Okay. It makes _some_ sense but it’s still weird:
Failed to load the IMA custom policy file /etc/ima/ima-policy1: Permission denied
[!!!!!!] Failed to load IMA policy, freezing
So what really happened: /etc/ima/ima-policy
exists. It is not looking for a file ima-policy1
. The appended 1 is probably an exit code and it’s error message is misleading.
I had some rules making use of #SELinux labels like dont_appraise obj_type=systemd_journal_t
in the policy and that goes boom when not bootet with SELinux support (e.g. selinux=0
) at all. Good to know.
Also: System is still in dev mode so loading custom #IMA policy is fine 🤓