1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
/etc/sysconfig/kernel, which would lead to an incorrect kernel being set as the default in future updates. This would cause boot failure.
/etc/sysconfig/kernelnow updates correctly.
grub.conffile, virt-v2v assumed it was an i686 guest. This resulted in a converted guest that did not boot. virt-v2v now assumes an AMD64 or Intel 64 default architecture instead of i686.
/etc/securettyfile. Conversion without this file is now possible.
ControlSet001was always the current control set, even if
ControlSet001had been marked as failed. The correct control set is now detected, and the VirtIO block driver installed in the correct location.
auto. This made libvirt unable to start the guest. Disk type is now set explicitly based on source metadata or other detection methods.
0, even though conversion failed. The correct values are now returned.
/boot/grub/device.mapwith converted block device names in certain circumstances.
device.mapnow updates as expected.
C:\Tempdirectory because it created a
C:\tempdirectory without checking for file names that used alternative cases. virt-v2v now checks for case-sensitive file names before creating an appropriate temporary directory.
ovf:disk-interfacefield when converting for Red Hat Enterprise Virtualization. However, this produced an
ovffile that was not intelligible to Red Hat Enterprise Virtualization Manager. The disk-interface is now populated with correct enum values (
VirtIO), allowing Red Hat Enterprise Virtualization Manager to understand the ovf file.
raw. This combination is not supported when importing into a data center that uses block storage (fibre channel or iSCSI). virt-v2v can now convert storage format and allocation policy correctly. Additionally, customers can specify a format and allocation policy compatible with the target data center type by using the
-oacommand line options.
Can't locate object method "can_handle" via package "Sys::VirtV2V::Converter::RedHat" at /usr/share/perl5/vendor_perl/Sys/VirtV2V/Converter.pm line 121.
/etc/virt-v2v.conf. If you see the following error message when attempting to convert a Windows XP guest:
virt-v2v: No app in config matches os='windows' name='virtio' major='5' minor='1' arch='i386'
<app os='windows' major='5' minor='1' arch='i386' name='virtio'> <path>/usr/share/virtio-win/drivers/i386/WinXP</path> </app> <app os='windows' major='5' minor='1' arch='x86_64' name='virtio'> <path>/usr/share/virtio-win/drivers/amd64/WinXP</path> </app>
certmongerutility monitors certificate expiration and can refresh certificates with the CAs (Certifying Authorities) in networks that use public-key infrastructure (PKI).
certmongerservice failed to contact a CA, the subprocess that submitted the request became defunct. This occurred because the parent process did not read the subprocess status. With this update, the parent process reads the subprocess status and there is no defunct process after a CA contact failure.
ipa-getcertcommand with privileges that were insufficient for the system bus to allow it to communicate with the certmonger service. With this update, certmonger suppresses the original error message if a user-friendly message is available. The user can display both messages with the
ipa-getcert listcommand did not return any output if certmonger was not tracking any certificates. With this update, the command returns a message that the certificate list is empty.
certmongerdaemon could not execute some of its helper processes. The updated policy now allows certmonger to run these processes and the certmonger libraries create temporary files in a location that certmonger can access.
ipa-getcert requestcommand with the
-poption. This occurred because certmonger failed to detect reading errors in the file with the PIN and proceeded with an empty PIN value. With this update, such reading errors are logged and certmonger proceeded as if it had read an empty PIN value.
ipa-getcertcommand. As a consequence, the
certmongerdaemon runs its ipa-submit helper. The helper contacts the IPA server. Previously, if it received a fault message response from the server, it terminated with a segmentation fault and created a core dump; the installation failed. This happened because it attempted to dereference an uninitialized pointer while processing the fault message. With this update, the helper handles the fault message correctly and the enrollment process completes successfully.
getcertcommand with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.
resubmitcommand works as expected.
getcerttool terminated unexpectedly with a segmentation fault if the user issued the
getcert start-trackingcommand with changed values of the parameters Extended Key Usage, DNS, Email and Principal name. The command caused a buffer overflow in the
getcerttool because the internal buffer in the
getcertcommand was too small to hold four new values. This update enlarges the internal buffer of the command and the bug no longer occurs.
getcertcommands did not accept the location of a passphrase, which could provide the encrypted keying material and allow monitoring of an already-issued certificate or key pair. This update adds the
-Poptions to the
getcert start-trackingcommand, which allows the user to pass the utility a PIN either in a file or directly.
ipa-getcertcommand. This update adds the
--verboseoption to the command.
