Product SiteDocumentation Site

3. Changes in Fedora for System Administrators

3.1. Kernel

Fedora 23 features the 4.2.0 kernel.

3.2. Installation

3.2.1. General Anaconda Changes

  • The Anaconda installer has been completely ported to Python 3 in Fedora 23. This will have no noticeable impact on your experience while installing Fedora, but is important to Anaconda's backend and to developers - especially those who create installer add-ons.
    Python 3 is the next generation of the Python programming language. It is currently mature and stable, since it has been under active development for more than six years - version 3.0 was released in December 2008. Version 2.7 will continue being supported by upstream until 2020; however, this support concerns only necessary maintenance, not new features.
    With the move to Python 3, Anaconda (and other packages which have also been ported) can use new features provided by Python upstream. By staying close to upstream, Fedora can also better help the Python community go forward by contributing patches.

3.2.2. Changes in Anaconda's Text Interface

  • Handling of non-Latin scripts in text mode has been improved. It uses an appropriate font if possible, and falls back to English if the language cannot be displayed by the Linux console.
  • Rescue mode has been reworked to use the same interface as the text mode installer instead of ncurses.

3.2.3. Changes in Kickstart Syntax

  • Software environment handling should now be more robust.
  • New command: reqpart. This command creates any partitions which are required by your hardware platform. For example, IBM Power Systems servers require a small PReP Boot partition, 64-bit Intel-compatible systems with BIOS firmware and GUID Partition Table (GPT) on the boot drive require a biosboot partition, etc.
    The reqpart command can not be used together with autopart. Unlike autopart, it can be used together with additional partitioning commands; you can use reqpart to create whatever partitions are necessary, and then use other storage configuration commands such as part to create the rest of the partitioning layout.
    This command has one option: --add-boot. This option will also create a separate /boot partition in addition to platform-specific partitions created by the base command.
  • The reboot command has a new option: --kexec. Use this option to reboot into the new system using the kexec kernel switching mechanism instead of a full reboot, bypassing the BIOS/Firmware and boot loader.
  • The logvol command has new options which are all used to create cached logical volumes:
    • ----cachesize= - Requested size (in MiB) of cache attached to the logical volume. (Requires --cachepvs).
    • --cachepvs= - A comma-separated list of (fast) physical volumes that should be used for the cache.
    • --cachemode= - The mode which should be used for the cache - either writeback or writethrough.
    See the lvmcache(7) man page for more information about LVM caching.
  • The btrfs, logvol, part and raid commands all have a new option: --mkfsoptions=. This option specifies additional parameters to be passed to the program (mkfs) that makes a file system on this partition, volume or subvolume. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to mkfs. This means multiple options should be comma-separated or surrounded by double quotes, depending on the file system.

3.2.4. System Upgrades with DNF

Upgrade to Fedora 23 with the native package manager dnf. The updates are performed in an offline environment that allows system packages to be safely replaced.
Procedure 1. Upgrading with DNF
  1. This upgrade functionality comes from a dnf plugin. Install the package:
    # dnf install dnf-plugin-system-upgrade
  2. Update your system.
    # dnf update
  3. Some third party repos may not be available for the next version of Fedora. Check the status of your configured repositories:
    #dnf repolist --releasever 23
    If problems are reported with a repository, you may wish to disable it:
    # dnf config-manager --set-disabled repo-name
  4. Prepare the upgrade enviroment.
    #dnf system-upgrade download --releasever 23
  5. Reboot to perform the upgrade.
    # dnf system-upgrade reboot
  6. If an upgrade fails, clean up the download, resolve any issues, and try again.
    # dnf system-upgrade clean

Syncing package versions

By default, if a package is a newer version than the same package in the target Fedora release, it will not be replaced. Some common post-installation issues involving packages from mixed repositories can be resolved by performing a distribution synchronization, or distro-sync, which ensures that packages are replaced with those in the target repos, wherever possible.
You can perform this operation during the system upgrade with the --distro-sync.

3.3. Boot

The dracut utility, which is used to create the initramfs image used during the boot process, can now create a UEFI-bootable executable. The --uefi argument allows dracut to create a single UEFI executable, including an EFI stub, kernel, and initramfs.

3.4. Security

3.4.1. Disable SSL 3.0 and RC4

The SSL 3.0 protocol and the RC4 cipher are considered insecure and vulnerable to attacks. As such, both are now disabled by default for all Fedora components which use system-wide crypto policies. This includes the gnutls and openssl libraries and all applications based on them.
Applications or environments that require SSL 3.0 or RC4 can use update-crypto-policies to globally switch to the LEGACY policy to enable them.


Applications that use TLS from NSS are not affected by this change.

3.4.2. OpenSSH 7.1

The OpenSSH project continues to improve the security of network communication with the release of OpenSSH 7.1. See the upstream release notes for detailed information about this release.

3.4.3. Package Hardening

Packages built for Fedora 23 will be compiled with a position-independent code flag (ASLR) and FULL RELRO enabled by default. This was previously an optional setting; requiring it by default will protect users from certain potential security vulnerabilities.
Find more information about this change at

3.4.4. Standardized Passphrase Policy

A common password policy is being utilized in Fedora 23 to provide a set of consistent rules for password policies. These rules can be modified locally to fit user needs. Information about the default policy is available at