On 09/03/14 at 12:07pm, Vivek Goyal wrote:
Currently old kexec syscall denies unloading a kernel if secureboot
is enabled.
I think this is not right behavior and should be changed. But for now, use
new syscall if secureboot is enabled and that allows unloading kernel.
We need to make sure the new syscall is in latest Fedora kernel, then we can add
this patch in kexec-tools.
Signed-off-by: Vivek Goyal <vgoyal(a)redhat.com>
---
kdumpctl | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kdumpctl b/kdumpctl
index bb98225..9403d61 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -826,7 +826,12 @@ stop_fadump()
stop_kdump()
{
- $KEXEC -p -u
+ if is_secure_boot_enforced; then
+ $KEXEC -s -p -u
+ else
+ $KEXEC -p -u
+ fi
+
if [ $? != 0 ]; then
echo "kexec: failed to unload kdump kernel"
return 1
--
1.9.0
_______________________________________________
kexec mailing list
kexec(a)lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/kexec