provides faster read/write speed and enhanced security.

A SDIO (Secure Digital Input Output) card is an extension of the SD specification to cover I/O functions.

Host devices that support SDIO can use the SD slot to support Wi-Fi, Bluetooth, Ethernet, IrDA, etc.

SDIO 3.0 cards and hosts add support for UHS-I bus speed mode, which can be as fast as 104MB/s.

Kernel Modules

An important requirement for every Enterprise operating system is the level of support a customer receives for his environment. Kernel modules are the most relevant connector between hardware ("controllers") and the operating system.

For more information about the handling of kernel modules, see the SUSE Linux Enterprise Administration Guide.

Netfilter TEE Kernel Module #

The netfilter TEE kernel module is now part of the standard kernel.

Installing CA Certificates

For legacy reasons, /etc/ssl/certs may only contain CA certificates in PEM format. Because this format does not transport usage information /etc/ssl/certs may only contain CA certificates that are intended for server authentication.

OpenSSL understands a different format that transports the usage information, therefore OpenSSL internally uses a different location, which contains certificates of all kinds of usage type ( /var/lib/ca-certificates/openssl ). If you put a certificate in plain PEM format in /etc/pki/trust/anchors/ and call update-ca-certificates it should end up in both /var/lib/ca-certificates/pem (i.e., /etc/ssl/certs ) and /var/lib/ca-certificates/openssl [as well as other locations like the cert bundle or the Java keyring].

Linux Filesystem Capabilities

Our kernel is compiled with support for Linux Filesystem Capabilities. Since SLE 12, it is enabled by default.

Disable it by adding file_caps=0 as a kernel boot option.

Basic Linux-Integrity Enablement (IMA, IMA-Appraisal, EVM)

IMA, IMA-appraisal, and EVM are configured in SLES-12, but not enabled by default as additional configuration is required (for example enabling TPM, labeling the filesystem).

IMA can be used to attest a system's runtime integrity. IMA measurements are enabled with the boot parameter 'ima_tcb'. This starts a builtin policy which measures all regular files that are executed or read by a process with root uid. The builtin policy can be replaced with a system customized policy, for more information, refer to ( .

In order to enforce local file integrity, the filesystem is labeled with good measurements (eg. hash, signature). IMA-appraisal verifies the current measurement of a file matches the good value. If the values do not match, access is denied to the file. For more information on creating public/private keys used for signing files, loading the public key on the IMA keyring, and labeling the filesystem, refer to ( and ( .

EVM protects integrity sensitive inode metadata against offline attack. For more information on creating trusted/encrypted keys and loading the EVM keyring, refer to ( and ( .

OpenSSH FIPS Usage

The OpenSSH implementation included in SUSE Linux Enterprise 12 is currently undergoing FIPS evaluation.

At this time, the certification is not finished. For more information, see the SUSE press announcements page where we will publish a press release after the certification is done.

To operate in FIPS mode, the openssh-fips RPM package must be additionaly installed on the system. This package provides checksums for integrity checking of the openssh package.

Also, 1024 bits DSA keys are not allowed and should be disabled as they will not work.

Trusted and Encrypted Keys

Trusted and Encrypted Keys are now built-in to support EVM. More information can be found here ( .

Change of Default Locations for Root Certificates

Using /etc/ssl/certs or even a single bundle file to store SSL root certificates makes it impossible to separate package and administrator provided files. Package updates would therefore either not actually update the certificate store or overwrite administrator changes.

A new location is now used to store trusted certificates:

A helper tool called "update-ca-certificates" is used to propagate the content of those directories to the certificate stores used by openssl, gnutls, and openjdk.

/etc/ssl/certs links to an implemention specific location managed by p11-kit. It must not be used by the admin anymore.

Administrators must put local CA certificates into /etc/pki/trust/anchors/ instead and run the update-ca-certificates tool to propagate the certificates to the various certificate stores.

Turn off Default Compression in OpenSSL

With SLES 11 SP1, OpenSSL compresses data before encryption with impact on throughput (down) and CPU load (up) on platforms with cryptographic hardware. Starting with SLES 11 SP2 the behavior is adjustable by the environment variable OPENSSL_NO_DEFAULT_ZLIB depending on customer requirements.

By default, compression in OpenSSL is now turned off.

Set OPENSSL_NO_DEFAULT_ZLIB per application or in a global configuration file.

Increased dmesg Restrictions

dmesg was providing all kinds of system internal information to any users. It includes kernel addresses, crashes of services, and similar things that could be used by local attackers.

The use of dmesg is now restricted to the root user.

Increased Key Lengths for the SSH Service

Cryptographic advances and evaluations strongly suggest no longer to use key smaller than 2048 bit length. This is codified in various standards, for example NIST SP 800-131A or BSI TR-02102.

SSH was updated to generate RSA keys with at least 2048 bits key length and Elliptic Curve DSA keys of at least 256 bit key length.

The DSA keysize should also be incremented, but due to portability issues 1024 bit are still allowed. We recommend not to use or generate DSA keys, or try to use 2048 or larger keys, but watch for interoperability issues.

cURL Now Provides SFTP and SCP Protocols

Customers were missing support of the encrypted "SFTP" and "SCP" (SSH based) file transfer protocols in the cURL library.

The SFTP and SCP protocols have been enabled in the cURL libary.

GSSAPIKeyExchange in OpenSSH

Since SLES 11 SP3, the GSSAPIKeyExchange mechanism (RFC 4462) is supported. This directive specifies how host keys are exchanged. For more information, see the SLES Security Guide , Network Authentication with Kerberos .

Restricting Access to Removable Media

Use udisks2 to restrict access to removable media. For more information, see the Security and Hardening Guide .

seccheck: Autologout Functionality

The seccheck package comes with a shell script that allows configuring autologout functionality. For more information, install the seccheck package and see the help output:

/usr/lib/secchk/ --help

Note: The autologout cron job is disabled by default. To enable the functionality, uncomment the cron job line.

Networking Remote Login with XDMCP #

Depending on your XDMCP client, the following configurations are supported:

If both Xephyr and Xnest are available as the X client, Xephyr is the preferred client to use. How to enable the wicked "nanny" framework #

Within the wicked family of tools, the nanny daemon is a policy engine that is responsible for asynchronous or unsolicited scenarios such as hotplugging devices.

