[meta-security][PATCH] ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic


Ming Liu <liu.ming50@...>
 

From: Ming Liu <liu.ming50@gmail.com>

This fixes following systemd boot issues:
[ 7.455580] systemd[1]: Failed to create /init.scope control group: Pe=
rmission denied
[ 7.457677] systemd[1]: Failed to allocate manager object: Permission =
denied
[!!!!!!] Failed to allocate manager object.
[ 7.459270] systemd[1]: Freezing execution.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
---
.../recipes-security/ima_policy_hashed/files/ima_policy_hashed | 3 +++
1 file changed, 3 insertions(+)

diff --git a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_=
policy_hashed b/meta-integrity/recipes-security/ima_policy_hashed/files/i=
ma_policy_hashed
index 7f89c8d..4d9e4ca 100644
--- a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_=
hashed
+++ b/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_=
hashed
@@ -53,6 +53,9 @@ dont_measure fsmagic=3D0x43415d53
# CGROUP_SUPER_MAGIC
dont_appraise fsmagic=3D0x27e0eb
dont_measure fsmagic=3D0x27e0eb
+# CGROUP2_SUPER_MAGIC
+dont_appraise fsmagic=3D0x63677270
+dont_measure fsmagic=3D0x63677270
# EFIVARFS_MAGIC
dont_appraise fsmagic=3D0xde5e81e4
dont_measure fsmagic=3D0xde5e81e4
--=20
2.29.0


Armin Kuster
 

merged.
Thanks,
Armin

On 3/1/21 4:35 AM, liu.ming50@gmail.com wrote:
From: Ming Liu <liu.ming50@gmail.com>

This fixes following systemd boot issues:
[ 7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[ 7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[ 7.459270] systemd[1]: Freezing execution.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
---
.../recipes-security/ima_policy_hashed/files/ima_policy_hashed | 3 +++
1 file changed, 3 insertions(+)

diff --git a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed b/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
index 7f89c8d..4d9e4ca 100644
--- a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
+++ b/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
@@ -53,6 +53,9 @@ dont_measure fsmagic=0x43415d53
# CGROUP_SUPER_MAGIC
dont_appraise fsmagic=0x27e0eb
dont_measure fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC
+dont_appraise fsmagic=0x63677270
+dont_measure fsmagic=0x63677270
# EFIVARFS_MAGIC
dont_appraise fsmagic=0xde5e81e4
dont_measure fsmagic=0xde5e81e4