- If the "/boot/" directory was not on a separate file system, dracut called the sha512hmac utility with a file name prefixed with "/sysroot/boot". Consequently, sha512mac searched for the file checksum in "/boot/", returned errors, and dracut considered the FIPS check to have failed. Eventually, a kernel panic occurred. With this update, dracut uses a symlink linking "/boot" to "/sysroot/boot", sha512mac can now access files in "/boot/", and FIPS checks now pass, allowing the system to boot properly in the described scenario.
- Previously, dracut incorrectly displayed that it loaded SELinux even if SELinux was disabled in the config file and "selinux=0" was not specified on the kernel command line. As a consequence, an error message could confuse the user when booting the system. With this update, the dracut utility is modified and the error message no longer appears.
- Due to an error in the dracut module script, the system could fail to find the root volume if a static IP address was specified. As a consequence, the system did not boot. With this update, the error is corrected, and the system is able to boot with a static IP address.
- When mounting the root device over the NFS (Network File System) protocol, the /var/lib/rpcbind directory created by initramfs was world-writable. The dracut tool has been modified to generate initramfs which now sets the ownership to the rpc user and the group.
- When auto-assembling an md RAID device, initramfs used an invalid parameter when calling the mdadm tool. This prevented the system from booting if the root device was on the RAID device. The invalid parameter has been removed and the system now boots properly.
- When auto-assembling an md RAID device, an error in the mdraid_start.sh script prevented the system from booting if the root device was on the RAID device. The error in the script has been fixed and the system now boots correctly.
- Prior to this update, the /var/lib/nfs/prc_pipefs partition could not be accessed on system boot. The problem occurred when booting the system with NFS set as the root partition with at least one separate /var partition. This was caused by initramfs mounting the /var partition over the existing rpc_pipefs partition. The initramfs file system now mounts entries in /etc/fstab.sys, which fixes the problem.
- The dm-mod and dm-crypt kernel modules were missing from the list of kernel modules, which are pre-loaded for the FIPS-140 check. These modules have been added to the list with this update.
- When loading SELinux from inside initramfs, the output of the SELinux commands could be garbled if the user used non-Latin locales. The initramfs file system has been modified to turn off localization for the SElinux commands, which results in readable messages.
- The QLogic qla4xxx iSCSI driver and the iSCSI (Internet Small Computer System Interface) transport layer now support iSCSI boot from Storage Area Network (SAN) using the iscsistart. With this update, dracut is modified to support these changes.
- If the user installed a system with rootfs on a RAID device where RAID members were encrypted, dracut failed to assemble the RAID device on reboot. As a consequence, the system did not boot. A patch has been applied to address this issue, and the RAID device is now assembled on every boot so that the system boots successfully.
- When applying SELinux labels for /dev in initramfs, the restorecon tool did not alter the MCS/MLS label only types. To fix this problem, the "-F" option has been added to all calls of restorecon.
- Prior to this update, the boot process timed out for network settings with DHCP involved. A patch has been applied to extend the timeout interval if DHCP is involved, which fixes the problem.
- This update adds support for iSCSI (Internet Small Computer System Interface) partial offload functionality for certain Broadcom network devices.
- This update adds the dracut-fips-aesni subpackage. Note that the package should be installed when using the aesni-intel module in FIPS mode.
- This update adds support for Logical Volume Management (LVM) mirror devices to serve as root devices. Additionally degraded mirrors are used after a certain timeout if the other half cannot be found at booting time.
- This update adds support for configuring an interface with automatic IPv6 and DHCP over IPv4 by using the "ip=[interface]:dhcp,auto6" command line parameter.
- With this update, the Broadcom FCoE (Fibre Channel over Ethernet) offload driver is now supported.
- When sourcing dracut modules, dracut did not check whether the "install" script for the module exists and is executable. Therefore, if the script was missing, an attempt to execute the script failed. As a consequence, dracut did not execute the "installkernel" script, and the module was not included in the initramfs image. This problem has been fixed, dracut now performs the check and only executes the "install" script when it exists. Then, the "installkernel" script is correctly executed and the module is installed in the initramfs image.
- Previously, dracut did not correctly handle a situation when booting a system with a degraded RAID array. In such a case, the initial RAM disk image (initramfs) was not able to start the array and the system did not boot. With this update, the initramfs forces the array to start and the system now boots as expected.