The nanny framework is not enabled by default in SUSE Linux Enterprise 12. To enable it either temporarily specify "nanny=1" on the boot prompt or activate it in /etc/wicked/common.xml :


After a change at runtime, restart the network:

systemctl restart wickedd.service
wicked ifup all

For more information, see the SUSE Linux Enterprise Admin Guide , Section The wicked Network Configuration . The cachefilesd User-space Daemon #

The cachefilesd has been included with a SLE 11 SP2 maintenance update.

The cachefilesd user-space daemon manages persistent disk-based caching of files that are used by network file systems such as NFS. cachefilesd can help with reducing the load on the network and on the server because some of the network file access requests get served by the local cache. PCI multifunction device support LAN, ISCSI and FCoE #

see bnc #841170 initial description and detailed info esp. in comment #1

YaST FCoE client ( yast2 fcoe-client ) is enhanced to show the private flags in additional columns to allow the user to select the device meant for FCoE. YaST network module ( yast2 lan ) excludes storage only devices for network configuration. Underlying tool hwinfo reads private flags from device and provides info for YaST. Passing Options to /etc/resolv.conf #

With NETCONFIG_DNS_RESOLVER_OPTIONS in /etc/sysconfig/network/config you can specify arbitrary options that netconfig will write to /etc/resolv.conf .

For more information about available options, see the resolv.conf man page. IP-over-InfiniBand (IPoIB) Mode Configuration #

When creating or editing a configuration for an IPoIB device via yast2-network ( YaST Control Center > Network Settings ) it is possible to select its mode. The device's ifcfg is updated accordingly.

New XFS On-disk Format #

SUSE Linux Enterprise 12 supports the new on-disk format (v5) of the XFS file system. XFS file systems created by YaST will use this new format. The main advantages of this format are automatic checksumming of all XFS metadata, file type support, and support for a larger number of access control lists for a file.

Caveat: Pre SLE 12 kernels, xfsprogs before version 3.2.0, and the grub2 bootloader before the one released in SLE 12 do not understand the new file system format and thus refuse to work with it. This can be problematic if the file system should also be used from older or other distribution.

If you require interoperability of the XFS file system with older or other distributions, format the filesystem manually using the mkfs.xfs command. That will create a filesystem in the old format unless you use the "-m crc=1" option.

Read-Only Root File System

It is possible to run SUSE Linux Enterprise 12 on a shared read-only root file system. A read-only root setup consists of the read-only root file system, a scratch and a state file system. The /etc/rwtab file defines, which files and directories on the read-only root file system are replaced with which files on the state and scratch file systems for each system instance.

The readonlyroot kernel command line option enables read-only root mode; the state= and scratch= kernel command line options determine the devices, on which the state and scratch file systems are located.

In order to set up a system with a read-only root file system, set up a scratch file system, set up a file system to use for storing persistent per-instance state, adjust /etc/rwtab as needed, add the appropriate kernel command line options to your boot loader configuration, replace /etc/mtab with a symlink to /proc/mounts as described below, and (re)boot the system.

Replace /etc/mtab with the appropriate symbolic links:

ln -sf /proc/mounts /etc/mtab

See the rwtab(5) manual page for more information and ( for limitations on System z.

Precision Time Protocol Version 2 Support

Time synchronization with microsecond precision across a group of hosts in a data center is challenging to achieve without extra hardware.

Support for Precision Time Protocol version 2 leveraging the new time synchronizaton feature of modern network interface cards has been included in SUSE Linux Enterprise Server 12. For taking advantage of the precise time synchronization install the new linuxptp package and refer to the documentation in the /usr/share/doc/packages/linuxptp directory.

schedtool: Replaced by chrt

schedtool has been replaced by chrt , which is part of the standard util-linux package. chrt also handles all scheduler classes.

Note, chrt requires a priority to be provided for all normal scheduling classes as well as realtime classes. For example, to set your shell to SCHED_FIFO priority 1, enter:

chrt -p -f 1 $$

To set it back to SCHED_OTHER:

chrt -p -o 0 $$

'0' is the only valid (and required) priority for SCHED_OTHER, SCHED_BATCH, and SCHED_IDLE classes, priorities 1-99 are realtime priorities.

Exporting NFSv4 Shares

On SUSE Linux Enterprise 11, the bind mount in /etc/exports was mandatory. It is still supported, but now deprecated.

Configuring directories for export with NFSv4 is now the same as with NFSv3.

Intel AMT (Active Management Technology) Support

Intel AMT (Active Management Technology) is hardware-based technology for remotely managing and securing PCs out-of-band.

Intel MEI (Management Engine Interface) is a driver in Linux kernel, it allows applications to access the Intel ME (Management Engine) FW via the host interface; and the MEI driver is used by the AMT Local Manageability Service (LMS).

Configure Usage of Delta RPMs #

To change the usage of delta RPMs during the update it was needed to edit /etc/zypp/zypp.conf and set download.use_deltarpm to 'false'.

In the YaST Online Update Configuration dialog you can now activate delta RPMs usage by checking Use delta rpms . This setting will change the configuration file in the background.

SuSEconfig.permissions Replaced by chkstat #

It is no longer possible to set file permissions with SuSEconfig --module permissions .

If you want to set the file permissions as defined in /etc/permissions.* , run

chkstat --system

NFS Tuning #

On systems with a high NFS load, connections may block.

To work around such performance regressions with NFSv4, you could open more than one TCP connection to the same physical host. This could be accomplished with the following mount options:

To request that the transport is not shared use

mount -o sharetransport=N server:/path /mountpoint

Where N is unique. If N is different for two mounts, they will not share the transport. If N is the same, they might (if they are for the same server, etc).

Performance and Scaling Improvements to Support 16S/24TB Systems

Currently, reading /proc/vmcore is done by read_oldmem that uses ioremap/iounmap per a single page. For example, if memory is 1GB, ioremap/iounmap is called 1GB / 4KB times, that is 262144 times. This causes big performance degradation due to repeated page table changes, TLB flush, and build-up of VM related objects.

