01fips: modprobe failures during manual module loading is not fatal

Users might see

"modprobe: FATAL: Module xyz not found in directory"

The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.

It now reads "Module xyz not found in directory"

Reference: bsc#1169997

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 8fba135b2f026c4caae982a01de32c21dea9eed5..37cde0c0592130c7392d0a12db8e6b703765e9c0 100755 (executable)
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -69,6 +69,14 @@ do_rhevh_check()
     return 0
 }
 
+nonfatal_modprobe()
+{
+    modprobe $1 2>&1 > /dev/stdout |
+        while read -r line || [ -n "$line" ]; do
+            echo "${line#modprobe: FATAL: }" >&2
+        done
+}
+
 fips_load_crypto()
 {
     FIPSMODULES=$(cat /etc/fipsmodules)
@@ -77,7 +85,7 @@ fips_load_crypto()
     mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak
     for _module in $FIPSMODULES; do
         if [ "$_module" != "tcrypt" ]; then
-            if ! modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
+            if ! nonfatal_modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
                 # check if kernel provides generic algo
                 _found=0
                 while read _k _s _v || [ -n "$_k" ]; do