[lug] Redhat doesn't support users that compile their own kernels.

D. Stimits stimits at idcomm.com
Fri Nov 2 11:06:38 MST 2001 

"Riggs, Rob" wrote:
> 
> I'll have to side with Red Hat on this one. They really can't support all
> possible combinations of custom kernels out there. They would go broke
> trying. It's a problem with your kernel, not the init script. However, if
> you were to send Red Hat a patch for the init script so that it behaves the
> way you desire, there is a good chance that they would incorporate it.
> 
> On the other hand, if you report it as a bug with *their* kernel ("ipchains
> init script does not report failure when iptables module is loaded"), there
> is a good chance that they'd fix it themselves.

The thing is that this is *not* a problem only with other kernels. I
believe their own kernel will also do this if iptables module is loaded.
They only concluded that this is a non-redhat kernel bug from the
wording. But I can't test this on a stock redhat kernel, my root
partition is XFS filesystem, they don't support that. I really wish
return values would get tested more often, it seems like amateur hour to
not even check for errors. Because of the XFS partition, I can't install
their kernel to repeat this failure under theirs, but I wasn't the only
one that noticed this.

D. Stimits, stimits at idcomm.com

> 
> The key is convincing them that it is a problem on their end, and not with
> something you've done.
> 
> -Rob
> 
> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Friday, November 02, 2001 8:49 AM
> To: BLUG
> Subject: [lug] Redhat doesn't support users that compile their own
> kernels.
> 
> A while back I discovered that the init script for ipchains does not
> work correctly if the kernel itself does not support ipchains. This can
> be due to the iptables module being loaded, which forces ipchains to
> fail load. Or the module could simply not exist. Someone here confirmed
> that the problem was that at one point the script does not check for
> return values and runs blindly. I entered a bug report at RH bugzilla,
> but id 43708. Finally, this is the reply I got, it sounds a lot like
> Microsoft:
> 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=43708
> 
> --- shadow/43708        Sun Oct  7 08:22:37 2001
> +++ shadow/43708.tmp.19063      Tue Oct 30 02:01:53 2001
> @@ -3,8 +3,8 @@
>  Version: 7.1
>  Platform: i386
>  OS/Version: Linux
> -Status: ASSIGNED
> -Resolution:
> +Status: CLOSED
> +Resolution: NOTABUG
>  Severity: security
>  Priority: high
>  Component: ipchains
> @@ -52,3 +52,14 @@
>  deactivated is "not good". There is an extreme need to test
>  for ipchains failure to activate, whether it is by direct failure,
>  or by kernel support failure.
> +
> +------- Additional comments from mharris at redhat.com 2001-10-30 02:16:34
> -------
> +This is not really a bug, because Red Hat Linux does not support
> +user compiled kernels.  You're free to compile and use your own
> +kernel of course, but problems introduced by doing so, that are
> +not reproduceable with the supplied kernels, are not generally
> +considered bugs.
> +
> +If you can cause a reproduceable problem by using the Red Hat
> +supplied kernel, then it is something worthy of investigating
> +further.
> 
> I'm guessing that the person involved, mharris, does not realize this
> bug exists even with redhat kernels if iptables module is loaded and
> ipchains is attempted (since loading iptables module blocks ipchains
> module). Sounds like a cop-out to me, I can't believe Redhat has
> officially taken this attitude.
> 
> So I guess be forewarned, Redhat is not interested in all bug reports
> against security.
> 
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list