To address the issue, SLES does the following:

The current main user of this mmap call is makedumpfile, which not only reads memory from /proc/vmcore but also does processing like filtering, compression, and I/O work.

Linux Paging Improvements

High swapping activity on Linux system, for example when triggering a file system backup, although the SAP applications are sized to completely fit into the system's main memory. This results in bad response times on the application level.

SLES allows the system administrator to limit the amount of page cache that the kernel uses if there is competition between application memory and page cache. Once the page cache is filled to the configured limit, application memory is more important and should not be paged out.

Two new Linux kernel tunables have been introduced:

No pages will be paged out if the memory footprint of the workload plus the configured page cache limit do not exceed the amount of physical RAM in the system. If paging needs to occur, the Linux kernel will still favor to keep application memory over page cache unless we are below the page cache limit.

If there is plenty of free memory, the kernel will continue to use it as page cache in order to speed up file system operations.

Mounting NFS Volumes Locally on the Exporting Server

With SUSE Linux Enterprise 12, it is now possible to mount NFS volumes locally on the exporting server.

Support for the Btrfs File System

Btrfs is a copy-on-write (CoW) general purpose file system. Based on the CoW functionality, Btrfs provides snapshoting. Beyond that data and metadata checksums improve the reliability of the file system. Btrfs is highly scalable, but also supports online shrinking to adopt to real-life environments. On appropriate storage devices Btrfs also supports the TRIM command.


With SUSE Linux Enterprise 12, Btrfs is the default file system for the operating system, xfs is the default for all other use cases. We also continue to support the Ext-family of file systems, Reiserfs and ocfs2. Each file system offers disctinct advantages. Customers are advised to use the YaST partitioner (or AutoYaST) to build their systems: YaST will prepare the Btrfs file system for use with subvolumes and snapshots. Snapshots will be automatically enabled for the root file system using SUSE's snapper infrastructure. For more information about snapper, its integration into ZYpp and YaST, and the YaST snapper module, see the SUSE Linux Enterprise documentation.

Migration from "Ext" and Reisefs File Systems to Btrfs

Migration from existing "Ext" file systems (Ext2, Ext3, ext4) and Reiserfs is supported "offline" and "in place", if the original filesystem has been created with a 4k block size (this is the case for most file systems on the x86-64 and System z architectures). Calling "btrfs-convert <device>" will convert the file system. This is an offline process, which needs at least 15% free space on the device, but is applied in place. Roll back: calling "btrfs-convert -r <device>" will roll back. Caveat: when rolling back, all data will be lost that has been added after the conversion into Btrfs; in other words: the roll back is complete, not partial.


Btrfs is supported on top of MD (multiple devices) and DM (device mapper) configurations. Use the YaST partitioner to achieve a proper setup. Multivolume Btrfs is supported in RAID0, RAID1, and RAID10 profiles in SUSE Linux Enterprise 12, higher RAID levels are not yet supported, but might be enabled with a future service pack.

SWAP files

Using swap files on top of Btrfs is not supported. In general, we are advising to use partitions for swapping, and not swap files on top of any file system for performance reasons.

Future Plans

Filesystem Maintenance, Online Check, and Repair Functionality

Check and repair functionality ("scrub") is available as part of the Btrfs command line tools. "Scrub" is aimed to verify data and metadata assuming the tree structures are fine. "Scrub" can (and should) be run periodically on a mounted file system: it runs as a background process during normal operation.

We recommend to apply regular "maintenance" to the Brtfs file system to optimize performance and disk usage. Specifically we recommend to "balance" and "defrag" the file system on a regular basis. Check the "btrfs-maintenance" package and see the SUSE Linux Enterprise documentation for more information.

Capacity Planning

If you are planning to use Btrfs with its snapshot capability, it is advisable to reserve twice as much disk space than the standard storage proposal. This is automatically done by the YaST2 partitioner for the root file system.

Backward compatibility - Hard Link Limitation

Previous products had a limitation on low hard link count per file in a directory. This has been fixed and is 65535 now. It requires a file system created with "-O extref", which is done by default. Caveat: Such a file system might not be mountable on older products.

Backward compatibility - Enhanced metadata

The file systems are by default created with a more space efficient format of metadata, the feature is called "skinny-metadata" for mkfs. Caveat: Such a file system will not be mountable on previous products.

Backward compatibility - metadata block size is 16k

The default metadata block size has changed to 16 kilobytes, reducing metadata fragmentation. Caveat: Such a file system will not be mountable on older products.

Other Limitations

At the moment, Btrfs is not supported as a seed device.

For More Information

For more information about Btrfs, see the SUSE Linux Enterprise documentation.

Default File System #

With SUSE Linux Enterprise 12, the default file system in new installations was changed from Ext3 to Btrfs for the root system partition. XFS is the default file system for the /home partition and other data partitions.

In the expert partitioner, the default file system is Btrfs. The user can change it if another file system is more suitable to accomplish the intended work load.

Data Deduplication Support with Btrfs #

Identical data should not be stored more then once to save storage space.

SUSE Linux Enterprise supports the data deduplication feature of the Btrfs file system. To achieve the deduplication it replaces identical contents (blocks) with logical links to a single copy of the block in a common storage location.

The deduplication is performed out-of-band (also called post-process or offline) using a specialized tool.

PV command to display the PE's in use by LVs #

The command looks like: pvs -o vg_name,lv_name,pv_name,seg_pe_ranges VG LV PV PE Ranges /dev/sdb5 /dev/sdb6 /dev/sdb7 /dev/sdb8 system root /dev/xvda2 /dev/xvda2:0-1782 system swap /dev/xvda2 /dev/xvda2:1783-200

GRUB2 and GUID Partition Table (GPT) Disks

GRUB2 offers support for PReP partitions on GUID Partition Table (GPT) disks.

Meaningful names for "md" RAID devices

Names for "md" RAID devices, particularly as they appear in /proc/mdstat, traditionally have numeric names like "md4". Working with these names can be clumsy.

In SLE-12 the option is available to use textual names. Adding the line CREATE names=yes to /etc/mdadm.conf will cause names like md_home to be used in place of e.g. md127 if a name was given when creating the array. This will likely be enabled by default in future releases of SLE.

