Comment 0 for bug 1755804

Linux kernel version 4.13 has a bug in IMA policy parsing that prevents setting IMA measurements and appraisal options per fsuuid.

The issue can be reproduced with simple ima_policy:

# fsuuid=$(blkid -s UUID -o value /dev/sda1)
# cat > ima_policy << EOF
dont_appraise fsuuid=$fsuuid
dont_measure fsuuid=$fsuuid
EOF
# cat ima_policy > /sys/kernel/security/ima/policy
cat: write error: Invalid argument
# dmesg | tail
[ 928.069606] audit: type=1805 audit(1521031959.907:18): action="dont_appraise" fsuuid="aef88a4e-dbea-4cc7-be8b-03cf8501cc8f" res=0
[ 928.069895] audit: type=1802 audit(1521031959.908:19): pid=1806 uid=0 auid=0 ses=1 op="update_policy" cause="invalid-policy" comm="cat" res=0
[ 928.070829] IMA: policy update failed
[ 928.070860] audit: type=1802 audit(1521031959.909:20): pid=1806 uid=0 auid=0 ses=1 op="policy_update" cause="failed" comm="cat" res=0

The same policy can be successively loaded on v4.10:
(v4.10) # dmesg | tail
[ 54.071383] IMA: policy update completed
[ 54.071484] kauditd_printk_skb: 1 callbacks suppressed
[ 54.071487] audit: type=1805 audit(1521030962.958:15): action="dont_appraise" fsuuid="aef88a4e-dbea-4cc7-be8b-03cf8501cc8f" res=1
[ 54.071491] audit: type=1805 audit(1521030962.958:16): action="dont_measure" fsuuid="aef88a4e-dbea-4cc7-be8b-03cf8501cc8f" res=1
[ 54.071493] audit: type=1802 audit(1521030962.958:17): pid=1793 uid=0 auid=0 ses=1 op="policy_update" cause="completed" comm="cat" res=1

The bug is fixed in the mainline kernel:

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/security/integrity/ima/ima_policy.c?id=36447456e1cca853188505f2a964dbbeacfc7a7a