Bug 1918499

Summary: kdump initrd generation fails if /boot not writable
Product: Red Hat Enterprise Linux 8 Reporter: Kelvin Fan <kfan>
Component: kexec-toolsAssignee: ltao
Status: CLOSED ERRATA QA Contact: Ruowen Qin <ruqin>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.6CC: dornelas, hshiina, janders, jieli, jniu, ruqin, ruyang, travier, xiawu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: 8.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: kexec-tools-2.0.20-52.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1976252 (view as bug list) Environment:
Last Closed: 2021-11-09 19:40:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1965985    
Bug Blocks: 1971734, 1971735, 1976252    

Description Kelvin Fan 2021-01-20 21:31:37 UTC 
Description of problem:
The /boot directory in RHEL CoreOS will soon be mounted read-only after version 4.7. Because of this, kdump will not be able to place the generated kdump initrd next to the kernel image in `KDUMP_BOOTDIR`. 
Possible solutions would be to make the location of the generated kdump initrd configurable, or to remount /boot writable whenever kdump needs to write to it. 

How reproducible:
Always

Steps to Reproduce:
1. systemctl start kdump.service

Actual results:
kdump does not have permission to write to the /boot directory so it cannot build the kdump initramfs.

Expected results:
Crash recovery kernel arming succeeds.

Additional info:
https://issues.redhat.com/browse/GRPA-3209
Comment 1 ltao 2021-04-12 09:16:33 UTC 
Patch v2 is still in review in fc upstream:

https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org/message/73XGH3N7GQS5LCNTUNQQ6NREKLBUCJH6/
Comment 2 ltao 2021-05-06 08:40:00 UTC 
patch v3 has been merged in fedora:

https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org/thread/G5LMDXOA46A7AXGQIXPZ3XU65H52D4I4/
Comment 3 ltao 2021-05-11 05:31:27 UTC 
The v3 patch is ready for merge into rhel, however, there is a selinux problem [1] which need to be fixed first.

The initramfs can be created in /var/lib/kdump successfully by v3 patch, but the selinux policy refuses kexec-tools to load it,
thus fails the kdump arming. So this bug is blocked by bz1951323

[1] https://github.com/fedora-selinux/selinux-policy/issues/727
Comment 4 ltao 2021-05-31 08:57:34 UTC 
On Fedora-Rawhide-20210529.n.0, patch v3 tested can work. May need to backport [1] to rhel8 first, to make patch v3 work on rhel8.

[1] https://github.com/fedora-selinux/selinux-policy/pull/732
Comment 7 Dave Young 2021-06-15 07:23:06 UTC 
*** Bug 1971734 has been marked as a duplicate of this bug. ***
Comment 8 Dave Young 2021-06-15 07:27:18 UTC 
*** Bug 1971733 has been marked as a duplicate of this bug. ***
Comment 13 Timothée Ravier 2021-06-22 14:58:24 UTC 
Clearing needinfo as AFAIU Kelvin completed the request.
Comment 29 errata-xmlrpc 2021-11-09 19:40:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: kexec-tools security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4404