Package: dracut-core
Version: 106-6
Severity: important
X-Debbugs-Cc: [email protected]
Dear Maintainer,
When building an initramfs with dracut, it is not possible to access its
emergency shell during boot. Instead, there is an error saying "Cannot
open access to console, the root account is locked."
The reason for this appears to be that the systemd-sysusers module adds
a locked root user entry to /etc/shadow ("!unprovisioned").
The issue has already been fixed upstream by renaming the module so that
it executes as late as possible:
https://github.com/dracut-ng/dracut-ng/pull/1212/files
The upstream change makes it sound like this only applies to niche
scenarios, but as far as I can tell, the emergency shell is broken in
any configuration, hence the elevated severity.
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.32-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dracut-core depends on:
ii cpio 2.15+dfsg-2
ii dracut-install 106-6
ii e2fsprogs 1.47.2-3+b1
ii kmod 34.2-2
ii libc6 2.41-9
ii udev 257.6-1
Versions of packages dracut-core recommends:
ii binutils 2.44-3
ii console-setup 1.237
pn cryptsetup <none>
ii dmsetup 2:1.02.205-2
ii kpartx 0.11.1-2
pn lvm2 <none>
pn mdadm <none>
ii systemd 257.6-1
pn systemd-cryptsetup <none>
ii systemd-sysv 257.6-1
ii zstd 1.5.7+dfsg-1
dracut-core suggests no packages.
-- Configuration Files:
/etc/dracut.conf changed [not included]
-- no debconf information
