Ubuntu
linux package

Bug #1766201
Comment #17

Comment 17 for bug 1766201

Revision history for this message

Manoj Iyer (manjo) wrote on 2019-04-19:

#17

Fresh install of 18.04 on Power9 system, installed linux-image-generic-hwe-18.04

ubuntu@bobone:~$ uname -a
Linux bobone 4.18.0-18-generic #19~18.04.1-Ubuntu SMP Fri Apr 5 10:21:11 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
ubuntu@bobone:~$

ubuntu@bobone:~$ dmesg -xT -l emerg,alert,crit,err
kern :err : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
kern :err : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
kern :err : [Fri Apr 19 21:12:08 2019] vio vio: uevent: failed to send synthetic uevent
kern :err : [Fri Apr 19 21:12:14 2019] vio vio: uevent: failed to send synthetic uevent
ubuntu@bobone:~$

Looks like the "integrity: Unable to open file" are still reported as "kern: err" rather than warnings like the patch (https://lists.ubuntu.com/archives/kernel-team/2017-February/082526.html) was supposed to. And, looks like the "vio vio: uevent:" error occurs only on boot, and does not seem to appear when the system is running.

Looks like /etc/keys/x509-blah is missing in initramfs? May be because the feature is not supported? But seems like the right thing to do is to downgrade the err to warn.

buntu@bobone:~$ dmesg | grep ima
[ 0.000000] PCI host bridge /pciex@600c3c0000000 (primary) ranges:
[ 2.379848] ima: Allocated hash algorithm: sha256
[ 2.518823] evm: security.ima
[ 2.618501] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
ubuntu@bobone:~$

ubuntu@bobone:~$ dmesg | grep evm
[ 2.518625] evm: Initialising EVM extended attributes:
[ 2.518651] evm: security.selinux
[ 2.518676] evm: security.SMACK64
[ 2.518691] evm: security.SMACK64EXEC
[ 2.518716] evm: security.SMACK64TRANSMUTE
[ 2.518740] evm: security.SMACK64MMAP
[ 2.518773] evm: security.apparmor
[ 2.518823] evm: security.ima
[ 2.518855] evm: security.capability
[ 2.518878] evm: HMAC attrs: 0x1
[ 2.618504] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
ubuntu@bobone:~$

Reference: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1656908

Fresh install of 18.04 on Power9 system, installed linux-image-generic-hwe-18.04

ubuntu@bobone:~$ uname -a 
Linux bobone 4.18.0-18-generic #19~18.04.1-Ubuntu SMP Fri Apr 5 10:21:11 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
ubuntu@bobone:~$

ubuntu@bobone:~$ dmesg -xT -l emerg,alert,crit,err
kern  :err   : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
kern  :err   : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
kern  :err   : [Fri Apr 19 21:12:08 2019] vio vio: uevent: failed to send synthetic uevent
kern  :err   : [Fri Apr 19 21:12:14 2019] vio vio: uevent: failed to send synthetic uevent
ubuntu@bobone:~$

Looks like /etc/keys/x509-blah is missing in initramfs? May be because the feature is not supported? But seems like the right thing to do is to downgrade the err to warn.

buntu@bobone:~$ dmesg | grep ima
[    0.000000] PCI host bridge /pciex@600c3c0000000 (primary) ranges:
[    2.379848] ima: Allocated hash algorithm: sha256
[    2.518823] evm: security.ima
[    2.618501] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
ubuntu@bobone:~$

ubuntu@bobone:~$ dmesg | grep evm
[    2.518625] evm: Initialising EVM extended attributes:
[    2.518651] evm: security.selinux
[    2.518676] evm: security.SMACK64
[    2.518691] evm: security.SMACK64EXEC
[    2.518716] evm: security.SMACK64TRANSMUTE
[    2.518740] evm: security.SMACK64MMAP
[    2.518773] evm: security.apparmor
[    2.518823] evm: security.ima
[    2.518855] evm: security.capability
[    2.518878] evm: HMAC attrs: 0x1
[    2.618504] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
ubuntu@bobone:~$

Reference: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1656908

Ubuntulinux package

Comment 17 for bug 1766201

Ubuntu
linux package