Okay. It makes _some_ sense but it’s still weird:
Failed to load the IMA custom policy file /etc/ima/ima-policy1: Permission denied
[!!!!!!] Failed to load IMA policy, freezing
So what really happened:
/etc/ima/ima-policy exists. It is not looking for a file
ima-policy1. The appended 1 is probably an exit code and it’s error message is misleading.
I had some rules making use of #SELinux labels like
dont_appraise obj_type=systemd_journal_t in the policy and that goes boom when not bootet with SELinux support (e.g.
selinux=0) at all. Good to know.
Also: System is still in dev mode so loading custom #IMA policy is fine 🤓