mount error(5): Input/output error
bt: read error: kernel virtual address: ffffffffff600000 type: "gdb_readmem_callback"
bt: cannot resolve stack trace: #0 [c09f1ef4] ia32_sysenter_target at c08208ce
multipathddaemon a command consisting only of spaces, the daemon terminated unexpectedly with a segmentation fault. With this update, the daemon is able to handle such commands and no longer crashes in this circumstance.
mpathconfcommand, the process could have failed. This happened when the user ran the command without any additional arguments due to a conflict of the environment variable
DISPLAYwith the program variable
DISPLAY. With this update, all variables are unset when the script is started and the
DISPLAYprogram variable is renamed. The environment variable
DISPLAYremains unchanged when the
mpathconfis issued and the command works as expected.
path_checkerfunction to determine the path state in such cases and the problem no longer occurs.
tgt_node_namevalue for iSCI devices. This occurred because multipath used the FC (Fibre Channel) path from the sysfs file system to obtain
tgt_node_namefor iSCI devices. With this update, multipath first tries to acquire the FC path. If it fails, it uses the iSCI target name for the device.
dev_loss_tmoto a value greater than 600 in
multipath.confwithout setting the
multipathddaemon failed to apply the setting. With this update, the
dev_loss_tmofor values over 600 correctly, as long as
fast_io_fail_tmois also set in the
multipath.conffile contained parameters with no value. This occurred because it was trying to acquire the string length of an optional value before verifying that a value was actually defined. With this update,
multipathdfirst checks if the value exists and the bug is fixed.
multipathdto fail all outstanding input/output. DM-Multipath now has a new default configuration for EMC Symmetrix arrays that queues input/output for up to 30 seconds if all paths are down and the problem no longer occurs.
multipathddaemon consumed excessive memory when iSCI devices were unloaded and reloaded. This occurred because the daemon was caching unnecessary
sysfsdata, which caused memory leaks. With this update,
multipathdno longer caches these data; it frees the data when the associated device is removed.
sysfsdevice file is removed and the
sysdevpath attribute is set to NULL. The
sysfsdevice cache is indexed by the actual
/sys/block/is a symlink. Prior to this update, if the path was deleted,
multipathdwas not able to find the actual directory, which
/sys/block/pointed to, and searched the cache. With this update,
multipathdverifies that sysdev has
NULLvalue before updating it.
multipathddaemon did not always remove the path
sysfsdevice from its cache. The daemon kept searching the cache for the device and created
sysfsdevices without the vecs lock held. Because of this, paths could have pointed to invalid
sysfsdevices and caused
multipathdto crash. The
multipathddaemon now always removes the
sysfsdevice from cache when deleting a path and accesses the cache only with the vecs lock held.
log_checker_erroption was added to the
multipath.confdefaults section. By default, the option is set to
alwaysand a path checker error is logged continuously. If set to
multipathdlogs a path checker error once at logging level
2. Any later errors are logged at level
3until the device is restored.
defaultssection of the
multipath.confman page implied that the settings defined in the section became default and overrode the implied settings. Since the HWTABLE cannot be overridden, the wording of the man page has been changed.
multipath.conffile. With this update, multipath prints warning messages that inform the user that the configuration files contains invalid or duplicate options and the bug is fixed.
initramfsfile system was not rebuilt when a new storage device was added to the system, the new device could have been assigned a
user_friendly_namesvalue that matched the
user_friendly_namesvalue already-assigned to another device. This device then stopped working correctly. The multipathd daemon now accepts a
-Boption, which makes the
user_friendly_namesbindings file read-only. When initramfs calls multipath with the
-Boption, devices without a binding to a user_friendly_names use their World Wide Identifier (WWID).
add mapmessages whenever it received a change uevent. In order not to clutter logs, multipathd now only prints
add mapmessages for the change uevents of the devices that are not yet monitored.
multipathddaemon could have terminated unexpectedly with a segmentation fault on a multipath device with the
path_grouping_policyoption set to the
group_by_priovalue. This occurred when a device path came online after another device path failed because the multipath daemon did not manage to remove the restored path correctly. With this update multipath removes and restores such paths correctly.
initramfsgenerator infrastructure based around udev. The
initramfsis loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.
mkinitrdalone does not override an existing
initramfsimage. When this is attempted, the message stated that the
--forceparameter should be used, but
mkinitrdonly supported the short version
-fof this parameter.
--forcewas added to
mkinitrdas the long version.
