At least on x86 on Bay and Cherry Trail devices the pmw-lpss modules must
be in the initrd too, otherwise the i915 driver will still load, but
it will report the following error:
[drm:pwm_setup_backlight [i915]] *ERROR* Failed to own the pwm chip
And not register /sys/class/backlight/intel_backlight and users will
not be able to control their backlight.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
curl in Fedora recently changed its default CA trust store. The
Fedora package no longer specifies an OpenSSL-format bundle file
during build, and curl itself has been patched to use an NSS
plugin called libnssckbi.so when no bundle file or directory is
specified. There are (at present) two possible providers of the
libnssckbi.so module: the original NSS implementation, which
uses a trust bundle built in at build time, and a compatible
implementation from the p11-kit project, which reads a trust
bundle at run time. So if we find a string in libcurl.so that
suggests libnssckbi might be in use, we must both install it and
make an effort to install any trust bundle files it may use.
The p11-kit libnssckbi implementation does include a string that
lists the top-level trust directories it will use, so we try to
find that string, though the best effort I can come up with will
also find many false positives too. To weed out the false
positives, we check whether the matches actually exist as dirs,
and if so, whether they contain some specific subdirectories we
know p11-kit trust dirs must have (thanks, @kaie). For the NSS
libnssckbi implementation, we will likely wind up not finding any
dirs that match the requirements, so we will simply install the
libnssckbi.so file itself, which is the correct action.
This fixes TLS transactions in the initramfs environment when
using a curl that's built this new way; it's significant for
use of kickstarts and update images with the Fedora / RHEL
installer, as these are retrieved in the initramfs environment,
and are frequently retrieved via HTTPS.
The --ignoreactivationskip/-K switch was added to LVM2 in 2.02.99
(July 2013) and is used to control the activation of volumes with
the activation skip flag set: without -K these volumes will be
ignored when 'lvchange -ay $LV' is issued.
This prevents an LVM2 thin-privisioned snapshot from being used
as the root device when booting with rd.lvm.lv=vg/lv since the
activation skip flag is set for these snapshots by default (the
legacy non-thinp snapshots do not set this flag and can already
be activated and used as a root device by specifying appropriate
values for rd.lvm.lv).
This is only used in the rd.lvm.lv case since in that situation
we are activating one or more named LVs specified by the user:
the flag is not given when calling 'vgchange' since this may
cause many unwanted volumes to be activated during early user
space. Users wishing to use a specific snapshot volume should
specify it with 'rd.lvm.lv'.
The newer mount utilities are more strict about directly shared
devices. For OverlayFS boots, which mount $BASE_LOOPDEV directly,
avoid a mount error by indirectly sharing the read-only base
filesystem through a second, over-attached $BASE_LOOPDEV for
the DM live-base target.
Install ifcfg-* files with team configuration in the initramfs.
Improve the slave configuration of the team interface, by looking up
ifcfg files in the initramfs.
Create a default loadbalance team config, if none present in the
initramfs.
forward port of
4c88c2859e
This adds the same list of drivers we use for arm platforms for
aarch64 too, also add the DMA drivers there too as they can add
sigficant performance for some storage/usb and often need to be
present when the storage drivers load.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Provide a more prominent alert to the user if an overlay is
missing or the overlay module is not available and a temporary
overlay will be provided. This, to avoid losing data intended to
persist.
Integrate the option to use an OverlayFS as the root filesystem
into the 90dmsquash-live module for testing purposes.
The rd.live.overlay.overlayfs option allows one to request an
OverlayFS overlay. If a persistent overlay is detected at the
standard LiveOS path, the overlay & type detected will be used.
Tested primarily with transient, in-RAM overlay boots on vfat-
formatted Live USB devices, with persistent overlay directories
on ext4-formatted Live USB devices, and with embedded, persistent
overlay directories on vfat-formatted devices. (Persistent overlay
directories on a vfat-formatted device must be in an embedded
filesystem that supports the creation of trusted.* extended
attributes, and must provide valid d_type in readdir responses.)
