Version 11.1.9 (2012-02-10)
These release notes are generic for all SUSE Linux Enterprise Desktop 11 based products. Some parts may not apply to particular architectures or products. Where this is not obvious, the respective architectures are listed explicitly.
A startup and preparation guide can be found in the
docu directory on the media. Any documentation
(if installed) can be found below
/usr/share/doc/ in the installed system.
This Novell product includes materials licensed to Novell under the GNU General Public License (GPL). The GPL requires that Novell make available certain source code that corresponds to those GPL-licensed materials. The source code is available for download at http://www.novell.com/linux/source. Also, for up to three years from Novell's distribution of the Novell product, Novell will upon request mail a copy of the source code. Requests should be sent by e-mail to email@example.com or as otherwise instructed at http://www.novell.com/linux/source. Novell may charge a fee to recover the costs of distribution, within reason.
SUSE Linux Enterprise Desktop is the market's only enterprise-quality Linux desktop ready for routine business use. Developed and backed by Novell, SUSE Linux Enterprise Desktop provides market-leading usability, seamless interoperability with existing IT systems, and dozens of essential applications—all at a fraction of the price of proprietary operating systems. It comes bundled with the latest versions of leading applications such as LibreOffice office productivity suite, Mozilla Firefox web browser, and Novell Evolution email and calendar suite. In addition, it integrates with Microsoft SharePoint and Novell Teaming for group collaboration and supports a wide range of multimedia file formats, wireless and networking standards, and plug-and-play devices.
Through the latest enhancements in power management and security, SUSE Linux Enterprise Desktop also provides an environmentally friendly IT experience (Green IT) and an error-proof desktop. Finally, SUSE Linux Enterprise Desktop unparalleled flexibility. You can deploy it on a wide range of thick client devices (including desktops, notebooks, netbooks, and workstations), on thin client devices, or as a virtual desktop. By leveraging the power of SUSE Linux Enterprise Desktop, your business can dramatically reduce costs, improve end-user security and increase workforce productivity.
There is no single standard for Access Control Lists (ACL) in Linux
beyond the simple user/group/others-rwx flags. One option for finer
control are so-called "Draft Posix ACLs", which were never formally
standardised by Posix. Another is the NFSv4 ACLs, which were design
to be part of the NFSv4 network filesystem with the goal of making
something that provided reasonable compatability between Posix
systems (like Linux) and WIN32 systems (like Microsoft Windows). It
turns out that NFSv4 ACLs are not sufficient to correctly implement
Draft Posix ACLs so no attempt has been made to map ACL accesses on
an NFSv4 client (using e.g.
So when using NFSv4, Draft Posix ACLs cannot be used even in
emulation and NFSv4 ACLs need to be used directly; i.e., while
setfacl can work on NFSv3, it cannot work on
To allow NFSv4 ACLs to be used on an NFSv4 filesystem we provide the "nfs4-acl-tools" package which contains:
These operate in a generally simillar way to
for examining and modifying NFSv4 ACLs.
Note that these can only be effective if the filesystem on the NFS server provides full support for NFSv4 ACLs. Any limitation imposed by the server will be felt by these programs running on the client in that some particular combinations of Access Control Entries (ACEs) may not be possible.
A future release of Linux may support "richacls", which are designed to provide access to NFSv4 ACLs in a way that is more integrated with other filessytems. If and when these become available we will need to transition from using nfs4-acl-tools towards whatever support tools will come with "richacls".
The common PAM configuration files
/etc/pam.d/common-*) are now created and managed
In addition to AppArmor, SELinux capabilities were added as Technology Preview to SUSE Linux Enterprise Desktop 11 Service Pack 1, which will allow users to enable SELinux in SUSE Linux Enterprise Desktop Service Pack 1, if they wish.
What does SELinux basic enablement mean?
The shipped kernel features SELinux support.
We will apply SELinux patches to all "common" userland packages.
The libraries required for SELinux (libselinux, libsepol, libsemanage, etc.) were added to openSUSE and SUSE Linux Enterprise.
However, we are not offering enterprise class support for SELinux at this time; thus we will run QA with SELinux disabled to ensure that SELinux patches do not break the default delivery and the majority of packages.
We will not be shipping SELinux specific tools as part of the default distribution delivery. However, the packages (such as checkpolicy, policycoreutils, selinux-doc) will be available through the SUSE Linux Enterprise Desktop repositories.