/etc/multipath/bindings. multipath uses this file in
initramfswhen creating devices during early boot, and in the root file system during normal operation. These files were not synchronized during
initramfscreation, which resulted in naming conflicts that prevented new multipath devices from being created after boot. To work around this, the bindings for the devices in
/etc/multipath/bindingsmust be included in the
initramfs. This can be done by running
/etc/multipathdirectory to the
ip=ibftparameter is specified on the kernel command line.
initramfs, if the host on which it was running had no multipath root device. multipath support is now added to the
initramfsdid not exclude those volumes and kept them busy. The udev rules in the
initramfswere updated to honor the
DM_UDEV_DISABLE_OTHER_RULES_FLAG, which fixes this issue.
initramfs, which resulted in all encrypted devices not being activated. The missing checksum files have been replaced, and this issue no longer occurs. Note however that the dracut-fips must be installed at
initramfswith user_friendly_names set, if it did not find existing mappings in
/etc/multipath/bindings, it created new mappings. These mappings could conflict with the user_friendly_names set in the normal filesystem's
/etc/multipath/bindingsfile. dracut now starts the multipathd daemon with the new
-Boption so that multipath treats the initial bindings file as read-only.
USE_BIOSDEVNAMEvariable in the
parse-biosdevname.shscript was not initialized correctly, which caused an unexpected operator error. This issue was discovered and corrected during development, and did not occur in any production system in the field.
--localparameter, or set the dracut base directory via the
dracutbasedirenvironment variable, dracut wrote its log to
/tmp/dracut.log, which could possibly allow local users to overwrite arbitrary files that were writable to the user running dracut, via a symlink attack. dracut now stores the logfile in
$HOME/dracut.log, when in
/var/log/dracut.logis not writeable.
/var/log/dracut.logfile was not created automatically, preventing dracut from writing its logs. dracut now creates its log files if they do not exist.
bootparameter did not work when the machine was booted in FIPS mode, resulting in numerous mount errors, failed FIPS integrity tests, and dracut refusing to continue. This issue has been corrected, and the
bootparameter can now be used to specify a boot device, as expected.
/bootmust reside on a non-encrypted, plain (no LVM or RAID) partition, which can be specified with
boot=<boot partition>as a boot option on the kernel command line.
fips.shscript did not wait for the boot drive to be created, which resulted in an error because the file system type did not exist yet. This has been corrected, and the script now waits for the boot drive to be identified.
fcoe=edd:dcbis specified on the kernel command line.
ifname=is not needed in this case.
rdinsmodpost=[module], which allows a user to specify a kernel module to be loaded after all device drivers are loaded automatically.
initramfs, adding support for FIPS-140.
Error: no partition information on disk [device]. Cowardly refusing to create a boot option.
libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported.
memmem()functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.
sqrtl, sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.
futex(FUTEX_WAKE_OP)method did not default to
FUTEX_WAKE_OPwas not supported by the kernel. This resulted in the method always failing on these systems. The code change in
glibc pthread_cond_signal()that caused this issue has now been corrected.
%_enable_debug_packageswas either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.
strchrdid not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and
strchrnow gives the expected output.
hwcap 1 nosegnegwas set in
/etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.
0for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.
strncmpmethod failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.
=~operators and the strings were thus matched as literal strings. However, they should be matched as regular expressions. With this update, the quotes were dropped and the strings are matched as regular expressions as expected.
/dev/rtcdevice even if it did not exist. With this update, initscripts verifies if the
/dev/rtcdevice exists before attempting to run the hwclock tool.
ifdowncommand could have failed to stop an NIC (Network Interface Controller) with a warning that the connection was unknown. This happened because, in some cases, the function, which verifies whether the NIC is managed by NetworkManager, returned an incorrect result. With this update, the function returns the correct result and the
ifdowncommand stops the NIC correctly.
/directory, the system could have failed to remount the root directory as a read-only file system on shutdown. This occurred because the script attempted to remount the defined bind mount instead of the root directory. With this update, the root directory is remounted successfully.
serial.conffiles have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.
tty.conffile contained a comment with a typographical mistake (
"sepcified"). With this update, the word is spelled correctly (
0. With this update, this tag value is allowed.
/etc/sysconfig/clockfile did not document where the user can configure whether the hwclock tool should be using the local time or UTC (Coordinated Universal Time). This update adds comments documenting the setting location into the
/etc/ppp/ip-up.ipv6to4scripts used the incorrect alias
ipv6_exec_ipand failed to bring up the routes. This update modifies the scripts so that they uses the
ipcommand and the routes are now brought up as expected.