The rd.live.overlay.readonly option, which allows a persistent
overlayfs to be mounted read only through a higher level transient
overlay directory, has been implemented through the multiple lower
layers feature of OverlayFS.
The default transient DM overlay size has been adjusted up to 32 GiB.
This change supports comparison of transient Device-mapper vs.
transient OverlayFS overlay performance. A transient DM overlay
is a sparse file in memory, so this setting does not consume more
RAM for legacy applications. It does permit a user to use all of
the available root filesystem storage, and fails gently when it is
consumed, as the available free root filesystem storage on a typical
LiveOS build is only a few GiB. Thus, when booted on other-
than-small RAM systems, the transient DM overlay should not overflow.
OverlayFS offers the potential to use all of the available free RAM
or all of the available free disc storage (on non-vfat-devices)
in its overlay, even beyond the root filesystem available space,
because the OverlayFS root filesystem is a union of directories on
two different partitions.
This patch also cleans up some message spew at shutdown, shortens
the execution path in a couple of places, and uses persistent
DM targets where required.
Documentation is updated for these changes.
Commit cf376023e6 moved writing .resolv.conf and .override
after dhcp_do, because dhcp_do was overwriting .resolv.conf. But .override does not have
such problem and on the contrary dhcp_do reads .override file if it is present. So let\'s
move it back.
https://bugzilla.redhat.com/show_bug.cgi?id=1415004
There's a number of usb controllers that are common yet aren't
contained in the host directory. Include these for generic host.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The phy and power modules are needed by some of the recent ARM
devices that have appeared like CHIP and some exynos devices.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Bug related to this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1360131
Now dracut only attempts to copy GlobalKnownHostsFile while generating kdump's
initramfs. This method will cause kdump's failure if users set customized
UserKnownHostsFile in /etc/ssh/ssh_config. This patch simply attempts to copy
those files too while going through /etc/ssh/ssh_config. Note that we need to
make sure ~/foo will be copied as /root/foo in kdump's initramfs.
Extend "rd.memdebug" to "4", and "make_trace_mem" to "4+:komem".
Add new "cleanup_trace_mem" to cleanup the trace if active.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
The current method for memory debug is to use "rd.memdebug=[0-3]",
it is not enough for debugging kernel modules. For example, when we
want to find out which kernel module consumes a large amount of memory,
"rd.memdebug=[0-3]" won't help too much.
A better way is needed to achieve this requirement, this is useful for
kdump OOM debugging.
The principle of this patch is to use kernel trace to track slab and
buddy allocation calls during kernel module loading(module_init), thus
we can analyze all the trace data and get the total memory consumption.
As for large slab allocation, it will probably fall into buddy allocation,
thus tracing "mm_page_alloc" alone should be enough for the purpose(this
saves quite some trace buffer memory, also large free is quite unlikey
during module loading, we neglect those memory free events).
The trace events include memory calls under "tracing/events/":
kmem/mm_page_alloc
We also inpect the following events to detect the module loading:
module/module_load
module/module_put
Since we use filters to trace events, the final trace data size won't
be too big. Users can adjust the trace buffer size via "trace_buf_size"
kernel boot command line as needed.
We can get the module name and task pid from "module_load" event which
also mark the beginning of the loading, and module_put called by the
same task pid implies the end of the loading. So the memory events
recorded in between by the same task pid are consumed by this module
during loading(i.e. modprobe or module_init()).
With these information, we can record the rough total memory(the larger,
the more precise the result will be) consumption involved by each kernel
module loading.
Thus we introduce this shell script to find out which kernel module
consumes a large amount of memory during loading. Use "rd.memdebug=4"
as the tigger.