Btrfs: Parameter to Enable Unsupported Features

Btrfs has a number of features that for reasons of instability or immaturity SUSE chooses not to support in the enterprise releases. In order to avoid undesired failures, we can disable those features in the code.

The module parameter to enable unsupported features is called allow_unsupported.

To test out those unsupported features, you can enable them optionally with a module flag ( allow_unsupported=1 ) that also taints the module as unsupported. Alternatively, the same can be achieved by writing 1 to the module parameter exported in /sys/module/btrfs/parameters .

Denied mount:

Runtime operations that will be denied:

An attempt to mount or use a disallowed ioctl fails with an 'operation not supported' error code and prints a message into the syslog regarding the supportability and that allow_unsupported=1 would allow that.

Virtual Machine Driver Pack 2.2 #

SUSE Linux Enterprise Virtual Machine Driver Pack is a set of paravirtualized device drivers for Microsoft Windows operating systems. These drivers improve the performance of unmodified Windows guest operating systems that are run in virtual environments created using Xen or KVM hypervisors with SUSE Linux Enterprise Server 10 SP4, SUSE Linux Enterprise Server 11 SP3 and SUSE Linux Enterprise Server 12. Paravirtualized device drivers are installed in virtual machine instances of operating systems and represent hardware and functionality similar to the underlying physical hardware used by the system virtualization software layer.

SUSE Linux Enterprise Virtual Machine Driver Pack 2.2 new features include:

For more information on VMDP2.2 refer to the official documentation.

XEN Importing SLES 11 Managed Domains from xend to libvirt #

The new xen2libvirt tool provides an easy way to import domains managed by the deprecated xm/xend toolstack into the new libvirt/libxl toolstack. Several domains can be imported at once using its --recursive mode. XEN Migration from xend/xm to xl/libxl #

For more information about the migration from xend/xm to xl/libxl , see the Virtualization Guide . XEN: Pygrub Improvement #

The pygrub command is used to boot a virtual Xen machine according to a certain menu.lst entry. Since SLES 11 SP3 pygrub accepts the new flag [-l|--list_entries] to show GRUB entries in the guest.

SLES as a Hyper-V Gen2 VM

Windows Server 2012 R2 will support Gen2 VMs. For more information, see ( .

SLES 12 has been modified to provide full Gen2 VM support. Hyper-V Gen2 technology support: PXE boot by using a standard network adapter, boot from a SCSI virtual hard disk, boot from a SCSI virtual DVD, secure Boot (enabled by default), UEFI firmware support.


Libguestfs is a set of tools for accessing and modifying virtual machine disk images. It can be used for many virtual image managements tasks such as viewing and editing files inside guests (only Linux one are enable), scripting changes to VMs, monitoring disk used/free statistics, performing partial backups, and cloning VMs. See the SLE Virtualization Guide for more information and usage.

Hyper-V: Update Drivers

The updated drivers provide the following features:

virt-manager: Default to Launching virt-install

virt-install is now the default installer when the Create VM button is selected in virt-manager. vm-install will still to be shipped on the media but will be supported as a deprecated tool: bugs may be fixed, but no new features will be added. For more information, see the SLE Virtualization Guide and respective man pages.

open-vm-tools Now Included

In the past, it was necessary to install VMware tools separately, because they had not been shipped with the distribution.

SUSE Linux Enterprise 12 includes the open-vm-tools package. These tools are pre-selected when installing on a VMware platform.

Partnering with VMware, SUSE provides full support for these tools. For more information, see " ( .

Support of "Movable Memory" in NUMA Systems

Memory that exists since boot is always managed by the NUMA zone ZONE_NORMAL. This memory has kernel memory, thus cannot be offlined, and subsequently cannot be hot-removed. One solution for this issue is to gather kernel memory on a special system board, and movable memory to other system boards.

To achieve this behaviour, use the kernel commandline option movable_node . If this boot option is set, Linux checks the hot-pluggable bit of Memory Structure Affinity in the ACPI SRAT Table; if this bit is enabled, the memory is managed by ZONE_MOVABLE, and thus the other system boards can be hot-removed.

CAVEAT: this boot option may have significant performance impact. Workloads that are very metadata intensive may not be able to use all memory because the bulk of memory is ZONE_MOVABLE. They will either suffer severely degraded performance or at the worst case, the OOM killer will fire. Similarly, workloads that require large amounts of address space may fail because they cannot allocate page tables. On NUMA machines, such workloads may still suffer degraded performance because all their page table pages are allocated remote to the workload.

Enabling the feature will also limit the availability of system memory for certain features, eg. tmpfs may only be using memory from ZONE_NORMAL and memory in ZONE_MOVABLE will be unavailable.

Summarizing, by enabling movable_node there is a trade-off between being able to hot-remove a full memory node versus workload performance, amount of memory that can be used and ability to even run a specific task. If you encounters one of the trade-offs, the only sensible option is to disable node memory hot-remove.

SUSE's Kernel team is working with the Linux community to find mitigations for those limitations as a long term goal.

Allow the BIOS to Keep Control of Error Correction Reporting and Threshold

In theory, platform firmware has better knowledge of the appropriate thresholds to use based on OEM knowledge of the failure rates of components in the platform.

Firmware first mode for corrected errors

SLES 12 kernel supports firmware first mode for corrected errors allowing firmware to take first control over memory error handling. Firmware then notifies Linux through APEI once memory errors exceed a platform defined threshold. On receipt of APEI notification, Linux immediately offlines pages in-kernel isolating problematic memory resulting in improved system reliability and uptime.

OpenLDAP Overlays as Modules

The overlays are not compiled in slapd anymore but they can be loaded as modules at runtime.

New installation:

If you are using slapd.conf insert "moduleload <module name>" into the global section.

If you are using the config back-end do the following steps:

1) Create "cn=Module" child entry:

echo "dn: cn=module,cn=config
Objectclass: olcModuleList
" | ldapadd -cY external -H ldapi:///

2) Define the modules that must be loaded. For example, to load memberof and accesslog execute

echo "dn: cn=module{0},cn=config
add: olcModuleload
olcModuleload: memberof
olcModuleload: accesslog
" | ldapmodify  -cY external -H ldapi:///


If you are using slapd.conf insert "moduleload <module name>" into the global section.

