Bug 804981

Summary: when installing from livecd, non-PAE kernel is used even on PAE enabled system
Product: [Fedora] Fedora Reporter: Petr Matousek <pmatouse>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 16CC: anaconda-maint-list, eteo, g.kaviyarasu, jonathan, security-response-team, vanmeeuwen+fedora
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-14 02:31:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Petr Matousek 2012-03-20 11:30:11 UTC 
Description of problem:

When installing from 32-bit livecd, non-PAE kernel is used even on systems that do support PAE. Because harware NX on x86 needs PAE, this effectively disables harware NX support and fallbacks to emulated NX (ExecShield), which is not optimal. Because the default download option is livecd (and i686), this potentially affects a lot of Fedora users.

When installing from DVD (non-live media), Anaconda detects if processor supports PAE and installs PAE kernel if it does.

Version-Release number of selected component (if applicable):

all Fedora releases

How reproducible:

Install Fedora from livecd.

Actual results:

non-PAE kernel is installed even on systems that do support PAE feature.


Expected results:

PAE kernel is installed on systems that do support PAE feature.
Comment 1 Chris Lumens 2012-03-20 12:54:25 UTC 
The problem here is that the live installer does not work on a per-package basis.  It takes a single image and blasts it onto the hard drive.  There's no provisions for adding or removing packages.  Thus, we have to use the lowest common denominator kernel here.  It's certainly not an ideal situation at all but given the design of the live installer, there's not really anything we can do.
Comment 2 Petr Matousek 2012-03-20 13:33:06 UTC 
(In reply to comment #1)
> The problem here is that the live installer does not work on a per-package
> basis.  It takes a single image and blasts it onto the hard drive.  There's no
> provisions for adding or removing packages.  Thus, we have to use the lowest
> common denominator kernel here.  It's certainly not an ideal situation at all
> but given the design of the live installer, there's not really anything we can
> do.

Aren't there any post-installation steps? Can't we add one more that is invoked on systems with PAE support that will either a) automatically do "yum install kernel-PAE" if there is networking connection and/or b) display a message that users are advised to install kernel-PAE whenever it is suitable for them because not using PAE kernel might have security consequences?
Comment 4 Eugene Teo (Security Response) 2012-03-26 07:18:15 UTC 
Chris?
Comment 5 Fedora End Of Life 2013-02-14 02:31:09 UTC 
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.