By enabling SELinux in our upcoming codebase, we add missing pieces of code that exist in the community already, and we allow those who wish to use SELinux to do so conveniently without having to replace a large portion of the distribution.
GNOME was updated to the latest version and uses PulseAudio for sound.
Novell introduced KDE 4 with SUSE Linux Enterprise Desktop 11 as an innovative free software desktop and applications such as the Konqueror web browser, the Dolphin file manager, the Okular document reader, the System Settings control center and more.
KDE was updated to the latest 4.3.4 version with this Service Pack.
This new version of KDE is built on KDE Libraries which provide easy access to resources on the network by means of KIO and advanced visual capabilities through Qt4. Phonon and Solid. Customers migrating from SUSE Linux Enterprise Desktop 10 using KDE are getting a new user experience in version 11 Service Pack 1. We recommend backing up your user home directory when upgrading from SUSE Linux Enterprise Desktop 10 to SUSE Linux Enterprise Desktop 11 Service Pack 1. (Partly based on http://www.kde.org/announcements/4.0/.)
The X server libraries were updated to version 1.6.5. The client libraries were kept the same, except for libgl.
Improved update stack
SUSE Linux Enterprise Desktop 11 comes with an improved update stack and the new command line tool zypper to manage the install/update packages and repositories.
Enhanced YaST partitioner
Extended built-in management infrastructure
CIM enablement with SFCB CIMON.
EVMS2 was replaced by LVM2
A public statement can be found at http://www.novell.com/linux2/volumemanagement/strategy.html.
The default file system in new installations was changed from ReiserFS to ext3 with SUSE Linux Enterprise Desktop 11. A public statement can be found at http://www.novell.com/linux/techspecs.html?tab=0.
EFI enablement on AMD64
SWAP over NFS
OpenOffice.org has been replaced with LibreOffice. If you perform an upgrade, manual interaction is needed, otherwise you will stay with the old OpenOffice.org packages. Future updates will only be prepared and published for LibreOffice. Some parts of the documentation packages still mention 'OpenOffice.org'.
This section includes installation related information for this release.
CJK (Chinese, Japanese, and Korean) does not work properly with text-mode installation if framebuffer is not used. Other languages that require special fonts are probably also affected. The following solutions are available to work around this issue:
Use English or another non-CJK language for installation and later switch to a CJK language on the running system using YaST -> System -> Language.
If you must use a CJK language during the installation, do not select text-mode in the boot loader screen using <F3>, but select one of the other VGA modes instead. Then select the wanted CJK language using <F2> and add textmode=1 to the boot loader command-line. Now press Installation.
Use the graphical installation or install over SSH or VNC.
During the installation YaST resp. SaX2 tries to detect displays and determine the display size and resolution. If you are installing on a notebook with a closed lid it is not be possible to detect the display. To avoid this problem you must keep the lid open during installation.
If the detection fails, start YaST and click "Hardware" -> "Graphics Card and Monitor". Then configure the display manually.
As many development packages and sub-packages as possible have been moved to the SDK.
The installer uses default persistent device names. If you plan to add additional storage devices to your system after the OS installation, we strongly recommend you use persistent device names for all storage devices.
To cause an already installed system to use persistent device names, enter the YaST2 partitioner. For each partition, select "Edit" and go to the "FStab Options" dialog. Any mount option except "Device name" provides persistent device names. In addition, rerun the boot loader module in YaST to switch the bootloader to using the persistent device name. Just start the module and select "Finish" to write the new proposed configuration to disk. This needs to be done before adding new storage devices.
For more information, see http://en.opensuse.org/Persistant_Storage_Device_Names.
iSCSI devices cannot be used for Linux Software RAID. Using MD devices on top of iSCSI triggers a cyclic dependency that leads to a system crash.
To make NetworkManager send the hostname to the DHCP server, create a
new network profile (see the Administration Guide for more information). Modify
this profile with GNOME Configuration Editor (gconf-editor)
and add the key
(replace "$number" with the actual number) with a string value. NetworkManager
will send this value to the DHCP server. A special value
system-hostname can be used to send the current
Online migration from SP1 to SP2 is not supported, if debuginfo packages are installed.
Beginning with SLE11-SP1, we switch to use KMS (Kernel Mode Setting) for Intel graphics support. This means that mode setting is now done in kernel space instead of user space (X driver).