If you are using the config back-end do the following steps:

1) Create a ldif file for slapcat to load the needed modules. For example, if you are using the memeberof and accesslog overlays this is the right settings:

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}memberof
olcModuleLoad: {1}accesslog
structuralObjectClass: olcModuleList

2) Add this child to the slapd configuration:

cat slapcat.ldif | slapadd -b cn=config

New Packages


LTTng provides a set of tools allowing for efficient and combined tracing of userspace and kernel code referencing a common time source. This allows users to identify performance issues and debug problems in complicated code involving multiple concurrent processes and threads. In addition to the tracers, viewing and analysis tools are provided supporting both text and graphical formats. The kernel tracing functionality is implemented via a suite of loadable kernel modules. The loading of these modules and control of the tracing system is controlled by a single lttng utility.

Adding the 'dropwatch' Package and Enabling NET_DROP_MONITOR

The dropwatch feature will allow the customer to easily observe and diagnose network performance problems caused by dropped packets.

Thus the 'dropwatch' package was added and NET_DROP_MONITOR enabled.

Lightweight Desktop

For specific configurations, such as low memory, where the GNOME desktop environment does not suit, a lightweight desktop is needed.

icewm has been choosen as a lightweight desktop to fill this need on SUSE Linux Enterprise Server.

Samba: Changing "winbind expand groups" to "0"

Forthcoming Samba 4.2.0 provided by ( will come with "winbind expand groups" set to "0" by default.

Samba post 4.1.10 provided by SUSE anticipates the new default.

The new default makes winbindd more reliable because it does not require SAMR access to domain controllers of trusted domains.

Note: Some legacy applications calculate the group memberships of users by traversing groups; such applications will require winbind expand groups = 1 .

GNOME 3.10

We ship GNOME 3.10 with SUSE Linux Enterprise 12.

GNOME on SUSE Linux Enterprise is available in three different setups, which are modifying desktop user experience:

The setup can be changed at login time, in GDM, using the gear icon in the password prompt screen. It can also be modified using YaST, systemwide.


With SLE 11 after joining a Microsoft domain, GDM displayed the available domain names as a drop-down box below the user name and password fields. This behavior has changed.

With SLE 12, you must prefix the domain and the winbind separator manually to login. As soon as you click the 'Not listed?' text, GDM will display a hint such as '(e.g., domain\user)'.

Parted Upgraded to Version 3.1

Parted was upgraded version 3.1.

This version can no longer resize file systems contained within a partition. Parted can resize partititons, but to resize the contained file system, an external tool such as mkfs.ext4 has to be used.

Support for Qt5

We received requests to support QML as part of the Qt framework.

While Qt4 (minimum ver 4.8.2-260.1) would have been possible to use, directly upgrading to and supporting Qt5 (QML supported) is the better and more future proof solution.

supportconfig Output Contains dmidecode Information by Default

On platforms supporting dmidecode, the supportconfig tool now contains the dmidecode output.

Previously, this was done only when explicitely activated with a parameter, but the default changed to provide always now. This is done to deliver better support result.

Bluetooth Implementation BlueZ 5

BlueZ 4 is no longer maintained upstream. Thus upgrading to BlueZ 5 ensures that you will get all the latest upstream bug fixes and enhancements.

BlueZ 5 comes with numerous new features, API simplification and other improvements such as Low Energy support. It is new major version of the Bluetooth handling daemon and utilities.

Note: The new major version indicates that the API is not backwards compatible with BlueZ 4, which means that all applications, agents, etc. must be updated.

MOK List Manipulation Tools #

A Machine Owner Key (MOK) is a type of key that a user generates and uses to sign an EFI binary. This is a way for the machine owner to have ownership over the platform’s boot process.

Suitable tools are coming with the mokutil package.

MariaDB Replaces mySQL

MariaDB is a backward compatible replacement for mySQL.

If you update from SLE 11 to SLE 12, it is adviseable to do a manual backup before the system update. This could help if a start of the database has issues with the storage engine's on-disk layout.

After the update to SLE 12, a manual step is required to actually get the database running (this way you quickly see if something goes wrong):

touch /var/lib/mysql/.force_upgrade
rcmysql start
# => redirecting to systemctl start mysql.service
rcmysql status
# => Checking for service MySQL:
# => ...

YaST as a command line tool for managing packages is deprecated.

Instead of yast with the command line switches -i , --install , --update , or --remove for installing, updating, or removing packages, use zypper .

For more information, see the zypper man page.

libsysfs obsoleted by libudev

libsysfs has been deprecated and has been replaced by libudev. If you have self-compiled applications using libsysfs previously, you have to recomplie using libudev .

Raw Devices Are Deprecated

Raw devices are deprecated.

The Number of Kernel Modules in the kernel-extra Package Reduced

The following unsupported kernel modules have been dropped from the kernel-extra package:

suseRegister replaced by SUSEConnect

suseRegister was replaced by SUSEConnect .

Nagios Server Now Part of a SUSE Manager Subscription

Support for Icinga (a successor of Nagios) will not be part of the SUSE Linux Enterprise Server 12 subscription.

Fully supported Icinga packages for SUSE Linux Enterprise Server 12 will be available as part of a SUSE Manager subscription. In the SUSE Manager context we will be able to deliver better integration into the monitoring frameworks. Also more frequent updates on the monitoring server parts than in the past are planned.

GRUB2 Is the Supported Bootloader

GRUB2 is now available on all SUSE Linux Enterprise 12 architectures and is the only supported bootloader. Other bootloaders that were supported in SLE 11, have been removed from the distribution and are not available anymore.

Mono Platform and Programs No Longer Provided

Starting with SLE 12, the Mono platform and Mono based programs are no longer supported.

These are the replacement applications:

YaST No Longer Supports Configuring Modem Devices

YaST ( yast2-ntework ) no longer offers modem configuration dialogs.

It is still possible to configure modems manually.

YaST No Longer Supports Configuring ISDN Devices

YaST ( yast2-ntework ) no longer supports configuring ISDN devices. If needed, NetworkManager supports such devices.

YaST No Longer Supports Configuring DSL Devices

YaST ( yast2-ntework ) no longer supports configuring DSL devices. If needed, NetworkManager supports such devices (e.g., DSL cable modems).

