From da4c9a950f339f2e87a021f7d060bf7ac07f4f00 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Mon, 6 Jul 2020 14:47:28 +0200
Subject: [PATCH] 01fips: modprobe failures during manual module loading is not
fatal
Users might see
"modprobe: FATAL: Module xyz not found in directory"
The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.
It now reads "Module xyz not found in directory"
Reference: bsc#1169997
---
modules.d/01fips/fips.sh | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 8fba135b..37cde0c0 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -69,6 +69,14 @@ do_rhevh_check()
return 0
}
+nonfatal_modprobe()
+{
+ modprobe $1 2>&1 > /dev/stdout |
+ while read -r line || [ -n "$line" ]; do
+ echo "${line#modprobe: FATAL: }" >&2
+ done
+}
+
fips_load_crypto()
{
FIPSMODULES=$(cat /etc/fipsmodules)
@@ -77,7 +85,7 @@ fips_load_crypto()
mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak
for _module in $FIPSMODULES; do
if [ "$_module" != "tcrypt" ]; then
- if ! modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
+ if ! nonfatal_modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
# check if kernel provides generic algo
_found=0
while read _k _s _v || [ -n "$_k" ]; do