One of the first places you can see Solaris 11.1 changes are in the docs,
which have now been posted in
the Solaris 11.1 Library
on docs.oracle.com.
I spent a good deal of time reviewing documentation for this release,
and thought some would be interesting to blog about, but didn't review
all the changes (not by a long shot), and am not going to cover all
the changes here, so there's plenty left for you to discover on your own.
Just comparing the
Solaris 11.1 Library list of
docs against the
Solaris 11 list
will show a lot of reorganization and refactoring of the doc set,
especially in the system administration guides. Hopefully the new break down
will make it easier to get straight to the sections you need when a task is
at hand.
Packaging System
Unfortunately, the excellent in-depth guide for how to build packages for the
new Image Packaging System (IPS) in Solaris 11 wasn't done in time
to make the initial Solaris 11 doc set. An interim version was
published shortly after release, in PDF form on the
OTN IPS page. For Solaris 11.1 it was included
in the doc set, as Packaging and Delivering Software With the Image Packaging System in Oracle Solaris 11.1, so should be easier to find, and
easier to share links to specific pages the HTML version.
Beyond just how to build a package, it includes details on
how Solaris is packaged, and
how package updates work, which may be useful to all
system administrators who deal with Solaris 11 upgrades & installations.
The Adding
and Updating Oracle Solaris 11.1 Software Packages was also extended,
including new sections on Relaxing Version Constraints Specified by Incorporations and Locking Packages to a Specified Version that may be of interest to
those who want to keep the Solaris 11 versions of certain packages when they
upgrade, such as the couple of packages that had functionality removed by an
(unusual for an update release)
End of Feature
process in the 11.1 release.
Also added in this release is a document containing the
lists of
all the packages in each of the major package groups in Solaris 11.1
(solaris-desktop, solaris-large-server, and solaris-small-server).
While you can simply get the contents of those groups from the package
repository, either via the web interface or the pkg command line, the
documentation puts them in handy tables for easier side-by-side comparison,
or viewing the lists before you've installed the system to pick which one
you want to initially install.
X Window System
We've not had good X11 coverage in the online Solaris docs in a while,
mostly relying on the man pages, and
upstream X.Org docs.
In this release, we've integrated some X coverage into the
Solaris
11.1 Desktop Adminstrator's Guide, including sections on
installing fonts for fontconfig or legacy X11 clients,
X
server configuration,
and setting up remote access via X11 or VNC.
Of course we continue to work on improving the docs, including a lot of
contributions to the upstream docs all OS'es share (more about that another
time).
Security
One of the things Oracle likes to do for its products is to publish security
guides for administrators & developers to know how to build systems that
meet their security needs. For Solaris, we started this with Solaris 11,
providing a guide for sysadmins to find where the security relevant
configuration options were documented. The
Solaris 11.1 Security Guidelines
extend this to cover new security features, such as
Address Space Layout Randomization (ASLR) and
Read-Only Zones, as well as adding additional guidelines for existing
features, such as
how to limit the size of tmpfs filesystems, to avoid users
driving the system into swap thrashing situations.
For developers, the corresponding document is the
Developer's Guide to Oracle Solaris 11 Security,
which has been the source for years for documentation of security-relevant
Solaris API's such as PAM, GSS-API, and the Solaris Cryptographic Framework.
For Solaris 11.1, a new appendix was added to start providing
Secure Coding Guidelines for Developers,
leveraging the CERT Secure Coding
Standards and OWASP guidelines to
provide the base recommendations for common programming languages and their
standard API's. Solaris specific secure programming guidance was added via
links to other documentation in the product doc set.
In parallel, we updated the
Solaris C Libary Functions security considerations list with
details of Solaris 11 enhancements such as FD_CLOEXEC flags, additional *at()
functions, and new stdio functions such as
asprintf() and
getline().
A number of code examples throughout the Solaris 11.1 doc set were updated to
follow these recommendations, changing unbounded strcpy() calls to strlcpy(),
sprintf() to snprintf(), etc. so that developers following our examples start
out with safer code. The Writing Device Drivers guide even had the
appendix updated to list which of these utility functions,
like snprintf() and strlcpy(), are now available via the Kernel DDI.
Little Things
Of course all the big new features got documented, and some major efforts
were put into refactoring and renovation, but there were also a lot of smaller
things that got fixed as well in the nearly a year between the Solaris 11
and 11.1 doc releases - again too many to list here, but a random sampling
of the ones I know about & found interesting or useful:
The Privileges section of the DTrace Guide now gives users a pointer to find out how to set up DTrace privileges for non-global zones and what limitations are in place there.
A new section on Recommended iSCSI Configuration Practices was added to the iSCSI configuration section when it moved into the SAN Configuration and Multipathing administration guide.
The Managing System Power Services section contains an expanded explanation of the various tunables for power management in Solaris 11.1.
The sample dcmd sources in /usr/demo/mdb were updated to
include ::help output, so that developers like myself who follow the
examples don't forget to include it (until a helpful code reviewer pointed it
out while reviewing the mdb module changes for Xorg 1.12).
The README file in that directory was updated to show the correct paths for
installing both kernel & userspace modules, including the 64-bit variants.
