Rocky Linux BugTracker - Issues

0012376: security_policyvers() returns 33 but only policy.35 exists on disk

Thu, 02 Apr 2026 19:05:05 +0000

## Environment
- Rocky Linux 10.1
- libsepol-3.9-1.el10.x86_64
- sestatus: Max kernel policy version: 33
- Only policy.35 exists under /etc/selinux/targeted/policy/

## Problem
security_policyvers() returns 33, but no policy.33 file exists on disk. The only
installed binary policy file is policy.35. Software that locates the binary policy
by searching downward from security_policyvers() will never find it.

Confirmed: the internal binary version of policy.35 (read at offset 16 in the
policydb) is 35. sestatus still reports "Max kernel policy version: 33".

## Root Cause
Upstream libsepol defines POLICYDB_VERSION_MAX = 33. Rocky Linux 10.1 ships
policy.35, which uses a downstream policy format version (35) not present in
upstream libsepol. security_policyvers() reports the upstream ceiling (33),
creating a mismatch with the actual on-disk file version.

## Suggested Fix
Either:
1. Ship policy.33 as a compatibility symlink to policy.35, or
2. Update libsepol to expose POLICYDB_VERSION_MAX = 35 so that
security_policyvers() reflects the actual on-disk policy version.

## Additional Notes
- Rocky Linux 9.7 is unaffected: policy.33 on disk, internal version 33,
matches security_policyvers().
- Policy versions 34 and 35 do not appear in upstream libsepol source or
changelog — they appear to be downstream extensions.

0012344: AWS AMI support for AMD instances m8a, r8a, c8a

Tue, 31 Mar 2026 03:35:41 +0000

Rocky 9 and 10 AMIs on AWS don't seem to be available on the new AMD instance types m8a, r8a, c8a.
Sorry, not sure how to test this directly, but I guess it should work out of the box if enabled for the AMIs.
Many thanks for looking into this!

0012343: collectd write_riemann always crashing on Rocky 9.7

Mon, 30 Mar 2026 16:33:05 +0000

I'm getting stacktrace from collectd write_riemann plugin, which is using riemann-c-client, when collectd is trying to send metrics. I didn't have these issues before. Stacktrace details:

```
Process 4729 (collectd) of user 0 dumped core.
Stack trace of thread 4732:
#0 0x00007f52f075d5bd __strlen_avx2 (libc.so.6 + 0x15d5bd)
#1 0x00007f52f069c6c3 __strdup (libc.so.6 + 0x9c6c3)
#2 0x00007f52f05f991c riemann_event_set_va (libriemann-client.so.0 + 0x591c)
#3 0x00007f52f05f9e81 riemann_event_set (libriemann-client.so.0 + 0x5e81)
#4 0x00007f52f0813f6c wrr_value_to_event (write_riemann.so + 0x2f6c)
#5 0x00007f52f0814463 wrr_value_list_to_message (write_riemann.so + 0x3463)
#6 0x00007f52f0814bc3 wrr_write (write_riemann.so + 0x3bc3)
#7 0x000055a706ee4b9e plugin_write (collectd + 0x10b9e)
#8 0x000055a706ee6d85 fc_bit_write_invoke.lto_priv.0 (collectd + 0x12d85)
#9 0x000055a706ef23ff plugin_dispatch_values_internal.isra.0 (collectd + 0x1e3ff)
#10 0x000055a706ee01f7 plugin_write_thread (collectd + 0xc1f7)
#11 0x00007f52f068a19a start_thread (libc.so.6 + 0x8a19a)
#12 0x00007f52f070f210 __clone3 (libc.so.6 + 0x10f210)

Stack trace of thread 4738:
#0 0x00007f52f068ef6a __GI___pthread_mutex_unlock_usercnt (libc.so.6 + 0x8ef6a)
#1 0x000055a706ee1264 plugin_write_enqueue (collectd + 0xd264)
#2 0x000055a706ee1817 plugin_dispatch_values (collectd + 0xd817)
#3 0x00007f52f089f66f disk_submit (disk.so + 0x166f)
#4 0x00007f52f08a00a4 disk_read (disk.so + 0x20a4)
#5 0x000055a706ee44bc plugin_read_thread (collectd + 0x104bc)
#6 0x00007f52f068a19a start_thread (libc.so.6 + 0x8a19a)
#7 0x00007f52f070f210 __clone3 (libc.so.6 + 0x10f210)
```
I've reported this to riemann-c-client maintaner (https://git.madhouse-project.org/algernon/riemann-c-client/issues/17) and he suspects it's something either due to collectd or packaging. However, I'm running collectd 5.12.0 and riemann-c-client 1.10.4 on Debian 13 without any issue

