Re: [Linux-ima-user] IMA appraisal with signature issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2016-01-11 at 16:58 +0100, Baal Su wrote:

> Hi Mimi,
> 
> 	Thank you for your reply. 
> 
> 	I tried to recompile the kernel to 4.1.15, which is the latest longterm version. But the aforementioned problem still exists. 
> 
> 	When I run “keyctl show”, I can see the following output:
> 		
> 		Session Keyring
> 		841881916   —alswrv	0	   0  keyring: _ses
> 		1060565120 —alswrv	0 65534   \_ keyring: _uid.0
> 		332490404   —alswrv 	0	   0		\_ keyring: _ima
> 		452725264   —alswrv	0	   0		\_ user: 821C0DFD4C617DA

It doesn't looke like there are any keys on the _ima keyring.  Try
listing the keys on the keyring:   keyctl list `keyctl search @u keyring
_ima`

> 
> 	But when I want to read from a file under appraisal with enforce mode, it still shows:
> 
> 		[   358.334856] digsig: key not found, id: 821C0DFD4C617DA
> 		cat: file: Permission denied

Only asymmetric keys should be on the IMA keyring, not user.

Mimi 

> 	Should I try with more recent kernel?
> 
> Thank you for your time and best wishes!