From 3daf99fd138b0eebe864bbe1b9c71241d97c4512 Mon Sep 17 00:00:00 2001
From: Ming Liu <liu.ming50@gmail.com>
Date: Mon, 1 Mar 2021 13:35:58 +0100
Subject: ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic

This fixes following systemd boot issues:
[    7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[    7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[    7.459270] systemd[1]: Freezing execution.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-security/ima_policy_hashed/files/ima_policy_hashed         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed b/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
index 7f89c8d..4d9e4ca 100644
--- a/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
+++ b/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
@@ -53,6 +53,9 @@ dont_measure fsmagic=0x43415d53
 # CGROUP_SUPER_MAGIC
 dont_appraise fsmagic=0x27e0eb
 dont_measure fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC
+dont_appraise fsmagic=0x63677270
+dont_measure fsmagic=0x63677270
 # EFIVARFS_MAGIC
 dont_appraise fsmagic=0xde5e81e4
 dont_measure fsmagic=0xde5e81e4
-- 
cgit v1.2.3-54-g00ecf