Skip to content

Commit

Permalink
Select enable_dracut_fips_module in RHEL 9 ISM_O profile
Browse files Browse the repository at this point in the history 
As RHEL 9 ISM_O profile enables FIPS mode (selects rules
`enable_fips_mode` and `configure_crypto_policy` with
`var_system_crypto_policy=fips`) it also needs to select
the rule `enable_dracut_fips_module`.

This issue was not discovered before because on normal systems
the `fips-mode-setup` (called in `enable_fips_mode` rule remediation)
ensures the installation of the FIPS dracut module. But in RHEL Image
Mode the `fips-mode-setup` is not used and so the FIPS dracut module
needs to be enabled by remediation of the `enable_dracut_fips_module`
rule.
  • Loading branch information
@matusmarhefka
matusmarhefka committed Jan 20, 2025
1 parent b813196 commit cf56fe4
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions products/rhel9/profiles/ism_o.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ selections:
## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 / 1139 /
## 1372 / 1373 / 1374 / 1375
- enable_fips_mode
- enable_dracut_fips_module
- var_system_crypto_policy=fips
- configure_crypto_policy

Expand Down

0 comments on commit cf56fe4

Please sign in to comment.