If—in rare cases—the new driver concept does not work for you, create an X.Org configuration manually:
Boot into failsafe mode without X (add
3" to the failsafe mode options) and run
'sax2 -r -m 0=fbdev' to create an fbdev based
Then disable KMS permanently by setting the
NO_KMS_IN_INITRD sysconfig variable to
yes" and run
Finally, reboot again (normal mode) to activate this new X.Org configuration.
You can update your previous KDE installation (SUSE Linux Enterprise Desktop 11 or earlier) during system upgrade as described in the manual or as a package update using YaST or zypper. Because of a huge amount of package renaming, it is not possible to update your previous KDE installation using plain rpm commands.
For more information about KDE 4.3, see Section 2.4, “Desktop”.
We ship the GroupWise 8 client with this release. If you want to keep the GroupWise 7 client, enter Software Manager and disable the GroupWise update.
The Groupwise 7 client is available in the
extras-repository which can be enabled
With SUSE Linux Enterprise Desktop11 the kernel RPMs are split into different parts:
Very reduced hardware support, intended to be used in virtual machine images.
Extends the base package; contains all supported kernel modules.
All other kernel modules which may be useful but are not supported. This package will not be installed by default.
The man command now asks which manual page the user wants to see if manual pages with the same name exist in different sections. The user is expected to type the section number to make this manual page visible.
If you want to get back the previous behavior, set
MAN_POSIXLY_CORRECT=1 in a shell initialization file
This release of SUSE Linux Enterprise Desktop ships with Novell AppArmor. The AppArmor intrusion
prevention framework builds a firewall around your applications by
limiting the access to files, directories, and POSIX capabilities to the
minimum required for normal operation. AppArmor protection can be enabled
via the AppArmor control panel, located in YaST under Novell AppArmor. For
detailed information about using Novell AppArmor, see the documentation in
The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments.
If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. Place all your profiles into learning mode with the following: aa-complain /etc/apparmor.d/*
When a program generates a high number of complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles, even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.
SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP and Samba ("Network Neighborhood"). You can fine-tune the firewall settings using YaST.
Technology Preview features are either not supported or supported in a limited fashion. These features are mainly included for customer convenience and be functionally incomplete, unstable or in other ways not suitable for production use.
The eCryptfs kernel modules and the ecryptfs-utils package shipped with SUSE Linux Enterprise Desktop 11 are a preview of a stacked cryptographic filesystem for Linux.
SUSE Linux Enterprise Desktop 11 contains KVM as an additional virtualization solution. It is not supported by Novell, but is an area of interest for future development and deliveries.
SUSE Linux Enterprise Desktop 11 contains a XEN host kernel and XEN tools support as a technical preview.
SUSE Linux Enterprise Desktop 11 contains the file system ext4, the successor of ext3, as a technical preview.
It is possible to run SUSE Linux Enterprise Desktop 11 on a read-only root filesystem. Due to the huge number of possible configurations, this is currently not a supported scenario.
directories need to be on a separate partition and cannot be
After the installation has finished and all services are configured, login as root and do the following modifications:
/etc/fstab and add "ro" to the mount
options of the root filesystem entry.
rm /etc/mtab ln -s /proc/mounts /etc/mtab mkdir /var/lib/hwclock mv /etc/adjtime /var/lib/hwclock ln -s /var/lib/hwclock/adjtime /etc/adjtime # the following two steps are only necessary if you use dhcp: mv /etc/resolv.conf /var/lib/misc/ ln -s /var/lib/misc/resolv.conf /etc/resolv.conf # Now mount root filesystem read-only and reboot mount -o remount,ro / reboot
The following list of current functionalities has been removed with this SUSE Linux Enterprise Desktop release.
The following packages are deprecated and will be removed with SUSE Linux Enterprise Desktop 12:
In some scenarios, FreeRDP performs better than the rdesktop client, which is currently available as the Linux RDP client. With the upcoming SP3, we will drop rdesktop in favor of FreeRDP.
The JFS file system is no longer supported for new installations. The kernel file system driver is still available, but YaST does not offer partitioning with JFS.
For future strategy and development in regard to volume and storage management on SUSE Linux Enterprise System, see http://www.novell.com/linux/volumemanagement/strategy.html.
This section contains a number of technical changes and enhancements for the experienced user.
Due to limitations of the legacy x86 and x86_64 BIOS implementations booting from devices larger than 2 TiB is technically not possible using legacy partition tables (DOS MBR).
With SUSE Linux Enterprise Server 11 Service Pack 1 we support installation and boot using uEFI on the x86_64 architecture and certified hardware.