DEVICETYPEvariable was calculated incorrectly. This happened because the calculation preserved the period (
.) sign in the device name. This could have caused failure of the
ifdown-ibscripts. With this update,
DEVICETYPEis resolved correctly.
kdumpservice is disabled in runlevel 1, the script freed the memory reserved for
kdump. After the user changed from runlevel 1 to runlevel 3, which has
kdumpenabled, the system had set reserved memory size to 0 and
kdumpfailed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.
shmmax(maximum size of a shared memory segment) and
shmall(maximum size of the total shared memory) values. However, the values vary depending on the system architecture. This update provides the settings of these values for various architectures.
#) signs, which were forbidden in such names. With this update, interface names can contain hash (
#) signs and the problem no longer occurs.
.) signs used by the sysctl device, which were delimiting the paths, and the period (
.) signs used by VLANs, which were delimiting IDs. This caused that all sysctl calls to the VLAN interfaces failed. With this update, when calling a sysctl device, initscripts substitutes the periods in its name with forward slash (
/) signs and the sysctl calls to a VLAN interface succeed.
MASTERin double quotes (for example, as
"bond0"). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.
ifdowncommand could have failed to stop a bridge device with a warning that the connection was unknown. This happened because the function, which verified whether the device is managed by
NetworkManager, returned an incorrect result. With this update, the function returns a correct result and the
ifdowncommand stops the bridge device correctly.
ethprefix followed by digits. If the user provided a name, which did not follow these requirements, the interface could not be started or stopped. With this update, the user can provide a custom name and the interface can be operated correctly.
/etc/mdadm.conffile existed and could have failed if mdadm was not installed. With this update, the script first verifies if the mdadm tool is installed and only then runs its binary.
brcm_iscsiuiousage message displayed in response to the
brcm_iscsiuio --helpcommand contained two unsupported options:
--pid. The man page omitted five supported options:
--version. The unsupported options have been removed from the usage message, and all supported options have been added to the
iscsiadmusage message displayed in response to the
iscsiadm --helpcommand omitted 24 supported options. Additionally, the
iscsiadmman page omitted one supported option (
--host) and contained one unsupported option (
--info). These errors have now been corrected.
--portalargument when in "node" mode. This resulted in failure, because iscsiadm expected the value returned during discovery as the value for
--portal. iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.
ipip_init()function in the
ipipmodule, and in the
ipgre_init()function in the
ip_gremodule, could be called before network namespaces setup is complete. If packets were received at the time the
ip_gremodule was still being loaded into the kernel, it could cause a denial of service. (CVE-2011-1767, CVE-2011-1768, Moderate)
mmap()call with the
/dev/zerowould create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2479, Moderate)
lost+founddirectory on a file system with inodes of size greater than 128 bytes and reusing inode 11 for a different file caused the extended attributes for inode 11 (which were set before a
umountoperation) to not be saved after a file system remount. As a result, the extended attributes were lost after the remount. With this update, inodes store their extended attributes under all circumstances.
i_nlinkvalue to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
cgroupfsfile system due to the way security checks were applied to the new cgroupfs inodes during the
mountoperation. With this update, the security checks applied during the mount operation have been changed so that they always succeed, and the
cgroupfsfile system can now be successfully mounted and used with the MLS SELinux policy. This issue did not affect systems which used the default
mpt2sasdriver could occur on an IBM system using a drive with SMART (Self-Monitoring, Analysis and Reporting Technology) issues. This was because the driver was sending an SEP request while the kernel was in the interrupt context, causing the driver to enter the sleep state. With this update, a fake event is not executed from the interrupt context, assuring the SEP request is properly issued.
queue_mappingvalue was not properly decremented because the VLAN devices called the physical devices via the
ndo_select_queuemethod. This update removes the multiqueue functionality, resolving this issue.
netif_set_real_num_tx_queues()function which prevented an increment of the real number of TX queues (the
real_num_tx_queuesvalue). This update adds the missing code; thus, resolving this issue.
scan_dispatch_logfunction to ensure the dispatch log has been allocated.
acvariable could be changed after
cache_alloc_refill()and the following
kmemleak_erase()function could receive an incorrect pointer, causing kernel panic. With this update, the
acvariable is updated after the
isr_ackvariable), a virtual guest could become unresponsive when migrated while being rebooted. With this update, the said variable is properly initialized, and virtual guests no longer hang in the aforementioned scenario.
intel_iommu=onboot option. With this update, the underlying source code of the
intel-iommudriver has been modified to resolve both of these problems. A forced flush is now used to avoid the lazy use after free issue, and extra checks have been added to avoid the erroneous reference removal.
mmapsystem call on the AMD64 architecture could return a pointer which appeared to be of value
negativeeven though pointers are normally of unsigned values. This resulted in the
successfield being incorrect. This patch fixes the success field for all system calls on all architectures.
prot->obj_sizepointer had to be adjusted in the
proto_registerfunction. Prior to this update, the adjustment was done only if the
alloc_slabparameter of the
proto_registerfunction was not
0. When the
0, drivers performed allocations themselves using
sk_allocand as the allocated memory was lower than needed, a memory corruption could occur. With this update, the underlying source code has been modified to address this issue, and a memory corruption no longer occurs.