Use /etc/os-release Instead of /etc/SuSE-release

Starting with SLE 12, /etc/SuSE-release file is deprecated. It should not be used to identify a SUSE Linux Enterprise system. This file will be removed in a future Service Pack or release.

The file /etc/os-release now is decisive. This file is a cross-distribution standard to identify a Linux system. For more information about the syntax, see the os-release man page ( man os-release ).

Sendmail #

The sendmail package is deprecated and will be discontinued with one of the next service packs. Consider to use Postfix as a replacement.

AppArmor: Normalized Command Names #

AppArmor now offers normalized command names:

Legacy module-init-tools Replaced with kmod

Kmod package is a replacement of the former module-init-tools . In addition to the well known tools like lsmod , modprobe , and modinfo , the package offers a shared library for use by system management services which need to query and manipulate Linux kernel modules.

NetwokManager Part of the Workstation Extension #

NetwokManager, primarily used on Desktops and Notebooks where one user is working with one specific machine, is now part of the Workstation Extension. For all the other use cases, and especially all server workloads, the default provided by SLES is Wicked . <emWicked

Dovecot as a Replacement for cyrus-imapd

SLES 12 does not offer the cyrus-imapd package and hence Cyrus IMAP and POP Mail Server is not available on SLES 12.

Users should consider a migration to Dovecot . SLES 12 does not provide utilities for the migration however there are some community tools:


There is no yast support for dovecot configuration. If you want to deliver local mails to dovecot follow this steps:

  1. Set MAIL_CREATE_CONFIG to "no" in /etc/sysconfig/mail to prohibit yast2 to override your configuration.
  2. Set mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" in /etc/postfix/
  3. Set mail_location = maildir:~/Maildir or to your prefered value in /etc/dovecot/conf.d/10-mail.conf
  4. Set a normal user as alias for root in /etc/aliases. Delivery to the user "root" is not possible.
  5. Execute following commands:
  1. postalias /etc/aliases
  2. systemctl restart postfix
  3. systemctl enable dovecot
  4. systemctl start dovecot


The postfix_mda tag of the mail section may only contains following values: local, procmail .

Replacing syslog-ng and syslog With rsyslog #

On new installations, rsyslog will get installed instead of the former syslog-ng and syslog .

CUPS Version Upgrade to 1.7

CUPS >= 1.6 has major incompatible changes compared to CUPS up to version 1.5.4 in particular when printing via network:

The IPP protocol default version increased form 1.1 to 2.0. Older IPP servers like CUPS 1.3.x (e.g. in SLE11) reject IPP 2.0 requests with "Bad Request" (see ( ). By adding '/version=1.1' to ServerName in client.conf (e.g., ServerName or to the CUPS_SERVER environment variable value or by adding it to the server name value of the '-h' option (e.g., lpstat -h -p) the older IPP protocol version for older servers must be specified explicitly.

CUPS Browsing is dropped in CUPS but the new package cups-filters provides the cups-browsed that provides basic CUPS Browsing and Polling functionality. The native protocol in CUPS for automatic client discovery of printers is now DNS-SD. Start cups-browsed on the local host to receive traditional CUPS Browsing information from traditional remote CUPS servers. To broadcast traditional CUPS Browsing information into the network so that traditional remote CUPS clients can receive it, set "BrowseLocalProtocols CUPS" in /etc/cups/cups-browsed.conf and start cups-browsed.

Some printing filters and back-ends are dropped in CUPS but the new package cups-filters provides them. So cups-filters is usually needed (recommended by RPM) but cups-filters is not strictly required.

The cupsd configuration directives are split into two files: cupsd.conf (can also be modified via HTTP PUT e.g. via cupsctl) and cups-files.conf (can only be modified manually by root) to have better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes (see ( , CVE-2012-5519, and SUSE Bugzilla bnc#789566).

CUPS banners and the CUPS test page are no longer supported since CUPS >= 1.6. The banners and the test page from cups-filters must be used. The CUPS banner files in /usr/share/cups/banners/ and the CUPS testpage /usr/share/cups/data/testprint (which is also a CUPS banner file type) are no longer provided in the cups RPM because they do no longer work since CUPS >= 1.6 (see because there is no longer a filter that can convert the CUPS banner files. Since CUPS >= 1.6 only the banner files and testpage in the cups-filters package work via the cups-filters PDF workflow and the cups-filters package also provides the matching bannertopdf filter.

For details, see the SUSE Bugzilla bnc#735404 issue.

Traditional CUPS version 1.5.4 Provided in the Legacy Module

We provide the last traditional CUPS version 1.5.4 as "cups154" RPMs in the "legacy" module. If CUPS version 1.7 does not support particular needs, you can still use CUPS 1.5.4 (under the conditions of the "legacy" module). This could be important, if you need a traditional CUPS server with original CUPS Browsing features.

For those users any (semi)-automated CUPS version upgrade must be prohibited because CUPS > 1.5.4 has major incompatible changes compared to CUPS <= 1.5.4. Therefore the CUPS 1.5.4 RPM package name contains the version and it conflicts with higher versions. This way we avoid that an installed CUPS 1.5.4 gets accidentally replaced with a higher version. It is not possible to have different CUPS libraries versions installed at the same time.

The API in CUPS 1.7 is compatible with the CUPS 1.5.4 API (existing functions are not changed) but newer CUPS libraries provide some new functions. There could be applications that might use newer CUPS library functions so that such applications would require the current CUPS 1.7 libraries. It is not possible to use CUPS 1.5.4 together with applications that require the current CUPS 1.7 libraries.

PDF Now Common Printing Data Format

There is a general move away from PostScript to PDF as the standard print job format. This change is advocated by the OpenPrinting workgroup of the Linux Foundation and the CUPS author.

This means that application programs usually no longer produce PostScript output by default when printing but instead PDF.

As a consequence the default processing how application programs printing output is converted into the "language" that the particular printer accepts (the so called "CUPS filter chain") has fundamentally changed from a PostScript-centric workflow to a PDF-centric workflow.