For better sound functionality we strongly recommend that pulseaudio 0.9.14 or higher is installed. This version is available via maintenance channels for SUSE Linux Enterprise systems registered with Novell.
The modify_resolvconf script is removed in favor of the more
versatile netconfig script. This new script handles specific
network settings from multiple sources more flexibly and transparently.
For more information, see the updated manuals and the
In the shipped manuals, modify_resolvconf is erroneously referenced. We will correct this soon.
Instead of the madwifi driver the ath5k/ath9k in-kernel replacement is now available. ath5k/ath9k does not support access point mode yet, but normal networks (infrastructure and ad-hoc) are well supported by the new driver.
The Wireshark software, a packet sniffer and network analysis tool, is not available on the installation media.
Next time, we will add it to the online update channel for installation.
Lenovo ThinkPad laptops have special code in the MBR (master boot record) because of the "Blue ThinkVantage button" functionality. If proper detection and preparation fails, it might be necessary to restore the boot sector.
If you have a ThinkPad, ensure that the bootloader is not installed into the MBR (verify it in the installation proposal!) and the MBR is not rewritten by generic code (in installation proposel select Bootloader -> Boot Loader Installation -> Boot Loader Options -> Write Generic Boot Code to MBR -- should be unchecked).
If your MBR gets rewritten, the ThinkVantage button will not work
anymore. The back-up of the MBR is stored in
To avoid the mail-flood caused by cron status messages, the default
/etc/sysconfig/cron is now set to
no" for new installations. Even with this setting
no", cron data output will still be send to the
MAILTO address, as documented in the cron manpage.
In the update case it is recommended to set these values according to your needs.
Locale Settings in
If you are not satisfied with locale system defaults, change
the settings in
~/.i18n. Entries in
~/.i18n override system defaults from
/etc/sysconfig/language. Use the same
variable names but without the
prefixes. For example, use
LANG instead of
RC_LANG. For information about locales in
general, see "Language and Country-Specific Settings" in the
Configuration of kdump
The kernel is crashing or otherwise not behaving normally and a kernel core dump needs to be captured for analysis.
A description on how to setup kdump can be found under the following URL: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3374462&sliceId=SAL_Public
When running real-time applications on larger systems, lower
maximum latencies can be achieved by employing the new
disable_buffer_lru kernel command-line option.
This disables the per-CPU LRU in the buffer cache, and may thus
decrease overall filesystem performance.
JPackage Standard for Java Packages
Java packages are changed to follow the JPackage Standard
(http://www.jpackage.org/). Read the
Loading unsupported kernel drivers
Every kernel module has a 'supported' flag. If this flag is not set, then loading this module will taint the kernel. Kernels which are tainted are not supported. To avoid this, unsupported Kernel modules are part of an extra RPM (kernel-<flavor>-extra). Since this would a problem for most desktops, the loading of those drivers is allowed by default.
To prevent the loading of unsupported kernel drivers automatically during
boot, change the line
allow_unsupported_modules 1 in
Already introduced for SUSE Linux Enterprise Desktop 9 on the x86-64 (AMD64) architecture with 64-bit kernels, the Linux kernel in SUSE Linux Enterprise Desktop also supports nonexecutable stack (NX) on x86 for CPUs that support it (Intel Prescott and AMD64) with 32-bit kernels. For this to work, the kernel with PAE support, kernel-pae, must be installed. Go into YaST and install that kernel instead of your default kernel. For 64-bit kernels, all kernels support NX.
The nonexecutable stack improves the security of your system. Many security vulnerabilities are stack overflows, where an attacker overwrites the stack of your program by feeding oversized data to the application that fails to properly check the length. Depending on the details of the program (with a nonexecutable stack), these vulnerabilities may either not be exploitable (and only crash the program, resulting in a Denial of Service) or at least be significantly harder to exploit.
Some applications do require executable stacks. The compiler detects this during compilation and marks the binaries accordingly. The kernel enables an executable stack to allow them to work.
To provide a higher level of security on x86-64, the user can
noexec=on on the kernel command line.
The kernel then uses a nonexecutable stack unconditionally and
also marks the data section of a program as nonexecutable. This
provides a higher protection level than just the nonexecutable
stack, but potentially causes problems for some applications.
Novell has not found any problems during testing the most commonly
used applications and services. Because it is not the default,
this has not been tested as extensively as the stack protection
alone, so Novell only recommends this setup for servers after the
administrator has verified that all needed services continue
to function properly.