/proc/diskstatsfile showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the
in_flightvalue for the second partition. However, at the completion of the merge request, the
in_flightvalue of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.
kprobe(a dynamic instrumentation system), and enhances the performance of SystemTap.
setup_arg_pages()in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a
BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate)
raw_release()functions in the Linux kernel's Controller Area Network (CAN) implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate)
cifs_close()function in the Linux kernel's Common Internet File System (CIFS) implementation. A local, unprivileged user with write access to a CIFS file system could use this flaw to cause a denial of service. (CVE-2011-1771, Moderate)
bnadriver control path state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.
ixgbedriver to use the kernel's generic routine to set and obtain the DCB (Data Center Bridging) priority. Without this fix, applications could not properly query the DCB priority.
%pformat specifier (which is used to show the memory address value of a pointer).
bfadriver) has been upgraded to version 22.214.171.124. Additionally, this update provides the following two fixes:
release_firmware()function not being called after the
request_firmware()function. Similarly, the firmware download interface has been fixed and now works as expected.
bfaI/O control state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.
/proc/sys/fs/leases-enable(ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.
disk = [ 'file:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
disk = [ 'tap:aio:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
NMI watchdog disabled for cpu1: unable to create perf event: -2
JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.
ACPI Error: Illegal I/O port address/length above 64K: 0x0000000000400020/4 (20090903/hwvalid-154) ACPI Exception: AE_LIMIT, Returned by Handler for [SystemIO] (20090903/evregion-424) ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L09] (Node ffff8800797cd298), AE_LIMIT ACPI Exception: AE_LIMIT, while evaluating GPE method [_L09] (20090903/evgpe-568)
Unable to handle kernel paging request for data at address 0x00000468 Oops: Kernel access of bad area, sig: 11 [#1]
NMI: IOCK error (debug interrupt?)
tracecommand has been replaced with the
scriptcommand. Users should now use the
kexecfastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the
/sbin/kexecbinary and ancillary utilities that form the user-space component of the kernel's
kdumpcrash recovery service allows users to specify a raw device (that is, a raw disk or partition) as a target location for core dumps. Previously, when a kernel crash occurred and a core dump was written to such a raw device,
kdumpwas unable to retrieve it after a reboot. With this update, the corresponding init script has been updated to search the configured raw device for the presence of a core dump upon the service startup. Now, when the
kdumpservice is started and a core dump is found on the raw device, the init script retrieves it and creates a proper
vmcorefile in a local file system.
kdump.conf(5) manual page did not provide a description of the
blacklistdirective. This update corrects this error, and the
blacklistdirective is now included in the “OPTIONS” section of the
kdump.conf(5) manual page as expected.
kdumpcrash recovery service were presented to a user in the original English version. This update corrects this error, and the Kdump section of the firstboot application no longer contains untranslated strings.
/etc/modprobe.d/modprobe.conffile caused the utility to stop responding. With this update, this error no longer occurs, and mkdumprd now works as expected.
kdumpservice did not take into account the value of the
pathoption in the
/etc/kdump.confconfiguration file, and always saved the
vmcorefile to the
/var/crash/directory. This update adapts the corresponding init script to ensure that
kdumpuses the directory specified in the configuration.
kdumpservice to store core dumps over a network on a system that used channel bonding or bridging caused the mkdumprd utility to display the following error message on the service startup:
Netmask is missed!
kdumpcrash recovery service is unable to operate in Xen environment. With this update, an attempt to start
kdumpin such an environment fails with the “Kdump is not supported on this kernel” message.
/etc/kdump.confconfiguration file contains the following line:
#core_collector cp --sparse=always
/bin/cpin the initial RAM disk (that is, by using the
extra_binsdirective) would cause the
kdumpcrash recovery service to fail. This update corrects this error, and the above line is now followed by
ml_INlanguage code), certain keyboard shortcuts on the Kdump screen did not work. This update corrects the Malayalam translation of the firstboot application, and all shortcuts can now be used as expected.
ml_INlanguage code), the first paragraph on the Kdump screen contained an incorrect string. This update adapts the Malayalam translation of the firstboot application, and the Kdump screen is now translated correctly.