After applying this patch and specifying "rd.memdebug=4", during booting
it will print out something extra like below:
0 pages consumed by "pata_acpi"
0 pages consumed by "ata_generic"
1 pages consumed by "drm"
0 pages consumed by "ttm"
0 pages consumed by "drm_kms_helper"
835 pages consumed by "qxl"
0 pages consumed by "mii"
6 pages consumed by "8139cp"
0 pages consumed by "virtio"
0 pages consumed by "virtio_ring"
9 pages consumed by "virtio_pci"
1 pages consumed by "8139too"
0 pages consumed by "serio_raw"
0 pages consumed by "crc32c_intel"
199 pages consumed by "virtio_console"
0 pages consumed by "libcrc32c"
9 pages consumed by "xfs"
From the print, we see clearly that "qxl" consumed the most memory.
This file will be installed as a separate executable named "tracekomem"
in the following patch.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Some crashkernel targets still use legacy NTLM auth, which
require those (bsc#869496). This patch enumerates all dependent
hash algorithems, because even though most of them are probably
compiled in, older ones (e.g. md4 and arc4) usually aren't.
Contrary to previous intel pinctrl drivers, the cherryview driver can be
and usually is built as a module. However, it sets up the SDIO pinout
so sdhci can make use of the SD card reader, which may subsequently
hold a root file system on a card (bsc#998440).
IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
bnx2x can take no longer than 3 seconds to initialize the link in some setups
which can cause fipvlan to fail and thus the fcoe interface(s) won't be
created.
Add another 10 seconds to give the link enough time to initialize.
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
This is a further improvement on PR #105 which re-adds support for nfs:// urls to root=live:nfs://... Symptoms prior to applying this patch are that sysroot.mount times out when following the nfs:// syntax for the path to the live image. An additional case is added to livenet-generator to support the nfs protocol.
ip=2620:0052:0000:2220:0226:b9ff:fe81:cde4::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
should be
ip=[2620:0052:0000:2220:0226:b9ff:fe81:cde4]::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
https://bugzilla.redhat.com/show_bug.cgi?id=1322592#c19
(cherry picked from commit b8e6c051c6)
use inst() instead of inst_simple()
/etc/pki/tls/certs/ca-bundle.crt is a symlink to
../../ca-trust/extracted/pem/tls-ca-bundle.pem
with inst() we install the original file also.
https://bugzilla.redhat.com/show_bug.cgi?id=1341280
(cherry picked from commit 1b23c6c65c)
IPv6 addresses should be specified in brackets so that the
ip= scanning code doesn't get confused.
References: bnc#887542
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.com>
Both 'utmp' and 'root' groups are mentioned in tmpfiles.d/systemd.conf
and as such should be included.
It's probably better to have something equiv to inst_rule_group_owner()
for udev rules which parses out users and groups and adds them to the
passwd/group db respectively.
Could also rely on sysusers but as the initramfs is static in this
sense, it's more efficient to pre-define the users IMO.
This will bundle clock drivers into the initramfs on arm
Tested on ti dm8148-t410 where adpll is needed on 4.6+ kernel
This will avoid to rely on (maybe broken) bootloader clocks.
Theses modules are also usually loaded early. Having them bundled into
the initramfs will avoid lot of deferred probes and others delay.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If journald.conf already contains Storage=persistent, journald will
write to /var/log/journal/, which ends up at /run/initramfs/log/journal/
after switching root. We want to make sure early boot logs are written
to /run/log/journal/ so they can be flushed to /var/log/journal/ after
switching root.
Users can pass the DNS information throught "nameserver=" cmdline,
there maybe duplicated inputs.
"/etc/resolv.conf" have some restrictions on the number of DNS items
effective, so make sure that this file contains no duplicated items.
We achieve this by simply making the file have no duplicated lines.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
I met a problem when passing kdump dns to dracut via "nameserver=x.x.x.x",
the dns I provided didn't appear in the "/etc/resolv.conf".