Also, rieman-c-client might need update on Rocky as well.

0012180: Trusted Domain Authentication samba 4.22 Rocky 9.7

Tue, 24 Mar 2026 18:17:11 +0000

Samba 4.22.4-12.el9_7 doesn't seem to contain the regression anymore for CVE-2025-49716 netlogon hardening fix

- **OS**: Rocky Linux 9.7 (Blue Onyx)
- **Samba Version**: samba-4.22.4-12.el9_7.x86_64
- **Configuration**: Domain member server joined to DOMAIN-A.COM with forest transitive trust to DOMAIN-B.COM
- **idmap backend**: ad (for DOMAIN-B), sss (for DOMAIN-A)

After upgrading from Rocky Linux 9.6 (samba-4.21.3-14.el9_6) to Rocky Linux 9.7 (samba-4.22.4-12.el9_7), NTLM challenge/response authentication fails for users from the trusted domain DOMAIN-B.COM with `NT_STATUS_WRONG_PASSWORD`. Plaintext authentication works correctly.

[log.wb-DOMAIN-B] cm_connect_netlogon_transport: get_secure_channel_type gave SEC_CHAN_NULL for DOMAIN-B
[log.wb-DOMAIN-B] cli_rpc_pipe_open_noauth: opened pipe netlogon to machine DC01.domain-b.com and bound anonymously
[log.winbindd] lm_resp: DATA_BLOB length=0
[log.winbindd] nt_resp: DATA_BLOB length=0
[log.winbindd] result: NT_STATUS_WRONG_PASSWORD

No `netr_LogonSamLogon` calls found in logs - winbind not attempting netlogon authentication for trusted domain challenge/response.

0012310: kernels > 6.12.0-68.el10: data loss when using md raid1 with with writemostly flag

Mon, 23 Mar 2026 14:53:36 +0000

The current redhat kernels 6.12.0-124.40.1.el10_1 on EL10 and 5.14.0-611.36.1.el9_7 on EL9 contain a regression that leads to data-loss if a raid1 is configured with one disk flagged as writemostly.

The regression was introduced by this linux kernel commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8a0adf3d778c4a0893c6d34a9e1b0082a6f1c495

It was backported to EL10 and EL9:

EL10:
* Mon Mar 24 2025 Julio Faracco <jfaracco@redhat.com> [6.12.0-68.el10]
- md/raid1,raid10: don't ignore IO flags (Nigel Croxon) [RHEL-83951]

EL9:
* Thu Mar 27 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-576.el9]
- md/raid1,raid10: don't ignore IO flags (Nigel Croxon) [RHEL-83988]

The mainline kernel already contains a fix:

https://github.com/torvalds/linux/commit/743bf030947169c413a711f60cebe73f837e649f

However this fix didn't make it into redhat kernels yet.

0012211: SELinux regression in selinux-policy-42.1.7-1.el10_1.1 causes systemd AVC denial (init_t capability2 mac_admin) and breaks syste

Wed, 11 Mar 2026 13:26:37 +0000

After upgrading to selinux-policy-42.1.7-1.el10_1.1 on Rocky Linux 10.1, SELinux starts denying the mac_admin capability for systemd (init_t). This results in repeated AVC denials and causes system services to malfunction. In our environment this manifests as failures when managing services (for example via systemctl or automation tools such as Ansible).

