代码拉取完成,页面将自动刷新
kdump service failed in IMA appraisal enforce mode, the error message in dmesg is (dmesg | grep appraise):
[ 2.999327] audit: type=1800 audit(1602644578.504:2): pid=145 uid=0 auid=4294967295 ses=4294967295 subjnel op=appraise_data cause=unknown comm="kworker/u8:0" name="/usr/bin/kmod" dev="rootfs" ino=10402 res=0
[ 15.514744] ima: impossible to appraise a kernel image without a file descriptor; try using kexec_file_ syscall.
The error message in kernel is (journalctl -u kdump):
Oct 14 11:03:07 localhost.localdomain systemd[1]: Starting Crash recovery kernel arming...
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: kexec_load failed: Permission denied
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: entry = 0xe22ab6b0 flags = 0xb70001
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: nr_segments = 5
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[0].buf = 0xffff9e8ef010
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[0].bufsz = 0x136ad40
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[0].mem = 0xdfe80000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[0].memsz = 0x15c1000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[1].buf = 0xffffa1a6f010
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[1].bufsz = 0xe682f3
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[1].mem = 0xe1441000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[1].memsz = 0xe69000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[2].buf = 0xaaaaed7e44d0
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[2].bufsz = 0x4f1
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[2].mem = 0xe22aa000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[2].memsz = 0x1000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[3].buf = 0xaaaaed7e4fc0
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[3].bufsz = 0x34a8
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[3].mem = 0xe22ab000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[3].memsz = 0x4000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[4].buf = 0xaaaaed7e2850
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[4].bufsz = 0x400
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[4].mem = 0xffdff000
Oct 14 11:03:11 localhost.localdomain kdumpctl[2493]: segment[4].memsz = 0x1000
Oct 14 11:03:11 localhost.localdomain kdumpctl[1928]: kexec: failed to load kdump kernel
Oct 14 11:03:11 localhost.localdomain kdumpctl[1928]: Starting kdump: [FAILED]
Oct 14 11:03:11 localhost.localdomain systemd[1]: kdump.service: Main process exited, code=exited, statu>
Oct 14 11:03:11 localhost.localdomain systemd[1]: kdump.service: Failed with result 'exit-code'.
Oct 14 11:03:11 localhost.localdomain systemd[1]: Failed to start Crash recovery kernel arming.
openeuler-ci-bot
拥有者
Hey nettingsisyphus, Welcome to openEuler Community.
All of the projects in openEuler Community are maintained by @openeuler-ci-bot.
That means the developers can comment below every pull request or issue to trigger Bot Commands.
Please follow instructions at https://gitee.com/openeuler/community/blob/master/en/sig-infrastructure/command.md to find the details.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
该问题原因在于kexec_file_load系统调用在openEuler 20.09不可用。
IMA对kexec进行校验必须通过kexec_file_load系统调用,目前我们用的是kexec_load,kexec_file_load尚未在内核中使能,需要合入多个上游社区补丁,可能破坏kabi。
该issue将在21.03版本kabi允许变更时再改,当前暂不支持IMA的KEXEC_KERNEL_CHECK策略。
该问题已在21.03版本得到修复,20.09已过维护周期,停止维护。
登录 后才可以发表评论