After some debugging, found that when setup dhcp DNS, in setup_interface()
and setup_interface6(), it has:
echo "search $search $domain" > /tmp/net.$netif.resolv.conf
So if "$search $domain" isn't NULL(this is ture in my kdump environment),
the dns contents(that is, dns1, dns2, nameserver) in "ifup" before dhcp
will be discarded.
This patch addresses it by handling dhcp first. In fact this is also the
way the NetworkManager in 1st kernel works.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Avoid keymap/font not found error when loadkeys/setfont
are compiled with the default data directory path.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
- use local variables with _
- use associative array for the kernel modules
- install emergency hook even in the systemd case
- follow device path until /sys is reached
- set kernel version for modprobe checking
If the initramfs was built with prefix=/run/... /run can't be mounted
with noexec, otherwise no binary can be run.
Guard against it by looking where /bin/sh is really located.
Trigger the acpi subsystem. This will ensure hv_vmbus gets loaded before
plymouth is started, which will make the graphics device become
available before plymouth is started too (and the keyboard ! which might
also be important for plymouth in some setups).
https://bugzilla.redhat.com/show_bug.cgi?id=1218130
(cherry picked from commit d2846fdcce9b8de0edecdf0e06a4b86fc8de542c)
It is expected that a watchdog module will disable an active watchdog when
its probe is called ie, when it is loaded. So an early load of the module
will help to disable it earlier.
This can be helpful in some corner cases where kdump and watchdog daemon
both are active.
Testing:
-- When watchdog kernel modules were added
# dracut --no-hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img -f etc/cmdline.d/00-watchdog.conf
rd.driver.pre=iTCO_wdt,lpc_ich,
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
Recently following patches have been added in upstream Linux kernel, which
(1) fixes parent of watchdog_device so that
/sys/class/watchdog/watchdogn/device is populated. (2) adds some sysfs
device attributes so that different watchdog status can be read.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6551881c86c791237a3bebf11eb3bd70b60ea782http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=906d7a5cfeda508e7361f021605579a00cd82815http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33b711269ade3f6bc9d9d15e4343e6fa922d999b
With the above support, now we can find out whether a watchdog is active or
not. We can also find out the driver/module responsible for that watchdog
device.
Proposed patch uses above support and then adds module of active watchdog
in initramfs generated by dracut for hostonly mode. Kernel module for
inactive watchdog will be added as well for none hostonly mode.
When an user does not want to add kernel module, then one should exclude
complete dracut watchdog module with --omit.
Testing:
-- When watchdog is active watchdog modules were added
# cat /sys/class/watchdog/watchdog0/identity
iTCO_wdt
# cat /sys/class/watchdog/watchdog0/state
active
# dracut --hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-rw-r--r-- 1 root root 9100 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_vendor_support.ko
-rw-r--r-- 1 root root 19252 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_wdt.ko
-- When watchdog is inactive then watchdog modules were not added
# cat /sys/class/watchdog/watchdog0/state
inactive
# dracut --hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-- When watchdog is inactive, but no hostonly mode, watchdog modules were added
# cat /sys/class/watchdog/watchdog0/state
inactive
# dracut --no-hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-rw-r--r-- 1 root root 9100 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_vendor_support.ko
-rw-r--r-- 1 root root 19252 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_wdt.ko
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
When systemd is present, let it manage watchdog feed.
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
How to reproduce:
host# ./dracut.sh -o 'dracut-systemd systemd systemd-initrd' --local -f ./initramfs.img
host# qemu-system-x86_64 -initrd ./initramfs.img \
-append 'root=/dev/sda1 rd.cmdline=ask rd.hostonly=0' \
...
Enter additional kernel command line parameter (end with ctrl-d or .)
> rd.break
> .
...
There is no "Break before switch_root"
...
