Symptoms

When performing a USB install, F5OS creates the ISO file used for install under /var/import/staging. Under certain conditions, this newly created ISO file is missing the immutable bit, allowing the file to be potentially modified or deleted while it is in use.

Impact

New ISO file is missing the immutable bit (should show up as an 'i' in the chattr output) [root@appliance-1 ~]# lsattr /var/import/staging/ -------------e-- /var/import/staging/F5OS-A-1.1.0-7645.R5R10.iso This results in risk of the ISO file being deleted or modified while in use.

Conditions

- Perform a USB install of F5OS

Workaround

If the imported ISO file is still present in /var/import/staging, set the immutable bit on it, e.g.: chattr +i /var/import/staging/R5R10.1.1.1-9159.iso If the imported ISO file is missing, i.e. because it was deleted or renamed: 1. Put a copy of the ISO file on the rSeries appliance named precisely the same as the original file was, e.g.: Copy the ISO file to the rSeries appliance, but name it "R5R10.1.1.1-9159.iso" and put it in /var/import/staging/ 2. Set the immutable bit on the file: chattr +i /var/import/staging/R5R10.1.1.1-9159.iso 3. Reboot the device

Fix Information

None

Behavior Change