fix(fips-crypto-policies): improve check for module inclusion

Checking files under /etc in non-hostonly (generic mode) is
not recommended. Test files under /usr instead.

diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
index e41c7761e007bec8d10853f93520ac9aded182eb..e9e321497625f5022b2bcc17b5bf37e4bdc585a3 100755 (executable)
--- a/modules.d/01fips-crypto-policies/module-setup.sh
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -3,7 +3,7 @@
 # called by dracut
 check() {
     # only enable on systems that use crypto-policies
-    [ -d "$dracutsysrootdir/etc/crypto-policies" ] && return 0
+    [ -f "$dracutsysrootdir/usr/share/crypto-policies/default-fips-config" ] && return 0
 
     # include when something else depends on it or it is explicitly requested
     return 255