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
* Multipath device names only start with the mpath-prefix if the option
use_userfriendly_names is set true in /etc/multipath.conf and if user
has not set any aliases in the said file. Thus the for-loop should go
through all files in /dev/mapper/, not just ones starting with 'mpath'
* Bash is perfectly capable to extend `/dev/mapper/*` notation without a
need to pass it to an external ls
* Changed the function to use a local variable $_dev instead of the
global $dev, which seemed to be the original intention as the local
_dev was defined but not used
crypt/parse-crypt.sh generate initqueue job which always call
dev_unit_name() with an argument beginning with "-". This results
in the following error:
dracut-initqueue[307]: + systemd-escape -p -cfb4aa43-2f02-4c6b-a313-60ea99288087
dracut-initqueue[307]: systemd-escape: invalid option -- 'c'
Add a systemd generator for root=nbd:.. so that systemd has a correct
sysroot.mount unit.
Use export names instead of port numbers, because port number based
exports are deprecated and were removed.
rename iface_has_link() to iface_has_carrier() to clarify usage
Only assign static "wildcard interface" settings, if the interface has a
carrier.
If the interface name was specified with a name, do not do carrier
checking for static configurations.
8b5ee88ff6 removed the check for SQUASHED,
assuming, that the if clause above was the only place, where SQUASHED is
set.
This patch reverts to the old logic, because SQUASHED can be set
earlier.
Persistent, uncompressed live installations can avoid overlays with a new rd.live.overlay=none flag.
Non-persistent rd.live.ram boots can also take advantage of persistent home.img filesystems.
Resolves issues where systemd attempts to boot a live URL as an NFS mount.
This patch uses systemd's generator arg[2] to generate an early sysroot.mount
that preempts systemd-fstab-generator.
See https://bugzilla.redhat.com/show_bug.cgi?id=1280103
When using rd.zfcp= parameter in generic.prm file, wrong format
parameters will prevent the zfcp driver to add the correct SCSI
disk. dracut should die when a wrong rd.zfcp= parameter supplied.
Signed-off-by: Zhiguo Deng <bjzgdeng@linux.vnet.ibm.com>
znetconf command is part of s390utils-base package. It depends on
awk and getopt.
This patch is used to fix the following error:
dracut:/#
znetconf -c
/usr/sbin/znetconf: line 70: awk: command not found
/usr/sbin/znetconf: line 1138: getopt: command not found
Signed-off-by: Mei Liu <liumbj@linux.vnet.ibm.com>
all_ifaces_up() is true, if all interfaces are up.
all_ifaces_setup() is true, if all interfaces are up and the gateways
and nameserver are setup.
(cherry picked from commit 63e75dc4cd)
By default, dracut only builds in dm-service-time into the initramfs as
that is the default multipath.conf path selector. If the user changes
the path selector to "round robin" on the fly and runs dracut, multipath
does not find any paths on boot and the user will be dropped into a
shell.
Apparently, in RHEL7 dracut defaults to "hostonly" mode, i.e. modules
not currently in use at the time dracut runs do not get built into
initramfs. This is definitely one case where this doesn't work. A change
to reconfigure multipath probably should not render the system
unbootable.
https://bugzilla.redhat.com/show_bug.cgi?id=1195392
(cherry picked from commit f11d7a81e2)
- check if modprobe was successful
- add a timeout for /sys/firmware/edd
- only remove the module, if it was loaded by the script
(cherry picked from commit 34203d03c0)
rd.net.dhcp.retry=<cnt>
If this option is set, dracut will try to connect via dhcp
<cnt> times before failing. Default is 1.
rd.net.timeout.dhcp=<arg>
If this option is set, dhclient is called with "-timeout <arg>".
rd.net.timeout.iflink=<seconds>
Wait <seconds> until link shows up. Default is 60 seconds.
rd.net.timeout.ifup=<seconds>
Wait <seconds> until link has state "UP". Default is 20 seconds.
rd.net.timeout.route=<seconds>
Wait <seconds> until route shows up. Default is 20 seconds.
rd.net.timeout.ipv6dad=<seconds>
Wait <seconds> until IPv6 DAD is finished. Default is 50 seconds.
rd.net.timeout.ipv6auto=<seconds>
Wait <seconds> until IPv6 automatic addresses are assigned.
