Some crashkernel targets still use legacy NTLM auth, which
require those (bsc#869496). This patch enumerates all dependent
hash algorithems, because even though most of them are probably
compiled in, older ones (e.g. md4 and arc4) usually aren't.
Contrary to previous intel pinctrl drivers, the cherryview driver can be
and usually is built as a module. However, it sets up the SDIO pinout
so sdhci can make use of the SD card reader, which may subsequently
hold a root file system on a card (bsc#998440).
Also change <= N to < N+1. For example, dracut-029-1 > dracut-029, so would not
get obsoleted properly. This all applies to old versions, so doesn't make much
difference in practice, so just fix it to avoid c&p duplication of the bad
pattern in the future.
Preserve extended attributes when copying files using dracut-install.
The copying of extended attributes avoids file execution denials when
the Linux Integrity Measurement's Appraisal mode is active. In that mode
executables need their file signatures copied. In particular, this patch
solves the problem that dependent libaries are not included in the
initramfs since the copied programs could not be executed due to missing
signatures. The following audit record shows the type of failure that
is now prevented:
type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0
auid=4294967295 ses=4294967295
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
op="appraise_data" cause="IMA-signature-required"
comm="ld-linux-x86-64"
name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl"
dev="dm-0" ino=37136 res=0
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
bnx2x can take no longer than 3 seconds to initialize the link in some setups
which can cause fipvlan to fail and thus the fcoe interface(s) won't be
created.
Add another 10 seconds to give the link enough time to initialize.
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Daniel Molkentin