http://bugzilla.opensuse.org/show_bug.cgi?id=1187654 http://bugzilla.opensuse.org/show_bug.cgi?id=1187654#c19 Alberto Planas Dominguez <aplanas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo? --- Comment #19 from Alberto Planas Dominguez <aplanas@suse.com> --- (In reply to Antonio Feijoo from comment #18)
This minor ls error is fixed upstream (https://github.com/dracutdevs/dracut/commit/f63f411) and will be backported.
You may already know that IMA appraisal can be used without digital signatures, just by storing hash digests instead and protecting the security.ima against tampering using EVM.
And the IMA policy (comment #6) loaded in dracut refers to the custom policy, which is also optional (the main policy is added via kernel command line).
So, apart from hiding this ls error, I think we don't need to do anything else here.
I am not sure what changed, but seems that is not a minimal error anymore? In my system this "ls /etc/keys/ima/*" produces errno, killing the dracut load process. It is a different error when doing "ls /etc/keys/ima/" # ls /etc/keys/ima/*; echo $? ls: cannot access '/etc/keys/ima/*': No such file or directory 2 # ls /etc/keys/ima/; echo $? 0 If this happens in the first boot in MicroOS, will make the system unusable (missing services later will not setup properly the device) -- You are receiving this mail because: You are on the CC list for the bug.