kdumpservice on a system with a large amount of memory (that is, 1TB and more) caused
kdumpto terminate unexpectedly with a segmentation fault. With this update, the underlying source code has been adapted to address this issue, and
kdumpno longer crashes
kdumpmay have failed to resolve an IP address when storing a core dump to a remote server. This update corrects this error, and
kdumpno longer fails.
kdumpcrash recovery service failed to start on IBM System x3850 X5 machines. This update applies an upstream patch that extends the size of kcore ELF headers. Now,
kdumpcan be started on such machines as expected.
kdumpservice to store core dumps to a remote machine over the
SSHprotocol and changing the core collector to
cpcaused it to name core dump files
vmcore.flat, even when the
SCP(Secure Copy) protocol was used. This update corrects this error, and
kdumpnow only uses the
.flatfile extension when the makedumpfile utility is used as the core collector.
kdump, the screen of the firstboot application incorrectly displayed the Enable kdump? check box as selected, but did not allow a user to change it. This error has been fixed, and the Enable kdump? check box is no longer displayed when the
kdumpservice cannot be configured.
Insufficient memory to configure kdump!
kdumpis not running before displaying this message.
initrd). This update adapts mkdumprd to use the
/boot/directory in this case. As a result, mounting the root partition as a read-only file system no longer renders mkdumprd unable to create an initial RAM disk.
kdumpcrash recovery service unable to recognize the disk drive. This update adapts the mkdumprd utility to ignore disk drive firmware revisions, and
kdumpnow works as expected.
kdumpis unable to save core dumps to certain HP Smart Array Controllers that use these drivers. This update ensures that the
kdumpservice is disabled on such controllers.
crashkernelkernel parameter (such as
crashkernel=4G-:256M) caused the firstboot application to terminate unexpectedly during the configuration of
kdump. This update applies a patch to address this issue, and firstboot no longer crashes.
ru_RUlanguage code) of the firstboot application, the first paragraph on the Kdump screen incorrectly contained the
—string. This update corrects this error, and the Kdump section of the firstboot application is now translated correctly.
makedumpfile -Vcommand caused the makedumpfile utility to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that removes
-Vfrom the list of supported command line options, and running the above command no longer causes makedumpfile to crash.
kdumpservice to store core dumps to a raw device caused it to display a message similar to the following when a kernel crash occurred:
kill: cannot kill pid 887: No such process
kdumpno longer display the above error message upon a kernel crash.
kdumpservice recovers the dump file at next startup. Previously, an attempt to use this configuration without the
core_collectoroption specified in the configuration file caused
kdumpto fail to recover the core dump. With this update, the underlying source code has been adapted to use the makedumpfile utility by default, and
kdumpis now able to recover core dumps as expected.
kdumpcrash recovery service, a dialog box appears and prompts a user to reboot the system in order for the changes to take effect. Previously, closing this dialog box by clicking the button had the same effect as clicking , and incorrectly initiated the system restart. This error no longer occurs, and clicking the button now only closes the dialog box as expected.
kdumpservice may have failed to create a core dump with the following error:
readmem: Can't read the dump memory(/proc/vmcore). Cannot allocate memory
kdumpno longer fails to store the core dump.
tmpfsfile system, rendering the
kdumpservice unable to start in a diskless environment. With this update, the underlying source code has been adapted to allow the use of the
tmpfsfile system, so that
kdumpis now able to start on diskless nodes as expected.
-doption) set to
31may have caused the utility to fail. This update applies a patch that addresses this issue, and makedumpfile now works as expected.
--override-resettableoption. This allows system administrators to start the
kdumpservice on otherwise unsupported devices, such as HP Smart Array Controllers that use the
kdumpcrash recovery service was unable to find an LVM device identified by a universally unique identifier (UUID). Consequent to this, when a system crashed,
kdumpmay have failed to write a core dump to such a device. This update fixes this error, and
kdumpnow locates LVM devices according to their UUIDs as expected.
umount-allcommands are considered incompatible. Mount points created with the
mkmountpointcommand become invalid after the
umount-allcommand is used. This is now documented in the guestfish man page. Customers should note that it is possible to safely unmount devices that were mounted with
mkmountpointby using the
vlan=...options in the qemu package are deprecated. To avoid relying on these deprecated options, libguestfs now uses the
vfs-typecommand could not determine the type of a file system newly created by guestfish. This occurred because the
vfs-typecommand tried to read the type from a cache file (
blkid.c) that had not yet been updated. The cache file is now deleted between file system creation and attempting to read the file system type, resulting in updated file system information for
$HOMEvariable was not set, guestfish did not expand a path containing
~(tilde) into a path to the user's home directory. Guestfish now examines the current user's
passwdfile for the location of the user's home directory so that a path containing
~can be expanded correctly.
