The work is tracked in LU-20071
<https://jira.whamcloud.com/browse/LU-20071> for the RHEL 9.8 and there
is a patch. Haven't tested it myself.
You need RHEL 9.8 to get a kernel that fixes all the known root
escalation security issues. So I agree that we are in a bit of a limbo
until an RHEL 9.8 LTS version of Lustre is ready. However, I think Alma
did a special security kernel for RHEL 9.7. I know Rocky did.
On 01/06/2026 19.16, Peter Jones via lustre-discuss wrote:
So do I understand correctly that your concern is that:
1.
there are vulnerabilities in RHEL 10.2 that also affect RHEL 10.1
but there are no updates for RHEL 10.1 once RHEL 10.2 is GA
2.
RHEL 10.x is not supported by the current Lustre LTS branch (2.15.x)
If so, the good news is that we expect to have a newly designated LTS
branch in the near future that will support RHEL 10.x clients.
Longer term, there are efforts to get Lustre into the upstream kernel,
which would completely eliminate any of these issues.
In the meantime, if you are ever in the position of wanting to move to
kernel versions ahead of formal support being available, my
recommendation would be to experiment with a limited number of clients
(perhaps even just one) before rolling out across all the clients.
*From: *David Cohen <[email protected]>
*Date: *Monday, June 1, 2026 at 8:41 AM
*To: *Peter Jones <[email protected]>
*Cc: *lustre-discuss <[email protected]>
*Subject: *Re: [lustre-discuss] RHEL 9.8 and 10.2 support
Hi Peter,
For the EL 10.1 client I was using version 17.0 which was the only
version to support EL 10. After upgrading to EL 10.2 the client lost
the storage mount.
I'm not updating the EL9.7 clients, not to risk losing the storage
mount. They are running the 2.15 LTS Lustre.
On the servers I am still using the 2.15 version on EL 8.10 as I
prefer to use the LTS version, and there is no LTS server support
beyond EL 8.10.
This complex matrix just emphasizes how much Lustre is a
restrictive factor for upgrades.
David
On Mon, Jun 1, 2026 at 4:48 PM Peter Jones
<[email protected]> wrote:
David
Could you please clarify what version of Lustre you are using
today for both servers and clients? Also, are you using ldiskfs or
ZFS as the backend filesystem?
Peter
*From: *David Cohen <[email protected]>
*Date: *Sunday, May 31, 2026 at 8:25 PM
*To: *Peter Jones <[email protected]>
*Cc: *lustre-discuss <[email protected]>
*Subject: *Re: [lustre-discuss] RHEL 9.8 and 10.2 support
Hi Peter,
The new kernel presented with EL 10.2 presents changes preventing
DKMS from recompiling Lustre modules.
There is even a Jira ticket following the issue since the beta,
highlighting the security fixes in the new kernels.
https://jira.whamcloud.com/browse/LU-20070
David
On Mon, Jun 1, 2026 at 12:19 AM Peter Jones
<[email protected]> wrote:
David
Could you please elaborate as to what you feel is missing
today? Lustre clients are patchless, so I would expect that if
a security update is issued for a given supported release of
RHEL that users would just apply the kernel update and weak
updates would take care of the rest with no need to get any
updates to Lustre...
Peter
*From: *lustre-discuss
<[email protected]> on behalf of David
Cohen via lustre-discuss <[email protected]>
*Date: *Sunday, May 31, 2026 at 5:31 AM
*To: *lustre-discuss <[email protected]>
*Subject: *[lustre-discuss] RHEL 9.8 and 10.2 support
Hi,
With the latest critical kernel vulnerabilities, updates are
no longer optional.
This puts Lustre on the critical path for cluster security.
Is there a plan to address this necessity by releasing Lustre
client versions outside of the half a year cycle to support
the new kernels?
David
_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
