On Mi, 14.03.18 23:05, Martin Townsend (mtownsend1973 at gmail.com) wrote: > Hi, > > I'm getting the following log when booting with IMA/EVM and SMACK > enabled. Before I start delving into IMA and SMACK does anyone know > of any fixes that have gone into systemd that would fix the problem > I'm seeing below. I've not seen anything by looking through git log > or on the internet but may have missed something. > > I'm using systemd 229 with a 4.9 kernel. The SMACK policy is pretty > much the default. If I boot with just IMA/EVM enabled it's fine and I > can check signatures etc with evmctl. If I boot with an image that > hasn't been signed and just SMACK then it's fine. If I do both I get > the following: Uh, we generally rely on external patches for SMACK, IMA, SELinux and AppArmor management, none of us systemd maintainers are true MAC gurus. I'd recommend asking the IMA/SMACK folks for help about this. Not sure why mount() or /dev/shm would return ENOENT though, except if SMACK actaully can generate that when the smackfsroot=* mount option we use is not available. Dunno. Sorry that I can' be more helpful on this, Lennart -- Lennart Poettering, Red Hat
system failing to boot with SMACK/IMA enabled.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: system failing to boot with SMACK/IMA enabled.
- From: lennart@xxxxxxxxxxxxxx (Lennart Poettering)
- Date: Tue, 20 Mar 2018 11:30:57 +0100
- In-reply-to: <CABatt_xef4_C2TMmVAn0qgqaj2--BuTMOfw+p30qrDutA6_j1w@mail.gmail.com>
- References: <CABatt_xef4_C2TMmVAn0qgqaj2--BuTMOfw+p30qrDutA6_j1w@mail.gmail.com>
- References:
- system failing to boot with SMACK/IMA enabled.
- From: Martin Townsend
- system failing to boot with SMACK/IMA enabled.
- Prev by Date: journal file boot_id and tail_entry_monotonic
- Next by Date: About supporting relative values (e.g. 50%) in configuration
- Previous by thread: system failing to boot with SMACK/IMA enabled.
- Next by thread: journal file boot_id and tail_entry_monotonic
- Index(es):
 |