umask. This has been corrected, and guestfish commands that return integers now return them in the natural radix for that number.
get-e2uuidcommand retrieved file system UUIDs via
tune2fs -l. This failed on journaling block devices (JBDs) and other devices that were not second, third or fourth extended file systems (ext2, ext3 or ext4).
get-e2uuidhas been reimplemented so that it retrieves UUIDs via
tune2fs -l, resolving this issue. However, since the
get-e2uuidcommand has been deprecated, customers are advised to retrieve UUIDs with the
virt-lsat the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as
#and space. You may need to quote or escape these characters on the command line. See the shell manual page
virt-list-filesystemsat the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as
#and space. You may need to quote or escape these characters on the command line. See the shell manual page
checksumcommand contained a file descriptor that was not closed properly in an error path. If the
checksumcommand resulted in an error, this would later prevent the file system from being unmounted with either
umount-all. The file descriptor is now closed properly on the error path, so an error in
checksumno longer causes problems unmounting file systems.
/etc/fstabof a guest machine contained a reference to a floppy disk (
/dev/fd0), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/fd0
/etc/fstabof a guest machine contained a reference to a CD-ROM drive (
/dev/hdc), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/hdc
virt-filesystemscommand failed when used against a guest which had a missing or corrupt file system label. This command has been updated to handle guest file systems with missing or corrupt file system labels.
/etc/fstabdid not exist, the
guestfish -icommand failed with a "No such file or directory" error. In the event of missing devices, guestfish now completes, and reports that some file systems could not be mounted.
libguestfs: trace:) is now added to the beginning of each line of the trace output so that it can be easily distinguished and filtered out of logs with the
grepcommand or similar.
virt-make-resize. This reference should have been to the virt-make-fs tool. The man page has been corrected.
set-tracecommand was not prepared to handle all possible error conditions. This resulted in a segmentation fault when attempting to handle several conditions. The command now handles trace errors separately, so the segmentation fault no longer occurs.
/etc/fstabof a guest machine contained a reference to a virtio disk (
/dev/vda1), virt-inspector printed a warning and ignored the virtio disk. The warning has been suppressed, and virtio disks are now recognized by virt-inspector.
libvirtlibrary to upstream version 0.8.7, fix a number of bugs, and add various enhancements and new features are now available for Red Hat Enterprise Linux 6.
CHANGELOGfile installed to
/usr/share/doc/libvirt-0.8.7when the updated package is installed.
virDomainSetMemory()setting, making it impossible to set a hard limit on guest memory consumption. New
virDomainSetMemoryParametersmethods have been introduced to allow users to fine-tune and enforce memory limits.
downtimesetting is increased. However, libvirt was sending an incorrectly formatted request to increase the
downtimesetting of a guest. This update corrects the format of this request to assist in live migration completion.
virsh managedsave dom) even if it failed to restore and start the domain using that file. This caused data loss. The managed state file is now removed only if the restore operation succeeds.
%postscript (part of the libvirt-client package) started the
libvirt-guestsservice even when the service was explicitly turned off. The
libvirt-guestsservice is no longer started when explicitly turned off.
virsh vcpuinfoor setting up virtual CPU pinning on a host machine that used NUMA,
virsh vcpuinfoshowed the incorrect number of virtual CPUs. Virtual CPU pinning could also fail because libvirt reported an incorrect number of CPU sockets per NUMA node. Virtual CPUs are now counted correctly.
/var/lib/libvirtdirectory to change when a system was upgraded. With this update, correct permissions are assigned to the aforementioned directory.
<boot>element has been introduced, which can be used to specify the exact order of boot devices.
dnsmasqwith the correct options so that these statically configured addresses are properly served to the guests.
virsh freecellcommand could be run with an invalid (non-integer) argument without error, and the free memory for node 0 would still be printed. The validity of the argument is now checked, and an error message is now printed when an invalid value is detected.
virsh detach-interfacecommand was used on a domain with multiple NICs, but a particular MAC address was not specified with
--mac, virsh detached the first interface without error. The
--macoption is now required where a domain has multiple NICs, and an appropriate error message has been added.
virsh attach-disk, virsh set
phyas the driver value by default. Because this value is not supported everywhere, the disk did not persist over domain shutdown, and could prevent domain startup. This update corrects virsh behavior such that the driver value is not set if it is not provided by the user.
setvcpuscommands resulted in unknown errors. More useful error messages have been added to this command.
authdata caused unrelated data to be overwritten, which caused a crash in libvirt. The error has been corrected, and
authcan now be set without issue.