Downgrading SELinux policy packages to 42.1.7-1.el10 resolves the issue immediately.

Working versions:

selinux-policy-42.1.7-1.el10.noarch
selinux-policy-targeted-42.1.7-1.el10.noarch
systemd-257-13.el10.rocky.0.1.x86_64
dbus-broker-36-4.el10.x86_64

Broken versions:

selinux-policy-42.1.7-1.el10_1.1.noarch
selinux-policy-targeted-42.1.7-1.el10_1.1.noarch

0012277: Legion Y9000P: AW88399 smart amp not working (driver not enabled, firmware missing, NVIDIA HDA conflict)

Wed, 11 Mar 2026 05:26:03 +0000

Hardware
Host: 83F4 (Legion Y9000P IAX10, 2025)
CPU: Intel(R) Core(TM) Ultra 9 275HX (24) @ 5.40 GHz
GPU 1: NVIDIA GeForce RTX 5060 Max-Q / Mobile [Discrete]
GPU 2: Intel Graphics @ 1.90 GHz [Integrated]
OS: Rocky Linux 10.1 (Red Quartz) x86_64
Kernel: Linux 6.12.0-124.38.1.el10_1.x86_64
Audio Driver: snd_hda_intel / snd-hda-codec-realtek
NVIDIA info:
pcp-pmda-nvidia-gpu-6.3.7-5.el10.x86_64
xorg-x11-drv-nvidia-cuda-libs-580.95.05-1.el10.x86_64
nvidia-modprobe-580.95.05-1.el10.x86_64
xorg-x11-drv-nvidia-libs-580.95.05-1.el10.x86_64
xorg-x11-drv-nvidia-kmodsrc-580.95.05-1.el10.x86_64
nvidia-settings-580.95.05-1.el10.x86_64
xorg-x11-drv-nvidia-power-580.95.05-1.el10.x86_64
xorg-x11-drv-nvidia-580.95.05-1.el10.x86_64
nvidia-persistenced-580.95.05-1.el10.x86_64
xorg-x11-drv-nvidia-cuda-580.95.05-1.el10.x86_64
kmod-nvidia-6.12.0-124.el10_1-580.95.05-1.el10.x86_64
akmod-nvidia-580.95.05-1.el10.x86_64
nvidia-gpu-firmware-20260130-19.3.el10_1.noarch

Problem Symptoms
Speaker output is sharp, tinny, distorted - completely unusable for normal audio.
Headphone jack may work normally (needs confirmation).
Kernel log continuously floods with spurious response errors.
Both "Speaker" and "Bass Speaker" controls appear in ALSA, but bass speaker produces distorted sound.
Root cause: AW88399 smart amplifier driver not present + firmware missing

Detail
Audio Components:
Codec: Realtek ALC287 (hardware ID: 0x10ec0287)
Marketing Name: Realtek ALC3306 (OEM rename by Lenovo, identical to ALC287)
Subsystem ID: 0x17aa3906 (Lenovo Y9000P specific)
Smart Amplifier: AWINIC AW88399 (confirmed by hardware design, but not detected in software)
Speaker Configuration: 4-speaker system (2 full-range + 2 woofers/subwoofers)

Reference:
Kernel Bug 216299 (https://bugzilla.kernel.org/show_bug.cgi?id=216299)
A solution for 6.18/6.19 (https://github.com/nadimkobeissi/16iax10h-linux-sound-saga)

0012245: dracut not detecting IMSM Intel Matrix FakeRAID Metadata Properly - RAID Array not assembling - /dev/rl_nv/root does not exist

Tue, 10 Mar 2026 18:34:57 +0000

In the latest version of Rocky Linux 9 (up-to-date with all packages via yum), complex Intel Matrix RAID (IMSM/DDF) setups often fail to assemble during early boot, dropping users into the dracut emergency shell. This happens on a Dell C1100 CS24-TY 1U server using Intel Matrix FakeRAID 10 with two different sized RAID arrays setup via the BIOS.

This is a recent change, as it used to work about 6 months or so ago.