Accordingly the upstream standard for CUPS under Linux (using CUPS plus the cups-filters package) is now PDF-based job processing, letting every non-PDF input be converted to PDF first, page management options being applied by a pdftopdf filter and Ghostscript being called with PDF as input.

With PDF as the standard print job format traditional PostScript printers can no longer print application's printing output directly so that a conversion step in the printing workflow is required that converts PDF into PostScript. But there are also PostScript+PDF printers that can print both PostScript and PDF directly.

For details, see the section "Common printing data formats" in the SUSE wiki article "Concepts printing" at ( .

8.5.7 groff: /etc/papersize No Longer Depends on sysconfig Variables #

/etc/papersize no longer inherits settings from /etc/sysconfig/language when running SuSEconfig .

Set /etc/papersize directly, e.g.:

echo "letter" > /etc/papersize

For details, see man 5 groff_font ('papersize string').

Advanced Systems Management Module

This Module gives you a sneak-peak into our upcoming systems management toolbox which allows you to inspect systems remotely, store their system description and create new systems to deploy them in datacenters and clouds. The toolbox is still in active development and will get regular updates. We welcome feedback!

Access to this module is included in your SUSE Linux Enterprise Server subscription. The module has a different lifecycle than SUSE Linux Enterprise Server itself: as stability of APIs and ABIs is not yet guarateed, we support this technology only on systems which apply all our updates to this channel in a timely manner.

The package is called machinery, for more information see Machinery Project Website ( .

SUSE Linux Enterprise Public Cloud Module 12

The Public Cloud Module is a collection of tools that enables you to create and manage cloud images from the commandline on SUSE Linux Enterprise Server. When building your own images with KIWI or SUSE Studio, initialization code specific to the target cloud is included in that image.

Access to the Public Cloud Module is included in your SUSE Linux Enterprise Server subscription. The module has a different lifecycle than SUSE Linux Enterprise Server itself. Packages usually follow the upstream development closely to enable you to take advantage of the most recent development in the public cloud space.

libvirt Libvirt Integrated Linux Containers #

Since SUSE Linux Enterprise Server 12, LXC is integrated into the libvirt library. This decision has several advantages over using LXC as a separate virtualization solution. The extra LXC component is obsolete now. Discard Support for File Backed Storage #

Guest block devices provided by files instead of physical storage did grow over time, even if parts of it are unused. The guest file system had no way to notify the back-end about unused blocks. As a result, the backing store required more disk space than needed.

libxl and libvirt provide settings for file backed storage to handle discard requests from KVM and Xen guests. Xen guests have discard support enabled per default. For KVM guests discard must be enabled in the guest configuration file.

In case the backing file was intentional created non-sparse the discard support must be disabled to avoid fragmentation of the file. The xl domU.cfg syntax looks like this:

'format=raw, no-discard, vdev=xvdm, target=/images/discard-off.raw'

For libvirt based guests, the option discard='ignore' must be added to the devices driver part of the XML file.

Discard requires file system support. For local file systems, only xfs and ext4 support the hole punching feature. Remote storage such as NFS has no support for discard , even if the backing store on the server would support it. Host-Side VM Auditing Enhancements #

libvirt now communicates with the Linux auditing subsystem on the host to issue records for a number of VM operations. This enhancement allows administrative users to collect a detailed audit trail of VM lifecycle events and resource assignments. A new tool, auvirt, is available to conveniently search the Linux audit trail for VM events.

Additional information on VM auditing is available in this article: Kvm libvirt audit ( libvirt: dynamic allocation of Virtual Functions (VFs) #

Dynamic assignment from a pool of VFs will allow to utilize SR-IOV cards and VM migration. libvirt: Support DHCP Snooping and Dynamic ARP Inspection #

Libvirt now support DHCP Snooping and Dynamic ARP Inspection to protect the network from rogue DHCP servers and to drop packets with invalid IP/MAC bindings to/from the guests. libvirt: extend support for 802.1Qbg #

Qbg enabled switches to perform better when migration VMs from one switch port to another. Enhancement of Qemu/KVM guest migration to include hooks to 'de-associate or move to pre-associate' on source prior to suspend and restart on target. libvirt: extend support for lldpad synchronization #

When the VSI information is modified in the switch, lldpad synchronization keeps the VMs from losing network connectivity.

Yast2-vm improvement #

The new Yast2 virtualization tools allow you to install only selected components for Xen, KVM or containers: the server part (hypervisor only), or/and all tools needed to do administration of VM guests. The yast module name as changed, the old named as changed to virtualization , so to launch from command line use:

yast2 virtualization
Hyper-V: Time Synchronization

The system time of a guest will drift several seconds per day.

To maintain an accurate system time it is recommended to run ntpd in a guest. The ntpd daemon can be configured with the YaST NTP Client module. In addition to such a configuration, the following two variables must be set manually to yes in /etc/sysconfig/ntp :


Technical Information #

This section contains information about system limits, a number of technical changes and enhancements for the experienced user.

When talking about CPUs we are following this terminology:

CPU Socket
The visible physical entity, as it is typically mounted to a motherboard or an equivalent.
CPU Core
The (usually not visible) physical entity as reported by the CPU vendor.

On System z this is equivalent to an IFL.

Logical CPU
This is what the Linux Kernel recognizes as a "CPU".

We avoid the word "thread" (which is sometimes used), as the word "thread" would also become ambiguous subsequently.

Virtual CPU
A logical CPU as seen from within a Virtual Machine.

9.1 Virtualization: Network Devices Supported #

SLE12 support the following virtualized network drivers:

9.2 Virtualization: Devices Supported for Booting #

SLE12 support VM guest to boot from:

Boot from USB and PCI pass-through devices are not supported.

9.3 Virtualization: Supported Disks Formats and Protocols #

Currently, the disk formats raw , qed (only KVM), qcow (ony Xen) and qcow2 has Read-Write (RW) support. The vmdk , vpc , vhd/vhdx are only supported in Read-Only (RO) mode. The http , https , ftp , ftps , tftp protocols are supported for Read-Only access to images.

Under Xen the qed format will not be displayed as a selectable storage under virt-manager .

9.4 Kernel Limits #

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 11.