Default is 40 seconds.
rd.net.timeout.carrier=<seconds>
Wait <seconds> until carrier is recognized. Default is 5 seconds.
(cherry picked from commit d8ad687e1a)
https://bugzilla.redhat.com/show_bug.cgi?id=742564
Once lvm2 starts using /run (bug 742554), it should be no longer
necessary to disable file-based locking in the vgchange call in
fedora-storage-init.
Removing '--sysinit' will make it safe to call LVM operations
concurrently from other units.
The --sysinit is a compound option consisting of:
-> --ignorelockingfailure - not needed anymore, the /run/lock/lvm is
available rw soon in boot process
-> --ignoremonitoring - not needed since /run is available, this would
require the dm-event.service to be run before
fedora-storage-init.service (and new lvm2-activation.service when
deployed). But that's a one line change - I'll have a look whether it
plays well with other services and if yes, I'll commit the change. N.B.:
This has a consequence that all volumes activated on vgchange -ay will
be monitored at the same time they're activated (which is a plus I
think). The lvm2-monitor will just grab all the other volumes not
activated at the time of the boot's vgchange -ay call. But that's not an
issue (for already monitored volumes, calling vgchange --monitor y will
just be a NOOP).
-> --poll n - not needed, we can run the polldaemon as the /run is
available and rw (in case there's unfinished merge or mirror sync from
previous system run, the poll-daemon will be triggered at boot now).
Actually, the polldaemon should be triggered as a service like dmeventd
is, not forked off from the LVM command itself, like from vgchange in
this case - we still need to change this - there's a bug open for this
request already (bug #814857). However, we don't have this feature ready
yet so I need to check whether this is OK with the early boot process
with the current state.
Transient snapshots can take advantage of smaller,
non-persistent metadata structures.
Make the --readonly option explicit rather than inferred
for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
Temporary snapshots can take advantage of smaller, non-persistent metadata structures.
Make the --readonly option explicit rather than inferred for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
Some hosting providers need a static route set in order to be
able to reach the default gateway. Be sure to retry adding
the default gateway after setting the static routes.
parse-cmdline sets up an initial initiator-name to let iscsid start.
iscsid is started before doing any iscsistart business.
iscsistart is done with systemd-run asynchrone to do things in
paralllel. Also restarted for every new interface which shows up.
If rd.iscsi.waitnet (default) is set, iscsistart is done only
after all interfaces are up.
If not all interfaces are up and rd.iscsi.testroute (default) is set,
the route to a iscsi target IP is checked and skipped, if there is none.
If all things fail, we issue a "dummy" interface iscsiroot to retry
everything in the initqueue/timeout.
This patch supports loading keys either on the _ima keyring or, as of
Linux 3.17, on the trusted .ima keyring. Only certificates signed by
a key on the system keyring can be loaded onto the trusted .ima keyring.
Changelog:
- Update 98integrity/README
Setting and unsetting the IFS variable is tricky. To be on the
safe side we should always reset the IFS variable to its original
value after parsing.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
For large machine, suppose there's a lot of multipath devices, multipath layer
will use a lot of memory. For kdump kernel memory is very limited thus it causes
oom. To avoid oom, we only add necessary multipath devices in kdump kernel
multipath.conf.
This is done by use mpathconf --allow, a new option which is like whitelist.
Signed-off-by: Dave Young <dyoung@redhat.com>
"ifup -m" was thought to be used by humans in the emergency shell.
Using it programatically shows some other flaw in the execution logic.
Also, "ifup -m" was configuring the interface multiple times on "add"
and "change" uevent, because the "$netif.did-setup" test was not
executed.
This reverts commit cfa365a32d.
The logic in commit cfa365a was added to prevent (odl) lvms from
activating snapshots which should not be activated.
Newer lvms however do this automatically (not enabling an LV if the
the 'k' attribute set), thus we can revert the previous commit.
Harald Hoyer