-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-8.8.0, rhel-8.10
-
grub2-2.02-157.el8_10
-
None
-
Low
-
rhel-sst-cs-bootloaders
-
ssg_display
-
3
-
False
-
-
None
-
None
-
If docs needed, set a value
-
-
All
-
None
Description of problem:
When updating the kernel, the new BLS snippet gets "module_object_t label:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
- ls -lZ /boot/loader/entries/
[...]
rw-rr-. 1 root root system_u:object_r:modules_object_t:s0 371 Jun 29 17:25 9d59a9f41c1642b196990576ac8b7846-4.18.0-477.15.1.el8_8.x86_64.conf
[...]-
-
-
-
-
-
- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
-
-
-
-
-
-
This is due to copying the "bls.conf" template from the kernel tree without using "-Z" option to "cp", as seen on line 94 of /usr/lib/kernel/install.d/20-grub.install:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
93 if [[ -f "${KERNEL_DIR}/bls.conf" ]]; then
94 cp -aT "${KERNEL_DIR}/bls.conf" "${BLS_TARGET}" || exit $?
95 else
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Note that RHEL9 implements a different fix using "restorecon", on idea why this complicated code is used:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
65 rm f "/boot/${i##*/}${KERNEL_VERSION}"
66 cp aT "$i" "/boot/${i##*/}${KERNEL_VERSION}"
67 command -v restorecon &>/dev/null && \
68 restorecon R "/boot/${i##*/}${KERNEL_VERSION}"
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Version-Release number of selected component (if applicable):
grub2-common-2.02-148.el8.noarch
How reproducible:
Always
Steps to Reproduce:
1. Install a new kernel
Actual results:
Improper context
Expected results:
Proper "boot_t" context
- external trackers
- links to
-
RHBA-2024:138853
grub2 update
