kexec-tools

Unnamed repository

Go to file

Coiby Xu f7e92f8a6a Restore SELinux label of crypttab file Resolves: https://issues.redhat.com/browse/RHEL-124989 Conflict: None commit fe2891da11ce088ce14f7b2913bd3123b8f7c727 Author: Coiby Xu <coxu@redhat.com> Date: Mon Nov 3 09:55:07 2025 +0800 Restore SELinux label of crypttab file Currently, for LUKS encrypted dump target, the system can have booting problem with relatively older selinux-policy e.g. 40.13.21-1.el10 or 38.1.65-1.el9.noarch, [*** ] Job dev-disk-by\x2duuid-55f4fce1\x2…tart running (1min 21s / 1min 30s) ... [ TIME ] Timed out waiting for device dev-d…f4fce1-cd7f-43a6-8729-f0edcd048d73. [DEPEND] Dependency failed for luks.mount - /luks. [DEPEND] Dependency failed for local-fs.target - Local File Systems. [DEPEND] Dependency failed for selinux-auto…k the need to relabel after reboot. ... [FAILED] Failed to start kdump.service - Crash recovery kernel arming. See 'systemctl status kdump.service' for details. You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, or "exit" to continue bootup. [ 4.375155] systemd-cryptsetup-generator[690]: Failed to open /etc/crypttab: Permission denied [ 4.376555] audit: type=1400 audit(1762134586.538:4): avc: denied { open } for pid=690 comm="systemd-cryptse" path="/etc/crypttab" dev="vda3" ino=16916076 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0 This happens because the updated crypttab file for LUKS dump target has incorrect SELinux label as it's created by mktemp. As a result, SELinux will prevent systemd-cryptsetup-generator from accessing crypttab and the encrypted dump target can fail to mount, # ls -Z /etc/crypttab unconfined_u:object_r:user_tmp_t:s0 /etc/crypttab Restore the SELinux label of crypttab to fix this issue, # ls -Z /etc/crypttab unconfined_u:object_r:etc_t:s0 /etc/crypttab Although this issue no longer happens to newer selinux-policy like policy-42.1.9-1.el10.noarch, it's better to restore the SELinux label of crypttab file. Fixes: 4e0d4cae ("Add kdumpctl setup-crypttab subcommand") Signed-off-by: Coiby Xu <coxu@redhat.com>		2025-11-07 13:55:12 +08:00
spec	Remove unused LUKS volume keys from keyring	2025-10-13 12:28:51 +08:00
tests	Merged update from upstream sources	2020-11-20 12:35:49 +00:00
.editorconfig	kdump-lib-initramfs.sh: prepare to be a POSIX compatible lib	2021-11-09 21:45:15 +08:00
.gitignore	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
60-fadump.install	fadump: add a kernel install hook to clean up fadump initramfs	2022-12-22 14:36:23 +08:00
60-kdump.install	Write to `/var/lib/kdump` if $KDUMP_BOOTDIR not writable	2021-06-23 09:34:40 +08:00
92-crashkernel.install	Prefix reset-crashkernel-{for-installed_kernel,after-update} with underscore	2022-10-27 14:47:57 +08:00
98-kexec.rules	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
98-kexec.rules.ppc64	powerpc: update fadump sysfs node path	2023-09-21 15:06:07 +08:00
99-kdump.conf	99-kdump.conf: Omit clevis related dracut modules	2025-04-17 06:25:41 +00:00
crashkernel-howto.txt	kdumpctl: deprecate --reboot for reset-creashkernel	2025-09-17 15:39:07 +02:00
dracut-early-kdump-module-setup.sh	dracut-early-kdump-module-setup.sh: install xargs and kdump-lib-initramfs.sh	2022-01-06 14:31:33 +08:00
dracut-early-kdump.sh	powerpc: update kdumpctl to load kernel signing key for fadump	2023-11-08 01:36:58 +00:00
dracut-fadump-init-fadump.sh	fadump-init: clean up mount points properly	2021-07-20 15:43:43 +08:00
dracut-fadump-module-setup.sh	fadump: isolate fadump initramfs image within the default one	2021-07-20 15:43:11 +08:00
dracut-kdump-capture.service	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
dracut-kdump-emergency.service	Merge kdump-error-handler.sh into kdump.sh	2021-11-09 21:45:31 +08:00
dracut-kdump-emergency.target	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
