View Issue Details
|0005083: 9.3 kernel-core fails to create /boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64 directory
|This issue started for kernel 5.14.0-362.8.1, and has continued with 5.14.0-362.13.1. When updating kernel packages, installation of kernel-core fails to create the /boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64 directory. The following message is displayed during update:
"Running scriplet: kernel-core-5.14.0-362-13.1.el9_3.x86_64
cp: cannot open '/lib/modules/5.14.0-362.13.1.el9_3.x86_64/vmlinuz' for reading: Operation not permitted
grub2-mkrelpath: error: failed to get canonical path of '/boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64'.
dirname: missing operand
try 'dirname --help' for more information.
Verifying : kernel-core-5.14.0-362.13.1.el9_3.x86_64 1/2
Verifying : kernel-core-5.14.0-362.13.1.el9_3.x86_64 2/2
Installed products updated."
Only solution we have found is to reinstall coreutils, followed by reinstalling kernel-core. However, this needs to be completed multiple times before successfully creating /boot/vmlinuz directory. This happens on physical AND virtual machines.
There are no further errors listed in system logs. Secure Boot is enabled. SELinux disabled.
|Steps To Reproduce
Reinstall coreutils, followed by kernel-core. Rinse, repeat until successful.
I understand there was a SB-related issue with the latest kernel but this has been corrected. See this forum thread for details:
This doesn't appear to be secure boot related. The issue here seems to be that something is stopping /lib/modules from being copied (operation not permitted) to /boot. What would be helpful to know is what is installed on this system. For example, do you have some sort of antivirus software installed? Do you have anything configured that would change this standard behavior? Are you changing system installed files/scripts from the base operating system?
It may be helpful too to have an sos report to look at. Please run the following commands and attach the archive created.
dnf install sos
sos report --mask --alloptions
The --mask switch will obfuscate any sensitive system information.
Setting to needinfo.
I am unable to provide an sos report due to the location of the system.
There is nothing special on the system I am testing this on. Trellix (formerly McAfee) Endpoint Security for Linux Threat Protection is installed. No other software outside of baseline. The system is a VM running in FIPS mode, with some weak ciphers disabled via a .pmod. Running in vSphere 8. OS installed as server with no GUI, and the following package groups installed: debugging, development, hardware-monitoring, performance, system-tools.
No issues with updates to our RHEL 9 systems. Only the Rocky 9s.
If you are able to consistently reproduce this, I would recommend removing the antivirus software from your builds and attempt to update after. I have no way of reproducing your issue and so far we've not heard anyone else reporting this behavior. This is only to isolate the antivirus as the culprit.
With that said, the documentation for trellix does not show Rocky Linux 9.3 as certified/supported. If it turns out that trellix is the issue in this instance, I would reach out to your support contact with trellix to resolve the issue.
|Tag Attached: kernel
|Tag Attached: update
|Note Added: 0005347
|=> Louis Abel
|new => needinfo
|Note Added: 0005348
|Note Edited: 0005348
|Note Added: 0005380
|Note Added: 0005381