Bug ID 946544
Summary dracut mkinitrd cannot run depmod in selinux
Classification openSUSE
Product openSUSE Factory
Version 201505*
Hardware x86-64
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee bnc-team-screening@forge.provo.novell.com
Reporter schrott3000@yahoo.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 648012 [details]
Described solution of changing the context before executing depmod

[Overview]
Mkinitrd fails on a selinux enabled system because depmod cannot access the
kernel modules copied to the temp directory.
Issue: 
Modules in dracut temp directory are labeled usr_tmpfs_t instead of
modules_object_t

[Steps to Reproduce]
1) Run a openSUSE Tumbleweed installation with dracut 043
2) Be sure to have selinux in enforcing mode (I have mls-policy not sure if it
affects targeted policy too)
3) Run as root: mkinitrd -B

[Actual Result]
mkinitrd crashes because of not being able to run depmod

[Expected Result]
mkinitrd shoud finish the creation of the initrd image

[Build]
dracut-043
openSUSE Tumbleweed 20150909

[Solution]
Fix labels of the $MKINITRD_TMP_PATH/lib/modules
This can be most easily done by adding the following lines to
dracut-functions.sh:
See in dracut-functions-fixed.patch
Alternatively there may be the possibility to add matching contexts to
selinux-policy wich I would consider to be difficult because dracut changes the
temp directory each time.

You are receiving this mail because: