On Sat, 2020-09-12 at 16:19 -0600, Alexander Gaidis wrote: > >> user@deb:~$ sudo dmesg | tail > >> ... > >> [ 78.593140] integrity: no _ima keyring: -126 > >> [ 78.593343] audit: type=1800 audit(1599673725.324:11): pid=582 > >> uid=1000 auid=1000 ses=1 subj==unconfined op=appraise_data > >> cause=invalid-signature comm="bash" name="/home/user/hello" dev="sda1" > >> ino=796088 res=0 > >> ``` > >> > >> However, after running the file as root and switching back to my user > >> profile I am able to run the file just fine due to the caching of the > >> integrity status of the file. > > > > For some reason as a user you can't access the _ima keyring - > > "integrity: no _ima keyring: -126". Please create an additional > > signed file and try accessing that one as user, after accessing the > > original signed one succeeds. > > > > I could access the second file after running the first one as root. See > below: The next steps would be to determine if this bug has existed from the beginning or was at some point introduced. In the later case, you would bisect the kernel based on good and bad starting points to determine the commit that introduced the bug[1]. Mimi [1] Documentation/admin-guide/bug-bisect.rst