dracut-kdump.sh	Re-introduce vmcore creation notification to kdump	2024-12-06 15:27:20 +13:00
dracut-kexec-crypt-setup.sh	Wait for LUKS configfs API to be ready	2025-10-13 12:28:51 +08:00
dracut-module-setup.sh	Limit LUKS support to x86_64	2025-10-13 12:28:51 +08:00
dracut-monitor_dd_progress	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
early-kdump-howto.txt	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
fadump-howto.txt	fadump: pass additional parameters for capture kernel	2024-12-09 21:45:00 +08:00
gating.yaml	Add gating.yaml to RHEL-9 kexec-tools	2021-06-08 20:03:41 +08:00
gen-kdump-conf.sh	Note user-specified crashkernel value will be overwritten by default value	2025-02-24 11:02:47 +08:00
kdump-dep-generator.sh	Merged update from upstream sources	2021-01-22 08:12:00 +00:00
kdump-in-cluster-environment.txt	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
kdump-lib-initramfs.sh	Change LUKS volume key prefix to kdump-cryptsetup:vk-	2025-10-13 12:28:51 +08:00
kdump-lib.sh	Return LUKS devices in the form of UUIDs directly	2025-10-13 12:28:51 +08:00
kdump-logger.sh	Add header comment for POSIX compliant scripts	2021-11-10 10:26:54 +08:00
kdump-migrate-action.sh	kdump/ppc64: rebuild initramfs image after migration	2021-12-03 18:13:09 +08:00
kdump-restart.sh	kdump/ppc64: rebuild initramfs image after migration	2021-12-03 18:13:09 +08:00
kdump-udev-throttler	Fix SC2181 issues in kdump-udev-throttler	2025-10-13 12:28:51 +08:00
kdump.conf.5	doc/kdump.conf: correctly align the options	2025-04-08 17:33:14 +02:00
kdump.service	Allow kdump.service to access LUKS volume keys	2025-11-07 13:54:50 +08:00
kdump.sysconfig	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.aarch64	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.i386	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.ppc64	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.ppc64le	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.s390x	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdump.sysconfig.x86_64	sysconfig: disable kfence in kdump kernel	2025-08-06 16:57:43 +08:00
kdumpctl	Restore SELinux label of crypttab file	2025-11-07 13:55:12 +08:00
kdumpctl.8	Limit LUKS support to x86_64	2025-10-13 12:28:51 +08:00
kexec_file-add-kexec_file-flag-to-support-debug-prin.patch	kexec_file: add kexec_file flag to support debug printing	2024-05-07 20:26:22 +08:00
kexec-kdump-howto.txt	Limit LUKS support to x86_64	2025-10-13 12:28:51 +08:00
kexec-tools.spec	Support dumping to a LUKS-encrypted target	2025-10-13 12:28:47 +08:00
kexec-update-manpage-with-explicit-mention-of-clean-.patch	kexec: update manpage with explicit mention of clean kexec	2023-10-31 13:21:58 +08:00
live-image-kdump-howto.txt	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
mkdumprd	Support dumping to a LUKS-encrypted target	2025-10-13 12:28:47 +08:00
mkdumprd.8	Merged update from upstream sources	2020-12-23 10:00:07 +00:00
mkfadumprd	fadump: use 'zstd' as the default compression method	2022-12-22 14:36:23 +08:00
README	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00
sources	Release 2.0.29-1	2024-11-06 16:27:38 +13:00
supported-kdump-targets.txt	Limit LUKS support to x86_64	2025-10-13 12:28:51 +08:00
zanata-notes.txt	RHEL 9.0.0 Alpha bootstrap	2020-10-15 14:45:57 +02:00

README

Adding a patch to kexec-tools
=============================
There is a mailing list kexec@lists.fedoraproject.org where all the dicussion
related to fedora kexec-tools happen. All the patches are posted there for
inclusion and committed to kexec-tools after review.

So if you want your patches to be included in fedora kexec-tools package,
post these to kexec@lists.fedoraproject.org.

One can subscribe to list and browse through archives here.

https://admin.fedoraproject.org/mailman/listinfo/kexec