fapolicyd fails with IMA digital signature enabled.

Issue

Starting fapolicyd(File Access Ppolicy Daemon) fails with below error when IMA integrity checking is enabled in the configuration.

# fapolicyd
05/19/2025 13:54:00 [ ERROR ]: IMA integrity checking selected, but the extended attributes can't be read
05/19/2025 13:54:00 [ ERROR ]: Exiting due to bad configuration

However, it works fine if IMA(Integrity Measurement Architecture) and EVM(Extended Verification Module) both enabled on the system.

Environment

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
IMA & fapolicyd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

fapolicyd fails with IMA digital signature enabled.

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links