New security features in Fedora 11 beta

The latest beta of The Fedora Project's Linux includes new security, desktop and developer features that offer a glimpse of the direction Red Hat could take with its enterprise Linux distribution.

The Fedora 11 beta is available online for download from the project's website. The final release of Fedora 11, code-named Leonidas, is scheduled to be available by the end of May.

Red Hat uses Fedora as a proving ground for new technologies for its Red Hat Enterprise Linux (RHEL). While not all of the features in Fedora end up in RHEL, it is a good way for people to test and use features before deploying them in a production environment or using them as part of RHEL, said Paul Frields, Red Hat's Fedora Project Leader. A combination of Red Hat and third-party developers contribute code to Fedora, and Frields manages the integration of Fedora features into RHEL.

New Fedora 11 features include one that will be useful for people working on desktop PCs that connect to Fedora servers in the back end, Frields said. A new automatic-content installation feature, that uses Fedora's PackageKit software-management system, lets users automatically download a font, feature or even an application they need if they come across a file that needs an extension not found locally on a PC.

"If I email you a document using OpenOffice.org on your new Fedora 11 system, you can download that attachment and PacketKit will install it for you," he said.

The feature works by detecting what a file needs and then accessing a software repository running in Fedora. The repository includes only free and open-source software.

Frields said this kind of feature differentiates an open-source system like Fedora from a proprietary OS like Windows because that model is meant to "sell you more software," not provide free extensions or fonts.

Fedora project developers also have added security for virtualised containers running on the OS by extending Fedora's security model, SELinux, Frields said. A new extension called Svirt provides access control for virtual guests, locking what processes the guests have access to, he said.

The feature works in the same way that SELinux provides a "valet key" for other processes in the system, only letting them touch other processes relevant to the task they're performing to prevent the spread of an attack on a specific process, Frields said. "So if something happens to a virtual guest, there is very little opportunity for an attacker to get access to the rest of the system," he said.

Fedora 11 also includes a new cross-compiler for Microsoft Windows applications that lets developers build applications for the Windows OS on the Fedora system. Developers can use whatever language they need -- usually C++, Frields said - to build the application.

The current version of RHEL is 5.3, with 6.0 being the next major release of the OS that would incorporate Fedora features. Red Hat has not laid out a timeline or feature set for RHEL 6.0, Frields said. However, the company is always adding new functionality to incremental releases of RHEL.