Some docs claimed that values in certain config files would be
overwritten, when they would actually be overridden.
Override: a file is not modified but its contents are superseded by
something else. (configurations set in
/etc/dracut.conf.d/*.conf override configurations set in
/etc/dracut.conf)
Overwrite: a file is modified or its contents replaced by an action
(use dracut --force to overwrite the existing initramfs)
Tong Li [Wed, 30 Nov 2016 09:05:57 +0000 (17:05 +0800)]
95ssh-client: attempt to copy UserKnownHostsFile to kdump's initramfs
Bug related to this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1360131
Now dracut only attempts to copy GlobalKnownHostsFile while generating kdump's
initramfs. This method will cause kdump's failure if users set customized
UserKnownHostsFile in /etc/ssh/ssh_config. This patch simply attempts to copy
those files too while going through /etc/ssh/ssh_config. Note that we need to
make sure ~/foo will be copied as /root/foo in kdump's initramfs.
Xunlei Pang [Thu, 3 Nov 2016 11:30:41 +0000 (19:30 +0800)]
99base: add memtrace-ko.sh to debug kernel module large memory consumption
The current method for memory debug is to use "rd.memdebug=[0-3]",
it is not enough for debugging kernel modules. For example, when we
want to find out which kernel module consumes a large amount of memory,
"rd.memdebug=[0-3]" won't help too much.
A better way is needed to achieve this requirement, this is useful for
kdump OOM debugging.
The principle of this patch is to use kernel trace to track slab and
buddy allocation calls during kernel module loading(module_init), thus
we can analyze all the trace data and get the total memory consumption.
As for large slab allocation, it will probably fall into buddy allocation,
thus tracing "mm_page_alloc" alone should be enough for the purpose(this
saves quite some trace buffer memory, also large free is quite unlikey
during module loading, we neglect those memory free events).
The trace events include memory calls under "tracing/events/":
kmem/mm_page_alloc
We also inpect the following events to detect the module loading:
module/module_load
module/module_put
Since we use filters to trace events, the final trace data size won't
be too big. Users can adjust the trace buffer size via "trace_buf_size"
kernel boot command line as needed.
We can get the module name and task pid from "module_load" event which
also mark the beginning of the loading, and module_put called by the
same task pid implies the end of the loading. So the memory events
recorded in between by the same task pid are consumed by this module
during loading(i.e. modprobe or module_init()).
With these information, we can record the rough total memory(the larger,
the more precise the result will be) consumption involved by each kernel
module loading.
Thus we introduce this shell script to find out which kernel module
consumes a large amount of memory during loading. Use "rd.memdebug=4"
as the tigger.
After applying this patch and specifying "rd.memdebug=4", during booting
it will print out something extra like below:
0 pages consumed by "pata_acpi"
0 pages consumed by "ata_generic"
1 pages consumed by "drm"
0 pages consumed by "ttm"
0 pages consumed by "drm_kms_helper"
835 pages consumed by "qxl"
0 pages consumed by "mii"
6 pages consumed by "8139cp"
0 pages consumed by "virtio"
0 pages consumed by "virtio_ring"
9 pages consumed by "virtio_pci"
1 pages consumed by "8139too"
0 pages consumed by "serio_raw"
0 pages consumed by "crc32c_intel"
199 pages consumed by "virtio_console"
0 pages consumed by "libcrc32c"
9 pages consumed by "xfs"
From the print, we see clearly that "qxl" consumed the most memory.
This file will be installed as a separate executable named "tracekomem"
in the following patch.
Also change <= N to < N+1. For example, dracut-029-1 > dracut-029, so would not
get obsoleted properly. This all applies to old versions, so doesn't make much
difference in practice, so just fix it to avoid c&p duplication of the bad
pattern in the future.
Stefan Berger [Tue, 25 Oct 2016 19:09:49 +0000 (15:09 -0400)]
dracut-install: preserve extended attributes when copying files
Preserve extended attributes when copying files using dracut-install.
The copying of extended attributes avoids file execution denials when
the Linux Integrity Measurement's Appraisal mode is active. In that mode
executables need their file signatures copied. In particular, this patch
solves the problem that dependent libaries are not included in the
initramfs since the copied programs could not be executed due to missing
signatures. The following audit record shows the type of failure that
is now prevented:
Stefan Berger [Thu, 13 Oct 2016 20:49:43 +0000 (16:49 -0400)]
98integrity: support validating the IMA policy file signature
IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
David Disseldorp [Mon, 10 Oct 2016 14:27:47 +0000 (16:27 +0200)]
dracut.sh: support --tmpdir as a relative path
Dracut changes working directory before attempting to output files under
$DRACUT_TMPDIR , resulting in an IO failure if $DRACUT_TMPDIR is a path
relative to the working directory when dracut was started.
Fixes: https://github.com/dracutdevs/dracut/issues/156 Signed-off-by: David Disseldorp <ddiss@suse.de>
Dan Fuhry [Thu, 25 Aug 2016 21:13:52 +0000 (17:13 -0400)]
livenet: support nfs:// urls in livenet-generator
This is a further improvement on PR #105 which re-adds support for nfs:// urls to root=live:nfs://... Symptoms prior to applying this patch are that sysroot.mount times out when following the nfs:// syntax for the path to the live image. An additional case is added to livenet-generator to support the nfs protocol.