Linus Torvalds released the Linux 5.1 kernel update on May 5, providing users of the open-source operating system with new features that will help to improve performance, stability, and security.
The Linux kernel is at the core of any Linux-based operating system, providing drivers, CPU, storage, networking and memory enablement. In Linux 5.1, performance is enhanced via a new asynchronous I/O interface, as well as the ability to better use persistent memory as RAM. Security gets a boost in Linux 5.1 with the SafeSetID Linux Security Module (LSM).
“On the whole, 5.1 looks very normal with just over 13k commits (plus another 1k+ if you count merges, which is pretty much our normal size these days, “Torvalds wrote in his 5.1 kernel release announcement. “No way to boil that down to a sane shortlog, with work all over.”
The 5.1 kernel is the second major Linux kernel release of 2019 and follows the release of the Linux 5.0 kernel that became available on March 3.
Security
Among the many different security capabilities that are integrated into Linux is the concept of the Linux Security Module (LSM). Two of the most well-known LSMs are SELinux, which is commonly found in Red Hat based systems and AppArmor which is used by Ubuntu and its’ derivatives.
In Linux 5.1, the SafeSetID LSM module is being added, providing yet another option for Linux administrators to provide security and policy controls.
“SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist,” Linux developer Micah Morton wrote in his kernel commit message. “These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings.”
User ID (UID) and Group ID (GID) are ways to identify users and groups within a Linux system and are the basic units of identification and control used for SafeSetID.
Persistent Memory
Linux has long enabled regular storage devices including hard drives to be used for limited forms of memory usage, including swap space. With Linux 5.1, administrators will now be able to more fully use storage, and specifically a class of storage now often referred to as “persistent memory” as regular system memory.
“This is intended for use with NVDIMMs that are physically persistent (physically like flash) so that they can be used as a cost-effective RAM replacement,” Linux developer Dave Hansen wrote in his kernel commit message. “Intel Optane DC persistent memory is one implementation of this kind of NVDIMM.”
Live Patching Improvements
Linux has integrated live patching capabilities since the Linux 4.0 release in April 2015. Live patching enables a running system to be patched without the need for a full system reboot. With Linux 5.1 a new capability is being added to live patching, that is called Atomic Replace.
“It (Atomic Replace) allows the creation of so-called “Cumulative Patches”,” the Linux kernel documentation on the new feature states. “They include all wanted changes from all older live patches and completely replace them in one transition.”