dracut-004-336.AXS4.2

dracut is a new, event-driven initramfs infrastructure based around udev.

Security issues fixed with this release:

• CVE-2012-4453
dracut.sh in dracut creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

Fixed bugs:

• Added the previously missing mkinitrd(8) man page.

• Previously, specification of the original logical volume name (rd_LVM_LV) was required when booting an LVM snapshot. The dracut utility now calls the "lvchange" command with the "--yes" option, which makes booting LVM snapshots more intuitive.

• Previously, initramfs could contain stale symbolic links because the dracut utility copied them without following every redirection. This has been fixed.

• Previously, when setting up crypto devices, the dracut utility failed to take into account all parameters of the /etc/crypttab file and options and file names in /etc/crypttab had no effect in initramfs. This has been fixed.

• dracuts now starts the iSCSI service regardless of the network configuration parameters on the kernel command line, so that it is possible to boot with iSCSI even on systems that do not need a network configuration.

• Previously, if the user set GREP_OPTIONS while calling yum or running dracut, grep did not work correctly with dracut. dracut now unsets GREP_OPTIONS and user settings prior to running.

• Previously, the multipath configuration file was always included in the initramfs, even if the root device was not a multipath device. As a result, the administrator had to update initramfs before rebooting when changing the multipath configuration. This has been fixed and dracut only inculdes the multipath configuration if the root device is a multipath device. The configuration can also be split:
   – /etc/multipath-root.conf
   – /etc/multipath-root/*
   – /etc/xdrdevices-root.conf
These files will be used in initramfs as follows:
   – /etc/multipath.conf
   – /etc/multipath/*
   – /etc/xdrdevices.conf

• When using the Red Hat Enterprise Virtualization Hypervisor packaging of the kernel on a live image, booting an installation in FIPS mode now checks the correct kernel image and if the checksum is correct, the system continues to boot in FIPS mode.

• Dracut now includes the xhci-hcd driver in initramfs, and the system is able to boot from USB 3.0 disks.

• Previously, if the "biosdevname=1" parameter had not been specified on the kernel command line, the dracut utility disabled biosdevname network interface renaming on all machines. Consequently, on Dell machines, interfaces used in initramfs did not have automatic biosdevname names, even though biosdevname interface renaming was active later in the boot process. With this update, dracut only disables biosdevname if the parameter is set to "0". For non-Dell machines, biosdevname now renames interfaces only if "biosdevname=1" is specified on the kernel command line, and Dell machines have biosdevname named interfaces in initramfs.

• Previously, it took too long to activate Fibre Channel over Ethernet (FcoE) on a 10GBaseT Twin Pond adapter and the fipvlan utility called by dracut would time out. To fix this, fipvlan is now called with a 30 seconds waiting time.

• Previously, when running the ldd tool, the dracut utility output could end up in the standard error output. This has been fixed and cat error messages are now hidden in this case.

• Previously, systems with encrypted disks cound not boot succesfully in FIPS mode. This has been fixed: the dracut utility now copies all the needed files in the initramfs and the system boots successfully.

• Previously, when booting live ISO images in FIPS mode, dracut searched for the checksum file of the kernel image in the wrong place and boot failed. This has been fixed.

Enhancements

• Added the /etc/system-fips file marker when the dracut-fips rpm package is installed to provide a stable file location for FIPS,a s required by the National Institute of Standards and Technology (NIST).

• Added support for bonding of network interfaces in initramfs

Format: bond=<bondname>[:<bondslaves>:[:<options>]]

Refer to the "modinfo bonding" command for more help.

• It is now possible to turn off the multipath device mapper if the multipath dracut module is included in the initramfs with the newly added rd_NO_MULTIPATH kernel command line option.