I had to use this udev rule to get my RAID array to assemble and discover the lvm volumes:

ACTION==“add”, SUBSYSTEM==“block”, ENV{ID_FS_TYPE}==“ddf_member|isw_raid_member”, RUN+=“/usr/sbin/mdadm --assemble --scan --config=/etc/mdadm.conf”, RUN+=“/usr/sbin/lvm pvscan”, RUN+=“/usr/sbin/lvm vgchange -ay“

Dracut seemed to be getting stuck on detecting DDF metadata when it should have been using IMSM meta data. Something changed in the way dracut identifies the RAID array and discovers the LVM volumes.

More information on the issue has been provided in the forums here: https://forums.rockylinux.org/t/rocky-linux-9-7-wont-boot-post-kernel-upgrade-lvm-dev-rl-nv-root-does-not-exist-boots-fine-on-older-kernel/20103

[ 201.001156] az dracut-initqueue[680]: Warning: dracut-initqueue: starting timeout scripts
[ 201.531870] az dracut-initqueue[680]: Warning: dracut-initqueue: timeout, still waiting for following initqueue hooks:
[ 201.533263] az dracut-initqueue[680]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fdisk\x2fby-id\x2fmd-uuid-f1c6208c:90b871a1:d1e22cc3:b7a767f1.sh: "[ -e "/dev/disk/by-id/md-uuid-f1c6208c:90b871a1:d1e22cc3:b7a767f1" ]"
[ 201.534624] az dracut-initqueue[680]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fdisk\x2fby-id\x2fmd-uuid-f31c4352:b4bff910:3236e82b:1bcd48d5.sh: "[ -e "/dev/disk/by-id/md-uuid-f31c4352:b4bff910:3236e82b:1bcd48d5" ]"
[ 201.535721] az dracut-initqueue[680]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fmapper\x2frl_nv-root.sh: "if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then
[ 201.535721] az dracut-initqueue[680]: [ -e "/dev/mapper/rl_nv-root" ]
[ 201.535721] az dracut-initqueue[680]: fi"
[ 201.539285] az dracut-initqueue[680]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2frl_nv\x2froot.sh: "[ -e "/dev/rl_nv/root" ]"
[ 201.539285] az dracut-initqueue[680]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2frl_nv\x2fswap.sh: "[ -e "/dev/rl_nv/swap" ]"
[ 201.542192] az dracut-initqueue[680]: Warning: dracut-initqueue: starting timeout scripts
[ 201.542192] az dracut-initqueue[680]: Warning: Could not boot.
[ 201.566498] az systemd[1]: Starting Dracut Emergency Shell...
[ 201.584422] az systemd[1]: Received SIGRTMIN+21 from PID 682 (plymouthd).
[ 201.594483] az systemd[1]: Received SIGRTMIN+21 from PID 682 (plymouthd).
Warning: /dev/rl_nv/root does not exist
Warning: /dev/rl_nv/swap does not exist

0012244: postfix have remove hash and btree type support but in some case the default config still use btree type

Tue, 10 Mar 2026 18:15:23 +0000

sudo postconf |grep -E ' (btree|hash):'
address_verify_map = btree:$data_directory/verify_cache
postscreen_cache_map = btree:$data_directory/postscreen_cache

I you enable address_verify_map function or use for some config file btree type you get this error:

[root@s-virt-g10 tmp]# newaliases
postalias: warning: unsupported dictionary type: btree. Is the postfix-btree package installed?
postalias: fatal: unsupported map type: btree

But the package postfix-btree does not exist.

0012112: Raspberry Pi, Rocky Linux 10 image fails to boot on Pi-4 Model B

Wed, 04 Mar 2026 08:33:19 +0000

The image "Rocky-10-SBC-RaspberryPi.latest.aarch64.raw.xz" available as of 21-Feb-2026 as a download from the Rocky Linux website fails to boot on a Raspberry Pi-4 Model B with 8GB RAM when written to a 32GB SD-card.

