Hi, I'm getting the following log when booting with IMA/EVM and SMACK enabled. Before I start delving into IMA and SMACK does anyone know of any fixes that have gone into systemd that would fix the problem I'm seeing below. I've not seen anything by looking through git log or on the internet but may have missed something. I'm using systemd 229 with a 4.9 kernel. The SMACK policy is pretty much the default. If I boot with just IMA/EVM enabled it's fine and I can check signatures etc with evmctl. If I boot with an image that hasn't been signed and just SMACK then it's fine. If I do both I get the following: ... Security Framework initialized Smack: Initializing. Smack: IPv6 port labeling enabled. Mount-cache hash table entries: 1024 (order: 0, 4096 bytes) Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes) CPU: Testing write buffer coherency: ok Setting up static identity map for 0x80100000 - 0x80100058 devtmpfs: initialized evm: security.SMACK64 evm: security.SMACK64EXEC evm: security.SMACK64TRANSMUTE evm: security.SMACK64MMAP evm: security.ima evm: security.capability ... Loading compiled-in X.509 certificates Loaded X.509 cert 'IMA-EVM Root CA: cc972d25acf7c1efaa5329a48104efa303f0833a' ... UBIFS (ubi0:0): FS size: 201764864 bytes (192 MiB, 1589 LEBs), journal size 9023488 bytes (8 MiB, 72 LEBs) UBIFS (ubi0:0): reserved for root: 0 bytes (0 KiB) UBIFS (ubi0:0): media format: w4/r0 (latest is w4/r0), UUID F6EA70A5-1931-4049-89CB-93B82F37F6A4, small LPT model VFS: Mounted root (ubifs filesystem) readonly on device 0:16. devtmpfs: mounted integrity: Loaded X.509 cert 'IMA Certificate Authority: e2c191a6e31fd02d6beba0c7c7847720a35fd9c6': /etc/keys/ima-x509.der Freeing unused kernel memory: 1024K systemd[1]: Successfully loaded Smack policies. systemd[1]: Successfully loaded Smack/CIPSO policies. systemd[1]: System time before build time, advancing clock. systemd[1]: Failed to mount tmpfs at /dev/shm: No such file or directory systemd[1]: Failed to mount tmpfs at /dev/shm: No such file or directory systemd[1]: Failed to mount cgroup at /sys/fs/cgroup/systemd: No such file or directory [!!!!!!] Failed to mount API filesystems, freezing. systemd[1]: Freezing execution. Many Thanks, Martin.
system failing to boot with SMACK/IMA enabled.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: system failing to boot with SMACK/IMA enabled.
- From: mtownsend1973@xxxxxxxxx (Martin Townsend)
- Date: Wed, 14 Mar 2018 23:05:19 +0000
- Follow-Ups:
- system failing to boot with SMACK/IMA enabled.
- From: Lennart Poettering
- system failing to boot with SMACK/IMA enabled.
- Prev by Date: systemd-shutdown: Failed to parse /proc/self/moutinfo
- Next by Date: journal file boot_id and tail_entry_monotonic
- Previous by thread: systemd-shutdown: Failed to parse /proc/self/moutinfo
- Next by thread: system failing to boot with SMACK/IMA enabled.
- Index(es):
 |