Ubuntu
linux package

  1. Bug #1771826
  2. Comment #0

Comment 0 for bug 1771826

Revision history for this message
rppt (mike-rapoport) wrote :

Further information:
On a system that has IMA appraisal enabled it is impossible to create
security.ima extended attribute files that contain IMA hash.

For instance, consider the following use case:

1) extract application files to a staging area as non root user
2) verify that installation is correct
3) create IMA extended attributes for the installed files
4) move the files to their destination
5) change the files ownership to root

With kernel 4.4.x step 3 will fail.

The issues is fixed in upstream kernels by the following commit [1]:

commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b
Author: Mimi Zohar <email address hidden>
Date: Wed Nov 2 09:14:16 2016 -0400

    Revert "ima: limit file hash setting by user to fix and log modes"

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-124-generic 4.4.0-124.148
ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117
Uname: Linux 4.4.0-124-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 May 17 14:07 seq
 crw-rw---- 1 root audio 116, 33 May 17 14:07 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Date: Thu May 17 14:08:59 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:

ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 crashkernel=384M-:128M
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-124-generic N/A
 linux-backports-modules-4.4.0-124-generic N/A
 linux-firmware 1.157.17
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-2.12
dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-2.12
dmi.sys.vendor: QEMU