Page 1 of 1

rpm -Va shows /boot/efi mode different from vendor default

Posted: 2018/04/16 16:25:29
by nelm
If you run

Code: Select all

rpm -Va | grep '^.M'
, it shows that the mode of the files is different than the vendor defaults. This is an issue for STIG requirements.

Code: Select all

.M.......    /boot/efi/EFI/BOOT/BOOTX64.EFI
.M.......    /boot/efi/EFI/BOOT/fbx64.efi
.M.......    /boot/efi/EFI/centos/BOOT.CSV
.M.......    /boot/efi/EFI/centos/BOOTX64.CSV
.M.......    /boot/efi/EFI/centos/mmx64.efi
.M.......    /boot/efi/EFI/centos/shim.efi
.M.......    /boot/efi/EFI/centos/shimx64-centos.efi
.M.......    /boot/efi/EFI/centos/shimx64.efi
Neither running

Code: Select all

rpm --setperms shim-x64-12-1.el7.x86_64
rpm --setperms shim-x64-12-1.el7.x86_64
nor reinstalling shim seems to fix this. Any idea how to do this?

I found this on redhat, https://access.redhat.com/solutions/3237921, but can't access it because I don't have a subscription.

Re: rpm -Va shows /boot/efi mode different from vendor default

Posted: 2018/04/16 17:16:24
by TrevorH
"FAT32 doesn't honour Linux File Permissions"

Re: rpm -Va shows /boot/efi mode different from vendor default

Posted: 2018/04/16 17:46:29
by nelm
I guess I should have known that :oops: . Thanks Trevor!