Os Ubuntu 22 04

Key Features

Wayland Default Session

First Ubuntu LTS with Wayland as default display protocol for GNOME.

• GDM defaults to Wayland session
• X.org fallback via login screen gear icon ("Ubuntu on Xorg")
• Automatic X.org fallback for NVIDIA proprietary drivers
• Xwayland provides legacy X11 app support

echo $XDG_SESSION_TYPE                  # "wayland" or "x11"
loginctl show-session $(loginctl | grep $(whoami) | awk '{print $1}') -p Type

# Force X.org system-wide
echo 'WaylandEnable=false' >> /etc/gdm3/custom.conf
systemctl restart gdm3

Behavior changes: Screen capture uses PipeWire/xdg-desktop-portal. DISPLAY not set in pure Wayland; WAYLAND_DISPLAY=wayland-0 is set instead.

GNOME 42

Significant desktop update from GNOME 3.36 (20.04):

• libadwaita -- GTK4 toolkit; consistent Adwaita style across apps
• System-wide dark mode -- Settings > Appearance > Dark
• Horizontal workspaces -- scroll horizontally (changed from vertical)
• Screenshot UI -- built-in screenshot/screencast via Print Screen
• Ubuntu-specific: Dock on left, AppIndicator tray, Yaru theme

gsettings set org.gnome.desktop.interface color-scheme prefer-dark
gsettings set org.gnome.desktop.interface color-scheme default

Real-Time Kernel (Ubuntu Pro)

PREEMPT_RT kernel for deterministic latency workloads:

pro attach <token>
pro enable realtime-kernel
reboot
uname -r                               # should show -realtime suffix
uname -v | grep PREEMPT_RT             # confirm RT

# Latency testing
cyclictest -l 100000 -m -n -i 200 -p 98 -q

# CPU isolation (GRUB_CMDLINE_LINUX)
# isolcpus=2,3 nohz_full=2,3 rcu_nocbs=2,3

Use cases: industrial automation, financial trading, telco/O-RAN, professional audio.

Active Directory Integration (adsys)

adsys provides GPO-like policy application for Ubuntu clients:

• GPOs applied to computer and user accounts
• Manages: sudoers, scripts, proxy settings, privilege escalation, certificates
• ADMX templates for AD Group Policy Management Console
• Integrates with SSSD for Kerberos authentication

# Install and join domain
apt install adsys realmd sssd-ad oddjob-mkhomedir adcli
realm join --user=Administrator example.com
systemctl enable --now adsysd

# Policy management
adsysctl policy show                    # applied policies
adsysctl policy update                  # force refresh
adsysctl service status                 # daemon status

# Domain management
realm list                              # show joined domains
realm permit --all                      # allow all AD users
realm deny --all && realm permit [email protected]  # restrict

SSSD 2.6 in 22.04: improved caching, offline login, KCM credential cache default.

nftables Default

22.04 switched to nftables as default firewall backend:

• iptables commands symlinked to iptables-nft (compatibility shim)
• UFW uses nftables backend by default
• nftables.service enabled on server installs

nft list ruleset                        # view all rules

# UFW still works
ufw allow 22/tcp
ufw enable

# Native nftables
nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }
nft add rule inet filter input tcp dport 22 accept

# Check backend
update-alternatives --query iptables    # should show iptables-nft
iptables --version                      # should show nf_tables

LXD 5.0 LTS

Major improvements over LXD 4.0:

• Projects as first-class -- full isolation including networks, storage, images
• Cluster evacuation -- lxc cluster evacuate <member>
• OVN networking -- software-defined networking for multi-host
• Instance types -- t1.micro, c2.medium-style presets

snap refresh lxd --channel=5.0/stable  # upgrade from 4.0
lxc cluster evacuate <member>           # migrate instances off member
lxc cluster restore <member>            # bring member back
lxc network list-allocations            # IP allocations
lxc config trust add --name ci-bot      # named trust certificates

OpenSSL 3.0

Provider architecture replaces ENGINE API:

• Providers: default, legacy, fips, base
• SHA-1 not deprecated system-wide (unlike RHEL 9)
• apt-key deprecated (use Signed-By keyrings)

MicroK8s Stable HA

• 3-node HA with Dqlite-backed coordination (previously experimental)
• GPU Operator add-on (microk8s enable gpu)
• Kata Containers add-on (microk8s enable kata)
• Observability stack (microk8s enable observability)

microk8s add-node                       # generate join token
microk8s join <ip>:<port>/<token>       # join cluster
microk8s status | grep high-availability

Common Pitfalls

1. Wayland breaking screen sharing tools -- use PipeWire/xdg-desktop-portal APIs
2. NVIDIA drivers defaulting to X.org -- later point releases improve Wayland support
3. adsys not started after install -- must systemctl enable --now adsysd
4. iptables-legacy scripts failing -- install iptables-nft shim or rewrite to nft
5. apt-key warnings -- switch to Signed-By with keyring files in /etc/apt/keyrings/
6. zsys removed -- zsys from 20.04 is deprecated; manual ZFS snapshot management needed
7. pam_tally2 removed -- use pam_faillock for account lockout
8. OpenSSL 3.0 ENGINE removal -- applications using ENGINE_* API must be updated

Version Boundaries

• Kernel: 5.15 LTS (HWE track: 6.5+)
• Python: 3.10
• OpenSSL: 3.0
• nftables: default backend
• Wayland: default GNOME session
• apt-key: deprecated (still functional)
• Sources format: legacy one-liner default; deb822 supported

Reference Files

Load for deep knowledge:

• ../references/architecture.md -- apt, Netplan, cloud-init, ZFS, LXD
• ../references/diagnostics.md -- apport, apt troubleshooting, snap debugging
• ../references/best-practices.md -- hardening, updates, UFW, backup
• ../references/editions.md -- Pro, ESM, lifecycle, editions