At boot the Raspberry boot loader display is presented for approx. 500ms, followed by the colourful, rainbow-like, Raspberry splash screen. Nothing else is ever shown on the display and RL fails to boot. The Pi motherboard has two LED's. Red has continuous illumination, the green flashes seven times, pauses momentarily and then repeats the pattern.

The Rocky Linux 10 README for the Raspberry Pi image identifies that it has been tested (and presumably works) with a Pi 4:

"This image is always available at: https://dl.rockylinux.org/pub/rocky/10/images/aarch64/Rocky-10-SBC-RaspberryPi.latest.aarch64.raw.xz
They have been tested on Raspberry Pi 4 and 5.
Rocky Linux 10 WILL NOT WORK on a Raspberry Pi 1 or 2 (1.1 or earlier) as they are 32-bit only, and Rocky Linux only supports arm64 (aarch64).
Rocky Linux 10 WILL NOT WORK on a Raspberry Pi 3 due to lack of MBR on the images."

0012179: Security update for CVE-2025-14104 missing for Rocky 9.7 util-linux package

Tue, 03 Mar 2026 16:23:31 +0000

The security updates for CVE-2025-14104 were provided as following:

- el8: [util-linux-0:2.32.1-48.el8_10] via RHSA-2026:1852 (2026-02-04) <-- This was made available on 2026-02-05
- el9: [util-linux-0:2.37.4-21.el9_7] via RHSA-2026:1913 (2026-02-04) <-- Still missing (not the same as util-linux-0:2.37.4-21.el9)

The https://errata.rockylinux.org/RLSA-2026:1913 does not appear to denote the correct version for this security update. It references util-linux-0:2.37.4-21.el9 (which was released 2025-05-03 and does not contain the security fix in question (refer to additional information for first 10 lines of changelogs).

Can this security update be made available for the Rocky el9.7 release?

0012178: [Account Services] Data hash table of rotation spam in DMESG

Tue, 03 Mar 2026 14:29:43 +0000

Please update this package as sometimes it is nearly impossible find info directly in the dmesg
please refer to
https://github.com/systemd/systemd/commit/afc47ee2af456d12670df862457dcc7f6b864d79

0011287: cannot update to 9.7 from 9.6

Mon, 02 Mar 2026 01:08:26 +0000

I am trying to update from 9.6 to 9.7 and hitting an error which I want to run by you to see if you know it and what the best solution is. I don't understand enough to be able to know where your "try to add" suggestions of --allowerasing, --skip-broken, and/or --nobest is appropriate

0012079: 10.x devel repository mirrors not working

Thu, 26 Feb 2026 06:57:05 +0000

Enabling the "Devel" repository for 10.0 and 10.x fails. It stopped working sometime in the last couple of months or so.

A similar bug was previously reported for 9.x: https://bugs.rockylinux.org/view.php?id=3268

Note that this is in the context of building a custom Docker image within a GitHub Actions workflow, based on rockylinux/rockylinux from Docker Hub.

0012046: Rocky Linux Boot gives text full of squares on the console ( screen ) after the kernel update to Latest ( 4.18.0-553.104.1 )

Sat, 21 Feb 2026 18:26:29 +0000

We updated the kernel version from kernel-4.18.0-553.97.1.el8_10 to kernel-4.18.0-553.104.1.el8_10.

Then, Booting the rocky server gives white squares full on screen for few seconds.

Please let us know , if this issue is known or tracked , if tracked please give more details on it .

Thanks.

0012013: CVE-2025-7425 missing from Rocky8 errata

Mon, 16 Feb 2026 05:05:47 +0000

Was fixed some time ago in Redhat 8: https://access.redhat.com/security/cve/cve-2025-7425 (August 2025)
Rocky 9 has picked up the fix: https://errata.rockylinux.org/RLSA-2025:12447

Current builds show #12 27.72 libxml2 x86_64 2.9.7-21.el8_10.3 baseos 697 k

0011980: On Rocky Linux 9, perl-DBD-MySQL-4.053-1.el9.0.1.x86_64 has a hard runtime dependency on libmysqlclient.so.21

Sat, 07 Feb 2026 20:14:07 +0000

On Rocky Linux 9, perl-DBD-MySQL-4.053-1.el9.0.1.x86_64 has a hard runtime dependency on libmysqlclient.so.21 -
This makes perl-DBD-MySQL incompatible with Percona Server packages - (percona-server-shared) which obsolete mysql-libs.

