Red Hat Enterprise Linux 7.3 became generally available Nov. 3 after being in beta since September. The new release is the first major update to Red Hat's flagship platform since RHEL 7.2 debuted a year ago.
Among the improvements made in RHEL 7.3 are a series of enhancements to Security Enhanced Linux (SELinux). In a bid to help provide better risk mitigation, SELinux provides an additional layer of mandatory access controls to Linux.
"Red Hat Enterprise Linux 7.3 provides what is really an ease-of-use enhancement to SELinux," Siddharth Nagar, product manager for Red Hat Enterprise Linux, told eWEEK.
Essentially the upgrades to SELinux allow users to override a system module with a custom module that has a higher priority, according to Nagar. By using the custom module, performance for SELinux policy management is improved with a 2x increase in speed, he said.
In addition, Red Hat is adding support for the Common Intermediate Language (CIL) to SELinux.
"It [CIL] provides a clear, simple syntax that is easy to read, parse and generate by high-level compilers, analysis tools and policy generation tools," Nagar said. "This is another ease-of-use enhancement that aims to make SELinux more approachable and understandable to end users, both from a policy creation and a policy management standpoint."
With RHEL 7.3, container security is also getting a boost with a new capability in the OpenSCAP Workbench tool. OpenSCAP is an open-source implementation of the Security Automation Protocol (SCAP) that provides organizations with a way to set a baseline policy for security compliance. The OpenSCAP Workbench tool provides users with a graphical tool to control SCAP, and it is being improved in RHEL 7.3 with a feature called "atomic scan"—a container content scanner based on OpenSCAP, Nagar said.
"How atomic scan differs from other container scanners is that it understands the underlying container architecture and allows for containers to be downloaded and run with the scanning tools inside," he said.
Atomic scan can also support image formats other than Docker and offers a fast scanning process. Nagar noted that container content does not need to be copied, scanned and then removed, which is the required process with other tools. In contrast, atomic scan can mount a read-only root file system from the host for scanning purposes, scan the content and then deposit the output in a writeable directory for analysis.
In addition, there is a technology preview in RHEL 7.3 for a container image signing capability (the Atomic CLI) to help users verify the origin of the Linux containers being used and the layers from which they are composed.
With RHEL 7.3, Red Hat is also beginning to position its flagship platform for the emerging world of internet of things (IoT).
"Red Hat Enterprise Linux 7.3 is the first version of Red Hat Enterprise Linux to support Bluetooth LE," Nagar said. "As we're seeing interest in industrial IoT grow, we wanted to make it easier for our customers to integrate smart wireless devices with a secure and reliable operating system, hence the new support."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.