RHEL 10+ Knowledge Patch Skill

RHEL 10+ Knowledge Patch

Claude's baseline knowledge covers RHEL through 9.3. This skill provides changes from RHEL 10.0 (2025-06-10) onwards.

Breaking Changes Quick Reference

| What Changed | Old (RHEL 9) | New (RHEL 10+) | |--------------|-------------|----------------| | Redis | redis package | Removed — use valkey 7.2 | | Sendmail | sendmail package | Removed — use postfix | | DHCP server | dhcp/dhclient | Removed — use dhcpcd or ISC Kea | | Network teaming | teamd/libteam | Removed — use bonding | | FIPS setup | fips-mode-setup | Removed — enable at install with fips=1 kernel arg | | FIPS check | /etc/system-fips | Removed — read /proc/sys/crypto/fips_enabled | | TLS crypto policy | RSA key exchange allowed | RSA key exchange rejected in DEFAULT policy | | SHA-1 in TLS | Allowed in LEGACY | Disallowed even in LEGACY policy | | OpenSSL Engines | ENGINE API available | Removed — use providers (e.g. pkcs11-provider) | | CA trust bundle | /etc/pki/tls/certs/ca-bundle.crt | /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | | Installer remote | VNC (inst.vnc) | RDP (inst.rdp, inst.rdp.password) | | Default user privs | Non-admin | Admin by default | | GFS2 | Supported | Removed | | Container cgroups | v1 default | v2 default | | Rootless networking | slirp4netns | pasta |

Software Versions (RHEL 10.0)

Python 3.12, Ruby 3.3, Node.js 22, Perl 5.40, PHP 8.3, GCC 14.2, glibc 2.39, LLVM 19.1.7, Rust 1.84.1, Go 1.23, MariaDB 10.11, MySQL 8.4, PostgreSQL 16, Valkey 7.2, Apache 2.4.62, nginx 1.26, Git 2.45, OpenSSH 9.9, GnuTLS 3.8.9.

RHEL 10.1 adds: GCC Toolset 15, Python 3.13 (alternate AppStream).

Podman v5 Changes

Podman v5 is the default in RHEL 10. Key differences from v4:

pasta is default rootless network (not slirp4netns)
cgroups v2 only (v1 no longer default)
podman farm build fully supported for multi-arch images
Quadlets support pods (.pod files)
podman update changes are persistent (SQLite and BoltDB backends)
containers.conf is read-only for connections/farms — use podman.connections.json
--compat-volumes option for builds (VOLUME instruction handling)
zstd:chunked compression for push/pull
sigstore signatures replace GPG for image verification

See references/podman-v5.md for Quadlet keys and CLI option details.

Security and Crypto Policy

RHEL 10 makes significant crypto policy changes:

DEFAULT policy rejects TLS ciphers with RSA key exchange (use LEGACY to re-enable)
LEGACY policy disallows SHA-1 signatures in TLS
DSA and SEED algorithms removed from NSS
RSA PKCS#1 v1.5 encryption deprecated in GnuTLS
Post-quantum algorithms (PQ) available as Technology Preview via crypto-policies
Sequoia PGP tools sq and sqv complement GnuPG
OpenSSL ENGINE API removed — migrate to pkcs11-provider
HeartBeat and SRP removed from TLS

See references/security-changes.md for details.

OpenSSH 9.9

Ed25519 keys generated by default (except FIPS mode — defaults to RSA)
ChannelTimeout keyword in sshd_config for inactive channel closure
EnableEscapeCommandline option in ssh_config
Agent key restriction and forwarding controls

Removed Infrastructure

# These packages no longer exist in RHEL 10:
# sendmail → postfix
# redis → valkey
# dhcp/dhclient → dhcpcd or ISC Kea
# teamd/libteam → use bonding
# fips-mode-setup → fips=1 kernel arg at install
# scap-workbench → oscap CLI
# oscap-anaconda-addon → RHEL image builder OpenSCAP integration

See references/removed-features.md for the full list.

Installer Changes

RDP replaces VNC: inst.rdp, inst.rdp.password, inst.rdp.username
Wayland compositor replaces Xorg in installer (inst.xdriver removed)
No separate /boot partition on disk images
New users get admin privileges by default
Kickstart: --teamslaves/--teamconfig removed (use --bondslaves/--bondopts)
Kickstart: auth/authconfig removed (use authselect)
Kickstart: timezone --ntpservers removed (use timesource --ntp-server)

Agent Skills: RHEL 10+ Knowledge Patch

Install this agent skill to your local

Skill Files