Read the READMEs on the CDs.
Get the detailed changelog information about a particular package from the RPM:
rpm --changelog -qp <FILENAME>.rpm
<FILENAME>. is the name of the RPM.
ChangeLog file in the top level of CD1 for
a chronological log of all changes made to the updated packages.
Find more information in the
of CD1 of the SUSE Linux Enterprise Desktop 11 CDs. This directory includes PDF versions
of the SUSE Linux Enterprise Desktop 11 startup and preparation guides.
http://www.novell.com/documentation/sled11/ contains additional or updated documentation for SUSE Linux Enterprise Desktop 11.
Visit http://www.novell.com/linux/ for the latest Linux product news from SUSE/Novell and http://www.novell.com/linux/source/ for additional information on the source code of SUSE Linux Enterprise products.
For the latest version of SUSE Linux Enterprise Desktop 11 Release Notes, see http://www.novell.com/linux/releasenotes/i586/SUSE-SLED/11/.
If you were using a static IP with NetworkManager, you will lose this configuration while updating from SLED 10 SP2 to SLED 11. You must re-enter this information. The traditional networking method with ifup is not affected by this issue.
Name server lookup information of
configured with the traditional networking method with
ifup is missing after updating.
There are two plug-ins available on 32-bit systems (i586): the
latest version of the Java plug-in (libnpjp2.so), and the legacy
version (libjavaplugin_oji.so). Both are installed in the system if
you install Java, but the new version is active. Some plug-ins using
Java have problems with this version. If you are affected by it,
change the link of
to point to the legacy plug-in. Be warned, this may cause other
Note, on 64-bit systems (x86_64) no legacy version of the plug-in is available. In case of trouble with the default 64-bit version of the new plug-in (libnpjp2.so), switch to the 32-bit version of Firefox and Sun Java using YaST.
For SUSE Linux Enterprise Desktop 11 documentation, see http://www.novell.com/documentation/sled11/, where you can download PDF documents. For installation with YaST software management or with zypper, packages are available on the installation media. Some of these packages are installed by default. These are the package names:
sled-installquick_en-pdf: SLED 11
Installation Quick Start
sled-gnomequick_en-pdf: SLED 11 GNOME Quick
sled-kdequick_en-pdf: SLED 11 KDE Quick
sled-gnomeuser_en-pdf: SLED 11 GNOME User
sled-kdeuser_en-pdf: SLED 11 KDE User
sled-apps_en-pdf: SLED 11 Application
sled-admin_en-pdf: SLED 11 Administration
sled-deployment_en-pdf: SLED 11 Deployment
sled-security_en-pdf: SLED 11 Security
sle-apparmor-quick_en-pdf : AppArmor 2.3.1
sle-audit-quick_en-pdf: Linux Audit Quick
sled-xen_en-pdf: SLED 11 Virtualization
sled-tuning_en-pdf: SLED 11 Tuning
Guide (draft status, updated version to be release shortly)
sled-manuals_en: the set of all SLED books
in HTML format
The names of the boot prompt parameters given in the manual are
obsolete and will be discontinued in SUSE Linux Enterprise 11. Instead of
regurl and instead of
By default, Firefox does not honor settings made with the GConf
system. In order to make the GConf lockdown keys effective, edit
/usr/lib/firefox/local-configuration.js and set
true. This file allows the administrator to set and lock
preferences that will apply to every Firefox user.
There is only limited graphics support on IBM SurePOS 700 4800-7X3 systems with 4820-2GN monitors. During a graphical installation you can encounter an error message from the monitor (OSD = On Screen Display) such as:
OUT OF RANGE H: -48.4 KHz V: -60.1 Hz.
To work around this issue try a different resolution, VESA or
text-mode for installation. Another option is to choose the native driver by
acceleratedx=1 on the boot prompt. It might also
help to update the BIOS.
After system installation the problem no longer occurs and the graphics system is fully supported.
On the FIC GE2 platform (when using 24 BPP color depth and resolutions >= 1280x1024 on the DVI interface) stripes are displayed on the X server. This distorts all windows.
Changing to 16 BPP color depth seems to solve this problem.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to http://www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright (c) 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents and one or more additional patents or pending patent applications in the U.S. and other countries.
For Novell trademarks, see Novell Trademark ad Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html). All third-party trademarks are the property of their respective owners.