Comment # 18 on bug 1187654 from Antonio Feijoo

(In reply to Alberto Planas Dominguez from comment #10)
> (In reply to Thomas Blume from comment #9)
> > (In reply to Alberto Planas Dominguez from comment #8)
> > > As a parallel works I added the /etc/keys and /usr/etc/keys directory in
> > > keyctl. Lets see the review, I am not confident about the correct owner.
> > 
> > Thanks Alberto, lets discuss how to go on with this when you have results.
> 
> Sure. Still it makes sense to do something here. If the [/usr]/etc/keys/ima
> is present but empty, we will still have the same error. IMHO this will be a
> cosmetic error now, but could still make sense to address it properly.

This minor ls error is fixed upstream
(https://github.com/dracutdevs/dracut/commit/f63f411) and will be backported.

You may already know that IMA appraisal can be used without digital signatures,
just by storing hash digests instead and protecting the security.ima against
tampering using EVM.

And the IMA policy (comment #6) loaded in dracut refers to the custom policy,
which is also optional (the main policy is added via kernel command line).

So, apart from hiding this ls error, I think we don't need to do anything else
here.