On RHEL 9, perl-DBD-MySQL is available in a build (4.050-13.el9) which uses mariadb-connector-c and does not require libmysqlclient.so.21, and therefore works correctly with Percona Server.

As a result, percona-xtrabackup-84 cannot be installed on Rocky 9 when Percona Server is present, while the same setup works on RHEL 9.

Please consider rebuilding perl-DBD-MySQL on Rocky 9 against mariadb-connector-c (as in RHEL), or providing a compatible build as this differs from RHEL spec / behavior.

0011947: AWS & GCP NIC PMDs missing from RPM on ARM

Tue, 03 Feb 2026 09:01:08 +0000

On AWS the c7gn and c8gn are the most cost effective instance types to use with DPDK as a virtual network appliance and both use Graviton ARM cores. The current DPDK RPM only enables the ENA driver on x86-64 and not on ARM. Same issue with the GCP gve driver.

0011914: WSL Image Cannot Execute Windows Binaries By Default

Wed, 28 Jan 2026 20:22:30 +0000

After installing the Rocky 10 WSL image it cannot execute Windows binaries by default. Trying to do so will fail with the following error:

[user@host ~]$ ssh.exe
-bash: /mnt/c/WINDOWS/System32/OpenSSH/ssh.exe: cannot execute binary file: Exec format error

This is a known issue when systemd is enabled in a WSL issue and there is a resolution as seen here: https://serverfault.com/a/1141563

sudo sh -c 'echo :WSLInterop:M::MZ::/init:PF > /usr/lib/binfmt.d/WSLInterop.conf'
sudo systemctl restart systemd-binfmt

Given the WSL image enables systemd by default, it would be good to include the above file in the image. Failing that, it would be good to mention this in the documentation at https://docs.rockylinux.org/10/guides/interoperability/import_rocky_to_wsl/

0011881: The AWS marketplace AMIs of Rocky Linux 9 with LVM (Official) is outdated

Tue, 27 Jan 2026 07:34:10 +0000

Please update the AWS Marketplace offering of Rocky Linux 9 with LVM (Official) to current release 9.7. (https://rockylinux.org/news/rocky-linux-9-7-ga-release)

0011848: The AWS marketplace AMIs of Rocky 9 and 10 lack support for p4de instances while p4d instances are supported

Mon, 26 Jan 2026 10:40:22 +0000

Please add support for AWS EC2 p4de instances in AWS Marketplace. p4d instances are already supported, but p4de offers more GPU memory (80GB per GPU) which is required for some ML applications.

0011815: kernel-debuginfo-rpm for initial Rocky Linux 9.4 kernel (5.14.0-427.13.1) missing from official rocky repository

Thu, 22 Jan 2026 20:49:57 +0000

Hi:
The initial release of Rocky Linux 9.4 ships with the following kernel version:5.14.0-427.13.1.el9_4.x86_64
However, the corresponding kernel-debuginfo RPM for this exact kernel version is missing from the official Rocky Linux repository. I checked the official Rocky Linux 9.4 vault repository:https://dl.rockylinux.org/vault/rocky/9.4/BaseOS/x86_64/debug/tree/Packages/k/, In this directory, the lowest available kernel-debuginfo RPM version is: kernel-debuginfo-5.14.0-427.16.1.el9_4.x86_64.rpm. Because the debuginfo RPM matching the initial 9.4 kernel is missing, it is not possible to analyze vmcore files using the crash utility and vmlinux on systems running:

For comparison:
- Rocky Linux 9.3 provides kernel-debuginfo RPMs for its initial kernel release
- Rocky Linux 9.5 also provides kernel-debuginfo RPMs for its initial kernel release
Only Rocky Linux 9.4 appears to be missing the kernel-debuginfo RPM for its first released kernel version.

