Re: [OS-BUILD PATCHv2] redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64
From: Coiby Xu on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1227#note_620171333 @dzickusrh Yes, the pipeline has now passed with !1225 and new added CONFIG_KEXEC_SIG_FORCE files. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2] redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64
From: Coiby Xu on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1227#note_620170683 Thanks! Pipeline has now passed. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCHv2] redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64
From: Coiby Xu redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64 Enable KEXEC_SIG for s390x and x86_64 which is already enabled in RHEL8. Note when building .src.rpm, process_configs.sh would error on unset config options. So CONFIG_KEXEC_SIG_FORCE files are added as well. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1976835 Signed-off-by: Coiby Xu diff --git a/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG @@ -0,0 +1 @@ +CONFIG_KEXEC_SIG=y diff --git a/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG_FORCE b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG_FORCE new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG_FORCE @@ -0,0 +1 @@ +# CONFIG_KEXEC_SIG_FORCE is not set diff --git a/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG @@ -0,0 +1 @@ +CONFIG_KEXEC_SIG=y diff --git a/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG_FORCE b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG_FORCE new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG_FORCE @@ -0,0 +1 @@ +# CONFIG_KEXEC_SIG_FORCE is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1227 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH] redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64
From: Coiby Xu redhat/configs: enable KEXEC_SIG which is already enabled in RHEL8 for s390x and x86_64 Enable KEXEC_SIG for s390x and x86_64 which is already enabled in RHEL8. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1976835 Signed-off-by: Coiby Xu diff --git a/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG @@ -0,0 +1 @@ +CONFIG_KEXEC_SIG=y diff --git a/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG @@ -0,0 +1 @@ +CONFIG_KEXEC_SIG=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1227 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat: add secureboot CA certificate to trusted kernel keyring
From: Justin M. Forbes on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1235#note_620063642 Acked-by: Justin M. Forbes (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat: add secureboot CA certificate to trusted kernel keyring
From: Herton R. Krzesinski on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1235#note_620062047 Acked-by: Herton R. Krzesinski (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/0] [redhat] Generate a crashkernel.conf for each kernel build
From: Herton R. Krzesinski on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1171#note_620028875 The MR here is acked and seems ready, so should be merged soon. Once merged, I believe I'll be able to sync this to rhel9 once 5.14-rc1 is released and if there are no problems in building etc. with it, may be next week we can get it in. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: enable IMA_ARCH_POLICY for aarch64 and s390x
From: Mark Salter on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1216#note_619899381 Acked-by: Mark Salter (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: enable IMA_ARCH_POLICY for aarch64 and s390x
From: Philipp Rudo on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1216#note_619897346 @bmeneg I'm no longer the partner engineer for s390. Please direct s390 specific questions to @cimbrend in the future. Thanks. Having that said, the patch looks good to me and I would approve it if I weren't struggling with missing permissions at the moment... ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: Enable CONFIG_MLXBF_GIGE on aarch64
From: Mark Langsdorf on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1222#note_619894661 Acked-by: Mark Langsdorf (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: Enable CONFIG_MLXBF_GIGE on aarch64
From: Mark Salter on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1222#note_619893420 Acked-by: Mark Salter (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv3] mod-denylist.sh: Change to denylist
From: Justin M. Forbes on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1185#note_619892597 So we didn't think our plan all the way through here. While this change is good, it is incomplete. Specifically, dracut needs to be changed to (for a time at least) handle both blacklist and denylist. Until this is done, we can't actually use the /etc/modprobe.d/*-denylist.conf Files. I am going to revert this change for now and we can add it back when it can be properly used. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: disable {IMA,EVM}_LOAD_X509
From: Jerry Snitselaar on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1234#note_619858052 Acked-by: Jerry Snitselaar (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCH] redhat/configs: enable IMA_ARCH_POLICY for aarch64 and s390x
From: Jerry Snitselaar on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1216#note_619856522 Acked-by: Jerry Snitselaar (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH] redhat: add secureboot CA certificate to trusted kernel keyring
From: Bruno Meneguele
redhat: add secureboot CA certificate to trusted kernel keyring
This patch is a forward-port from what we already have in RHEL-8 kernels and
should also be done in RHEL-9 to avoid unexpected failures on customers.
Add the secure boot key certificate to the trusted kernel keyring
(.builtin_trusted_keys) to allow the placement of the kernel signing key
(shipped with the distro) in other kernel trusted keyrings, i.e. .ima
trusted keyring.
The need for adding the secure boot CA cert in the trusted kernel keyring
exists only for arches without UEFI support which don't support adding certs
to .platform_keyring and, consequently, can't add our own kernel image
signing key to trusted keyrings.
The biggest usage of that is for loading signed kernel images during
kexec/kdump process in arches that depends on the IMA infrastructure to
check the signatures, which has the ability to verify appended signatures
instead of the UEFI PE format. Said arches are PowerPC and S390X.
