I built a test kernel with commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b. The test kernel can be downloaded from: http://kernel.ubuntu.com/~jsalisbury/lp1771826
Can you test this kernel and see if it resolves this bug? Note about installing test kernels: • If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages. • If the test kernel is 4.15(Bionic) or newer, you need to install the linux-image-unsigned, linux-modules and linux-modules-extra .deb packages. Thanks in advance! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1771826 Title: Creation of IMA file hashes fails when appraisal is enabled Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: On a system that has IMA appraisal enabled it is impossible to create security.ima extended attribute files that contain IMA hash. For instance, consider the following use case: 1) extract application files to a staging area as non root user 2) verify that installation is correct 3) create IMA extended attributes for the installed files 4) move the files to their destination 5) change the files ownership to root With kernel 4.4.x step 3 will fail. The issues is fixed in upstream kernels by the following commit [1]: commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b Author: Mimi Zohar <zo...@linux.vnet.ibm.com> Date: Wed Nov 2 09:14:16 2016 -0400 Revert "ima: limit file hash setting by user to fix and log modes" [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-124-generic 4.4.0-124.148 ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117 Uname: Linux 4.4.0-124-generic x86_64 AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 May 17 14:07 seq crw-rw---- 1 root audio 116, 33 May 17 14:07 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. Date: Thu May 17 14:08:59 2018 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: QEMU Standard PC (i440FX + PIIX, 1996) PciMultimedia: ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 crashkernel=384M-:128M RelatedPackageVersions: linux-restricted-modules-4.4.0-124-generic N/A linux-backports-modules-4.4.0-124-generic N/A linux-firmware 1.157.17 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.12 dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-2.12 dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp