See https://github.com/projectatomic/rpm-ostree/pull/959#issuecomment-325780234
Right now we have:
[root@localhost ~]# ostree ls -R -X -C fedora-atomic:fedora/27/x86_64/atomic-host /boot|grep initramfs -00600 0 0 52565370 7e6c941d0eefc5760917b300bade10e107d99c89fd0f627b7d9e1cf03068b9bd { [(b'security.selinux', b'system_u:object_r:boot_t:s0')] } /boot/initramfs-4.13.9-300.fc27.x86_64.img-850b4ded439b2151106725e7b522d8485d312c9ed80aee65c818c9f99c2c1701 [root@localhost ~]# ostree ls -R -X -C fedora-atomic:fedora/27/x86_64/atomic-host /usr/lib/ostree-boot|grep initramfs -00600 0 0 52565370 79acadd126fcb5a02142119dfab6bd35fd5bfb46606adeab23f89cb04c4afc2a { [(b'security.selinux', b'system_u:object_r:lib_t:s0')] } /usr/lib/ostree-boot/initramfs-4.13.9-300.fc27.x86_64.img-850b4ded439b2151106725e7b522d8485d312c9ed80aee65c818c9f99c2c1701 [root@localhost ~]# ostree ls -R -X -C fedora-atomic:fedora/27/x86_64/atomic-host /usr/lib/modules|grep initramfs -00600 0 0 52565370 f70d77da922263abc7e4f4e9fc92e178b051df8e10bd3105ebbb642ca5748f4b { [(b'security.selinux', b'system_u:object_r:modules_object_t:s0')] } /usr/lib/modules/4.13.9-300.fc27.x86_64/initramfs.img
Which means 3 physically distinct copies of the initramfs, and with /boot as its own partition, that brings it to 4. Using boot_location: new should bring us to 2 copies in the tree, and at that point I think we should change the SELinux policy to bring that to 1.
/boot
boot_location: new
I still need to verify that everything works for Anaconda with that set.
https://bugzilla.redhat.com/show_bug.cgi?id=1526191
PR in https://pagure.io/fedora-atomic/pull-request/102
Things seem OK for me with this - did a kickstart (VM, BIOS) install of f27ah with this patch.
Log in to comment on this ticket.