Cc: Justin M. Forbes
Cc: Herton R. Krzesinski
Cc: Patrick Talbert
Signed-off-by: Bruno Meneguele
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -1422,6 +1422,10 @@ done
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
cat rheldup3.pem rhelkpatch1.pem > ../certs/rhel.pem
+%ifarch s390x ppc64le
+openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem
+cat secureboot.pem >> ../certs/rhel.pem
+%endif
for i in *.config; do
sed -i
's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@'
$i
done
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1235
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2] netfilter: Add deprecation notices for xtables
From: Don Zickus on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1226#note_619772408 @psutter1 - Can you wrap this change with CONFIG_RHEL_DIFFERENCES so that it doesn't affect Fedora? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH] redhat/configs: disable {IMA,EVM}_LOAD_X509
From: Bruno Meneguele
redhat/configs: disable {IMA,EVM}_LOAD_X509
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1977529
This option was enabled by mistake (from my own part): this is only used for
allowing the option {IMA,EVM}_X509_PATH to be set with a specific path in
the system pointing to a valid X509 certificate, specific built for the
integrity subsystem. It turns out that we don't have such certificate and am
not sure it's going to be used anytime soon. In RHEL-8 we've allowed trusted
certificates to the integrity subsystem using the secure boot CA and the
certs used for the kernel build.
With these options set we have the following two error lines in dmesg:
integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
Signed-off-by: Bruno Meneguele
diff --git a/redhat/configs/ark/generic/CONFIG_EVM_LOAD_X509
b/redhat/configs/ark/generic/CONFIG_EVM_LOAD_X509
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/ark/generic/CONFIG_EVM_LOAD_X509
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_EVM_LOAD_X509=y
diff --git a/redhat/configs/ark/generic/CONFIG_IMA_LOAD_X509
b/redhat/configs/ark/generic/CONFIG_IMA_LOAD_X509
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/ark/generic/CONFIG_IMA_LOAD_X509
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_IMA_LOAD_X509=y
diff --git a/redhat/configs/ark/generic/CONFIG_IMA_X509_PATH
b/redhat/configs/ark/generic/CONFIG_IMA_X509_PATH
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/ark/generic/CONFIG_IMA_X509_PATH
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1234
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
[Test Week] Fedora Linux Kernel 5.13 2021-07-11 through 2021-07-18
Hey All, I would like to invite all of you to participate in the Kernel 5.13 Test week, which is happening from 2021-07-11 to 2021-07-18. It's fairly simple, head over to the wiki [0] and read in detail about the test week and simply run the test case mentioned in[1] and enter your results. As usual, the Fedora QA team will hang out at #fedora-test-...@libera.chat for question and discussion. [0] https://fedoraproject.org/wiki/Test_Day:2021-07-11_Kernel_5.13_Test_Week [1] https://testdays.fedoraproject.org/events/115 -- //sumantro Fedora QE TRIED AND PERSONALLY TESTED, ERGO TRUSTED ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/0] [redhat] Generate a crashkernel.conf for each kernel build
From: Justin M. Forbes on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1171#note_619593244 Acked-by: Justin M. Forbes (via approve button) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2] netfilter: Add deprecation notices for xtables
From: Phil Sutter on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1226#note_619443260 Forgot the SoB (as usual). ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCHv2] netfilter: Add deprecation notices for xtables
From: Phil Sutter
netfilter: Add deprecation notices for xtables
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1945179
Upstream Status: RHEL-only
Upon loading legacy xtables table modules or the nft compat module,
print a warning suggesting nftables.
Signed-off-by: Phil Sutter
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index blahblah..blahblah 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2484,6 +2484,9 @@ static int __init ebtables_init(void)
{
int ret;
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+
ret = xt_register_target(_standard_target);
if (ret < 0)
return ret;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index blahblah..blahblah 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1623,6 +1623,9 @@ static int __init arp_tables_init(void)
{
int ret;
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+
ret = register_pernet_subsys(_tables_net_ops);
if (ret < 0)
goto err1;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index blahblah..blahblah 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1902,6 +1902,9 @@ static int __init ip_tables_init(void)
{
int ret;
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+
ret = register_pernet_subsys(_tables_net_ops);
if (ret < 0)
goto err1;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index blahblah..blahblah 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1909,6 +1909,9 @@ static int __init ip6_tables_init(void)
{
int ret;
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+
ret = register_pernet_subsys(_tables_net_ops);
if (ret < 0)
goto err1;
diff --git a/net/netfilter/ipset/ip_set_core.c
b/net/netfilter/ipset/ip_set_core.c
index blahblah..blahblah 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -6,6 +6,8 @@
/* Kernel module for IP set management */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include
#include
#include
@@ -2362,8 +2364,12 @@ static struct pernet_operations ip_set_net_ops = {
static int __init
ip_set_init(void)
{
- int ret = register_pernet_subsys(_set_net_ops);
+ int ret;
+
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+ ret = register_pernet_subsys(_set_net_ops);
if (ret) {
pr_err("ip_set: cannot register pernet_subsys.\n");
return ret;
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index blahblah..blahblah 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -5,6 +5,8 @@
* This software has been sponsored by Sophos Astaro
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include
#include
#include
@@ -882,6 +884,9 @@ static int __init nft_compat_module_init(void)
{
int ret;
+ pr_warn_ratelimited("This module is deprecated in Red Hat Enterprise
Linux,\n"
+ "please use nftables instead
(https://red.ht/nft_your_tables)\n");
+
ret = nft_register_expr(_match_type);
if (ret < 0)
return ret;
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1226
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/0] [redhat] Generate a crashkernel.conf for each kernel build
From: Kairui Song on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1171#note_619390702 Hi, @hertonrk-rh, there are multiple packages depending on this MR, and many tests are blocked by this, is there an estimated schedule of when this will be merged and synced to rhel9? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
