Blame SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch

073af0
From 3b8a1ec6c400a4e5af0f7f5889b360d2ed16f572 Mon Sep 17 00:00:00 2001
073af0
From: Jonathan Lebon <jonathan@jlebon.com>
073af0
Date: Tue, 3 Dec 2019 21:36:40 -0500
073af0
Subject: [PATCH] libpriv/kernel: add cap_mknod to dracut run
073af0
073af0
A lot of history with this. But essentially, dracut tries to `mknod` a
073af0
few character devices like `/dev/random` and `/dev/urandom` and fails.
073af0
073af0
We originally blocked `cap_mknod` because, well, `%post` scripts don't
073af0
really need to do that, and it would get wiped anyway. But there is a
073af0
use case for dracut's CPIO: we want `/dev/*random` to be available in
073af0
early boot *before* systemd even mounts `devtmpfs` because libgcrypt as
073af0
part of its constructor-time selftests in FIPS mode wants to read from
073af0
there.
073af0
073af0
For more fun, see:
073af0
https://bugzilla.redhat.com/show_bug.cgi?id=1778940
073af0
https://bugzilla.redhat.com/show_bug.cgi?id=1401444
073af0
https://bugzilla.redhat.com/show_bug.cgi?id=1380866
073af0
---
073af0
 src/libpriv/rpmostree-kernel.c | 6 ++++++
073af0
 1 file changed, 6 insertions(+)
073af0
073af0
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
073af0
index 2bea504c..a7fffcb6 100644
073af0
--- a/src/libpriv/rpmostree-kernel.c
073af0
+++ b/src/libpriv/rpmostree-kernel.c
073af0
@@ -564,6 +564,12 @@ rpmostree_run_dracut (int     rootfs_dfd,
073af0
       rpmostree_bwrap_bind_read (bwrap, "usr", "/usr");
073af0
     }
073af0
 
073af0
+  /* Need to let dracut create devices like /dev/urandom:
073af0
+   * https://bugzilla.redhat.com/show_bug.cgi?id=1778940
073af0
+   * https://bugzilla.redhat.com/show_bug.cgi?id=1401444
073af0
+   * https://bugzilla.redhat.com/show_bug.cgi?id=1380866 */
073af0
+  rpmostree_bwrap_append_bwrap_argv (bwrap, "--cap-add", "cap_mknod", NULL);
073af0
+
073af0
   if (dracut_host_tmpdir)
073af0
     rpmostree_bwrap_bind_readwrite (bwrap, dracut_host_tmpdir->path, "/tmp/dracut");
073af0
 
073af0
-- 
073af0
2.23.0
073af0