Thanks for the quick reply! Good call, but no such luck -- $ sudo keyctl show %keyring:.ima Can't find 'keyring:.ima' Paul On Sun, Dec 10, 2017 at 9:18 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > On Sat, 2017-12-09 at 17:01 -0500, Paul R. Tagliamonte wrote: >> Hey all! >> >> I have an asymmetric key loaded into _ima on my root user's @u >> keyring. v/r/s is set on the keyrings, and key: >> >> ``` >> 943483453 --alswrv 0 65534 keyring: _uid.0 >> 559919368 ----s-rv 0 0 \_ keyring: _ima >> 475931491 ----s-rv 0 0 \_ asymmetric: Local IMA Key >> ``` >> >> However, when I try and run my VM with IMA set to log, I'm getting a >> log full of: >> >> "integrity: no _ima keyring: -126" > > Depending on how the kernel was built (CONFIG_IMA_TRUSTED_KEYRING), > the IMA keys need to be loaded either on the trusted keyring named > .ima or the _ima keyring. The kernel itself creates the trusted .ima > keyring. > > The command "sudo keyctl show %keyring:.ima" will indicate if the > ".ima" was created. > > Mimi > -- :wq