Please upload kernel-debuginfo-5.14.0-427.13.1.el9_4.x86_64. RPM in the official Rocky Linux repository

Thank you for your help.

0011782: liboath 2.6.12-1 doesn't work if usersfile contains $HOME or $USER

Tue, 20 Jan 2026 10:41:53 +0000

Dear Maintainer,

Due to CVE-2024-47191 liboath now drops privileges if the OTP token (the "usersfile" given in the pam configuration) is set to a path containing "$HOME" or "$USER".

The default lockfile location is "/var/lock/pam_oath.lock", which is writable only by root. On an OTP check, the process is to drop privileges, then ask for OTP, and if the OTP is okay to modify the "usersfile" (by creatting first an exclusive lock).

If the lock can"t be created, OTP fails.

I can specify a lockfile manually, but I can't use "$HOME" or "$USER" so each user's lockfile is independent from one user to another.

0011749: On Rocky Linux 10.1, the postfix package (postfix-3.8.5-8.el10.x86_64) was built against OpenSSL 3.2.x headers

Sun, 18 Jan 2026 16:20:47 +0000

### Summary
On Rocky Linux 10.1, the postfix package (postfix-3.8.5-8.el10.x86_64) was built against OpenSSL 3.2.x headers but at runtime uses OpenSSL 3.5.1, causing:

warning: run-time library vs. compile-time header version mismatch: OpenSSL 3.5.1 may not be compatible with OpenSSL 3.2.0

This warning appears each time SMTP/TLS is negotiated in Postfix logs.

0011716: System enters a boot loop when a systemd service uses StandardError=journal+console and writes to stderr.

Tue, 13 Jan 2026 16:05:15 +0000

If a systemd service file contains StandardError=journal+console and something is written to stderr, the system enters a boot loop. Occasionally, the system starts normally.
If the service file contains only StandardError=journal, the system starts normally.
I selected the “Kernel” category because this issue occurs only with the following kernel versions:

5.14.0-611.16.1.el9_7.x86_64
5.14.0-611.11.1.el9_7.x86_64

With kernel 5.14.0-570.52.1.el9_6.x86_64, everything works as expected.

I did not find anything useful in the log files, but "ipmitool sel list" shows the following output:

4c | 01/13/2026 | 13:40:17 | Processor #0x97 | IERR | Asserted
4d | 01/13/2026 | 13:40:17 | Critical Interrupt | Bus Uncorrectable error | Asserted
4e | 01/13/2026 | 13:40:17 | Processor | Configuration Error | Asserted

System:

Processor:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 143
model name : Intel(R) Xeon(R) Gold 5412U
stepping : 8
microcode : 0x2b000643
cpu MHz : 800.000
cache size : 46080 KB
physical id : 0
siblings : 48
core id : 0
cpu cores : 24
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 32
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cat_l2 cdp_l3 intel_ppin cdp_l2 ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local split_lock_detect user_shstk avx_vnni avx512_bf16 wbnoinvd dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req vnmi avx512vbmi umip pku ospke waitpkg avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq la57 rdpid bus_lock_detect cldemote movdiri movdir64b enqcmd fsrm md_clear serialize tsxldtrk pconfig arch_lbr ibt amx_bf16 avx512_fp16 amx_tile amx_int8 flush_l1d arch_capabilities
vmx flags : vnmi preemption_timer posted_intr invvpid ept_x_only ept_ad ept_1gb ept_5level flexpriority apicv tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid ple shadow_vmcs pml ept_violation_ve ept_mode_based_exec tsc_scaling usr_wait_pause notify_vm_exiting ipi_virt
bugs : spectre_v1 spectre_v2 spec_store_bypass swapgs eibrs_pbrsb bhi spectre_v2_user vmscape
bogomips : 4200.00
clflush size : 64
cache_alignment : 64
address sizes : 52 bits physical, 57 bits virtual
power management: