On Wed, 16 May 2018, Neale Ferguson wrote: > The problem appears to be related to this message during the > build of the initramfs: > > error: Failed to initialize NSS library > > This left initrd.img in a less than stellar state.
The initrd [Initial Ram Disk] is generated into an appropriately sized, loop mounted file as part of the Anaconda image building process. The initrd has a filesystem laid down on it, and touching 'dracut' and 'grubby', which in turn pulls in a plethora of modules, for the udevd and friends. Also, and to their credit, Red Hat has drilled back the SELinux MAC enforcement back into this phase of a boot cycle as well Over on the Distributed side of the house, this makes it possible to go from TPM hardware security module protected, all the way to a running system, with strong Role Based controls all the way through. Some believe it to be less importent in a Mainframe, but I am no longer so convinced, based on the work by Chad Rikansrud and Phil Young I've pointed Neale at a couple of debugging candidates to look at. There has been a lot of recent churn and a coupld of CVE's at Red Hat on former 'Free IPA' and related security modules (NSS is such), and I suspect that the generation of this initrd is a bit fragile -- Russ herrold ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
