View Issue Details

IDProjectCategoryView StatusLast Update
0005083Rocky-Linux-9kernelpublic2023-12-21 02:51
ReporterChris C Assigned ToLouis Abel  
Status needinfoResolutionopen 
OSRocky LinuxOS Version9 
Summary0005083: 9.3 kernel-core fails to create /boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64 directory
DescriptionThis issue started for kernel 5.14.0-362.8.1, and has continued with 5.14.0-362.13.1. When updating kernel packages, installation of kernel-core fails to create the /boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64 directory. The following message is displayed during update:

"Running scriplet: kernel-core-5.14.0-362-13.1.el9_3.x86_64
cp: cannot open '/lib/modules/5.14.0-362.13.1.el9_3.x86_64/vmlinuz' for reading: Operation not permitted
grub2-mkrelpath: error: failed to get canonical path of '/boot/vmlinuz-5.14.0-362.13.1.el9_3.x86_64'.
dirname: missing operand
try 'dirname --help' for more information.

Verifying : kernel-core-5.14.0-362.13.1.el9_3.x86_64 1/2
Verifying : kernel-core-5.14.0-362.13.1.el9_3.x86_64 2/2
Installed products updated."

Only solution we have found is to reinstall coreutils, followed by reinstalling kernel-core. However, this needs to be completed multiple times before successfully creating /boot/vmlinuz directory. This happens on physical AND virtual machines.
There are no further errors listed in system logs. Secure Boot is enabled. SELinux disabled.
Steps To Reproducednf update

Error occurs.
Reinstall coreutils, followed by kernel-core. Rinse, repeat until successful.
Tagskernel, update


Akemi Yagi

Akemi Yagi

2023-12-18 19:39

reporter   ~0005347

I understand there was a SB-related issue with the latest kernel but this has been corrected. See this forum thread for details:
Louis Abel

Louis Abel

2023-12-18 20:19

administrator   ~0005348

Last edited: 2023-12-18 20:19

This doesn't appear to be secure boot related. The issue here seems to be that something is stopping /lib/modules from being copied (operation not permitted) to /boot. What would be helpful to know is what is installed on this system. For example, do you have some sort of antivirus software installed? Do you have anything configured that would change this standard behavior? Are you changing system installed files/scripts from the base operating system?

It may be helpful too to have an sos report to look at. Please run the following commands and attach the archive created.

dnf install sos
sos report --mask --alloptions

The --mask switch will obfuscate any sensitive system information.

Setting to needinfo.
Chris C

Chris C

2023-12-20 11:03

reporter   ~0005380

I am unable to provide an sos report due to the location of the system.
There is nothing special on the system I am testing this on. Trellix (formerly McAfee) Endpoint Security for Linux Threat Protection is installed. No other software outside of baseline. The system is a VM running in FIPS mode, with some weak ciphers disabled via a .pmod. Running in vSphere 8. OS installed as server with no GUI, and the following package groups installed: debugging, development, hardware-monitoring, performance, system-tools.
No issues with updates to our RHEL 9 systems. Only the Rocky 9s.
Louis Abel

Louis Abel

2023-12-21 00:02

administrator   ~0005381

If you are able to consistently reproduce this, I would recommend removing the antivirus software from your builds and attempt to update after. I have no way of reproducing your issue and so far we've not heard anyone else reporting this behavior. This is only to isolate the antivirus as the culprit.

With that said, the documentation for trellix does not show Rocky Linux 9.3 as certified/supported. If it turns out that trellix is the issue in this instance, I would reach out to your support contact with trellix to resolve the issue.

Issue History

Date Modified Username Field Change
2023-12-18 12:38 Chris C New Issue
2023-12-18 12:38 Chris C Tag Attached: kernel
2023-12-18 12:38 Chris C Tag Attached: update
2023-12-18 19:39 Akemi Yagi Note Added: 0005347
2023-12-18 20:19 Louis Abel Assigned To => Louis Abel
2023-12-18 20:19 Louis Abel Status new => needinfo
2023-12-18 20:19 Louis Abel Note Added: 0005348
2023-12-18 20:19 Louis Abel Note Edited: 0005348
2023-12-20 11:03 Chris C Note Added: 0005380
2023-12-21 00:02 Louis Abel Note Added: 0005381