stp-enableparameters. The string is no longer freed prematurely, and in the event of a problem with these parameters, users receive a specific error message.
openssl x509 -in clientcert.pem -text). This command has been replaced with the following command, which gives more helpful, accurate output:
certtool -i --infile /etc/pki/libvirt/clientcert.pem
--alloption has been added to the
virsh freecellcommand to allow the command to iterate across all nodes instead of forcing users to run the command manually on each node.
virsh freecell --allwill list the free memory on all available nodes.
virshdocumentation has been updated to clarify usage of the
virshdocumentation has been updated to remove references to the deprecated
virshdocumentation for the
setmaxmemsub-commands has been updated to correct and expand the information available for these sub-commands.
libvirtd. Access it with the
luciattempted to run the luci init script, the service failed to start and a traceback was written to standard error. With this update, the init script has been corrected to terminate with exit code 4 in this case.
luci.loglog file. This error has been fixed, and luci now correctly displays “Unknown fence device type” when an unknown or unsupported fence device is encountered.
DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
cluster.confconfiguration file or shut down the clustering on the nodes. This update corrects this error, and users are now allowed to completely destroy a whole cluster by selecting all of its nodes and clicking the Delete button.
riccidaemon encountered an error, previous version of luci did not present this error to a user and displayed a generic error message instead. In order to make it easier to determine the cause of such errors, this update adapts luci to display the error messages reported by
fence_scsifrom being unfenced at boot time. With this update, the underlying source code has been adapted to provide this functionality, and users are now allowed to configure unfencing from the user interface.
No nodes from this cluster could be contacted. The status of this cluster is unknown.
nodenameparameter for the
fence_scsifence agent correctly. This update corrects this error, and the
nodenameparameter is now handled properly.
fence_egenerafence agent correctly. With this update, the underlying source code has been modified to address this issue, and the username for
fence_egenerais now handled correctly.
luci.loglog file. This error no longer occurs, and users are now allowed to configure such nodes as expected.
AttributeError: 'ClusterNode' object has no attribute 'getID'
OracleInstanceresource agents has been added.
riccidaemon on an interface different from the one that is used for the cluster communication.
fence_cisco_ucsfence agent has been added.
fence_rhevfence agent has been added.
fence_brocadeto the list of supported fence agents.
request failed: error reading the headers
PKCS#11module interface used a wrong object type which caused it to return an object with an invalid
CKA_CERTIFICATE_TYPEattribute. With this update, the softokn
PKCS#11module interface uses the correct object type.
IPv6is enabled caused it to enter a loop in the test part of the rebuild. With this update, the selfserv test tool has been modified to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients.
certutil -Hcommand was missing the
-Woption (which changes the password to a key database). With this update, the
-Woption has been added to the help page.
pk12utilcommand) did not work for private keys placed in the
/etc/pki/nssdb/directory due to permission restrictions. This update addresses this issue, and the
nss-sysinitmodule now enables the root user to import private key.
This Connection is Untrusted.error even though the web page had a valid security certificate. With this update, this issue has been fixed and visiting the specific web site no longer returns SSL errors.
PKCS#8encoded PEM (Privacy Enhanced Mail) RSA private key files could not be read by nss and resulted in an error when being imported. With this update, nss correctly handles the aforementioned files.
pkcs11.txtfile, it took the current
umask(user mask) into an account. However, if run with restrictive
pkcs11.txtfile could be created with permissions that did not allow non-privileged users to read it. This could cause nss-sysinit to remain disabled even when it was intended to be enabled. With this update, the permissions of the
pkcs11.txtfile are changed at the end of the run of the setup-nsssysinit.sh script, fixing this issue.
%verify(not md5 size mtime)declarations have been added to the configuration files.
OpenLDAPcommand and using the LDAPTLS_CACERTDIR variable to pass in an arbitrary directory containing other directories caused the command to abort because OpenLDAP tried to pass down the directory as a file. With this update, specified files that are directories are properly rejected in the aforementioned case.
PayPalEE.certcertificate expired on Oct 31, 2010, which caused the nss package to fail to build. This update prolongs this expiration date of this certificate, and the nss package no longer fails to build.
Error parsing *roff command from file /usr/share/man/man8/nslcd.8.gz
README.nssfile. This update adds the file to the documentation.
crm_standby not available, check your installation
AttributeError: 'PackageKitYumBase' object has no attribute 'prerepoconf'
ERROR: pam_pkcs11.c:334: no suitable token available
ERROR: pam_pkcs11.c:445: open_pkcs11_login() failed: Login incorrect