SLES 12 (3.12) x86_64 s390x ppc64le
CPU bits 64 64 64
max. # Logical CPUs 8192 256 2048
max. RAM (theoretical / certified) > 1 PiB/64 TiB 4 TiB/256 GiB 1 PiB/64 TiB
max. user-/kernelspace 128 TiB/128 TiB φ/φ 2 TiB/2 EiB
max. swap space up to 29 * 64 GB (x86_64) or 30 * 64 GB (other architectures)
max. # processes 1048576
max. # threads per process Maximum limit depends on memory and other parameters (Tested with more than 120000).
max. size per block device and up to 8 EiB on all 64-bit architectures


9.4.1 The Number of Kernel Modules in the kernel-extra Package Reduced #

The following unsupported kernel modules have been dropped from the kernel-extra package:

9.5 KVM Limits #

SLES 12 GA Virtual Machine (VM) Limits
Max VMs per host unlimited (total number of virtual CPUs in all guests being no greater than 8 times the number of CPU cores in the host)
Maximum Virtual CPUs per VM 256
Maximum Memory per VM 4 TiB
Maximum Virtual Block Devices per VM 20 virtio-blk, 4 IDE
Maximum number of Network Card per VM 8

Virtual Host Server (VHS) limits are identical to SUSE Linux Enterprise Server.

9.5.1 Virtualization: Supported Live Migration Scenarios #

The following KVM host operating system combinations will be fully supported (L3) for live migrating guests from one host to another:

The following KVM host operating system combinations will be fully supported (L3) for live migrating guests from one host to another, later when released:

All guests as outlined in the Virtualization Guide , chapter Supported VM Guests , are supported.

Backward migration is not supported:

9.6 Xen Limits #

Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as a virtualization host. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.

SLES 12 GA Virtual Machine (VM) Limits
Maximum VMs per host 64
Maximum Virtual CPUs per VM 64
Maximum Memory per VM 16 GiB x86_32, 512 GiB x86_64
Max Virtual Block Devices per VM 100 PV, 100 FV with PV drivers, 4 FV (Emulated IDE)
SLES 12 GA Virtual Host Server (VHS) Limits
Maximum Physical CPUs 256
Maximum Virtual CPUs 256
Maximum Physical Memory 5 TiB
Maximum Dom0 Physical Memory 500 GiB
Maximum Block Devices 12,000 SCSI logical units
Maximum iSCSI Devices 128
Maximum Network Cards 8
Maximum VMs per CPU Core 8
Maximum VMs per VHS 64
Maximum Virtual Network Cards 64 across all VMs in the system

In Xen 4.4, the hypervisor bundled with SUSE Linux Enterprise Server 12, Dom0 is able to see and handle a maximum of 512 logical CPUs. The hypervisor itself, however, can access up to logical 256 logical CPUs and schedule those for the VMs.

For more information about acronyms please refer to the official Virtualization Documentation.

9.6.1 Migrate VMs from SLE11/xend to SLE12/libxl Using Live Migration #

SLE 10 and SLE 11 use xend to manage guests. SLE 12 uses libxl to manage guests. Live migration from xend to libxl is not implemented, nothing in a libxl based tool stack is able to receive guests from xend. Furthermore, the data format which describes guest configuration differs slightly between xend and libxl.

The same applies to VMs managed by libvirtd because it uses either xend or libxl to manage a VM.

At this point live migration from xend based hosts (SLE 10/SLE 11) to libxl based hosts (SLE12) is not possible. Shutdown the guest on the SLE 11 host and start it again on the SLE 12 host. For more information about this xend/xm to xl/libxl , refer to the Official Virtualization Documentation .

9.7 File Systems #

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later we introduced xfs to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel read- and write-operations. With SUSE Linux Enterprise 12 we are going the next step of innovation and are using the Copy on Write file system btrfs as the default for the operating system, to support system snapshots and rollback.

Feature Btrfs XFS Ext4 Reiserfs OCFS 2 **
Data/Metadata Journaling N/A ˆ/•   ˆ/• ˆ/•
Journal internal/external N/A •/• •/ˆ    
Offline extend/shrink •/• ˆ/ˆ •/• •/ˆ  
Online extend/shrink •/• •/ˆ •/ˆ •/ˆ •/ˆ
Inode-Allocation-Map B-tree B+-tree table u. B*-tree table
Sparse Files        
Tail Packing ˆ ˆ  
Defrag ˆ      
ExtAttr / ACLs •/•        
Dump/Restore ˆ ˆ    
Blocksize default 4KiB
max. Filesystemsize [1] 16 EiB 8 EiB 1 EiB 16 TiB 4 PiB
max. Filesize [1] 16 EiB 8 EiB 1 EiB 1 EiB 4 PiB
  * Btrfs is copy-on-write file system. Rather than journaling changes before writing them in-place, it writes them to a new location, then links it in. Until the last write, the new changes are not "committed". Due to the nature of the filesystem, quotas are implemented based on subvolumes ("qgroups"). The blocksize default varies with different host architectures. 64KiB is used on ppc64le, 4KiB on most other systems. The actual size used can be checked with the command "getconf PAGE_SIZE".
  ** OCFS2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.
  *** Reiserfs is supported for existing filesystems, the creation of new reiserfs file systems is discouraged.

The maximum file size above can be larger than the file system's actual size due to usage of sparse blocks. Note that unless a file system comes with large file support (LFS), the maximum file size on a 32-bit system is 2 GB (2^31 bytes). Currently all of our standard file systems (including ext3 and ReiserFS) have LFS, which gives a maximum file size of 2^63 bytes in theory. The numbers in the above tables assume that the file systems are using 4 KiB block size. When using different block sizes, the results are different, but 4 KiB reflects the most common standard.

In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024 GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also

NFSv4 with IPv6 is only supported for the client side. A NFSv4 server with IPv6 is not supported.

This version of Samba delivers integration with Windows 7 Active Directory Domains. In addition we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability 11 SP3.

9.7.1 File System Layout #

For general information about the file system layout, see the Administration Guide, Chapter Snapper.

Additional Information

/run/media/<user_name> is now used as top directory for removable media mount points. It replaces /media , which is not longer available.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Available on the Product Media

Externally Provided Documentation



FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  


Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least

Copyright © 1996-2016 by Dr. Nikolai Bezroukov. was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: August 13, 2017