777300 – system wont boot with both IMA (Integrity Measurement Architecture) and SELINUX enabled at the same time

Bug 777300 - system wont boot with both IMA (Integrity Measurement Architecture) and SELINUX enabled at the same time

Summary: system wont boot with both IMA (Integrity Measurement Architecture) and SELIN...

Status:	RESOLVED DUPLICATE of bug 777294

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-03-19 16:06 UTC by ben
Modified:	2021-03-21 00:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ben 2021-03-19 16:06:18 UTC

"IMA + EVM + SELINUX" will not boot together you either have to choose one or the other. Either IMA or SELINUX alone but if both are enabled with EVM using TPM hardware to store keys system will not boot past initrc. Cant seem to find out what is going on. Boot is broken very early in the boot process during initrc. System can boot
with only selinux or IMA alone but not both.

Comment 1 ben 2021-03-19 17:31:32 UTC

Im using custom IMA policy loaded in a initscript. Then EVM is enabled. EVM key blobs is also the first thing this script loads before IMA policy and EVM enable.

Comment 2 Jonas Stein gentoo-dev

2021-03-20 22:33:31 UTC


*** This bug has been marked as a duplicate of bug 777294 ***

Comment 3 ben 2021-03-21 00:10:29 UTC

This is a separate problem from bug 777294 why has it been maked as duplicate to 777294. These problems are not related at all I just included this problem in the other report as well.