Running the steps listed in

https://github.com/myllynen/rhel-ansible-roles/blob/master/roles/ima_evm_setup/tasks/enable.yml

works on RHEL 9.6 but fails on RHEL 10:

Installing prerequisite package rpm-plugin-ima
Adding IMA signatures to installed package files
Loading IMA keys
Rebuilding the initramfs of kernel-6.12.0-55.17.1.el10_0.x86_64 to include the dracut integrity module
/etc/ima/ima-policy.ansible can't be loaded
Failed to load IMA policy /etc/ima/ima-policy.ansible!

The failure comes from:

if ! echo "$ima_policy_path" >"$IMA_POLICY_SYSFS"; then

Given that RHEL 10 has some entries in the file by default it would probably be a bit more logical to do:

cat "$ima_policy_path" >> "$IMA_POLICY_SYSFS"

But this fails also. dmesg shows:

ima: Unable to open file: /etc/ima/ima-policy.ansible (-13)

but plain "cat /etc/ima/ima-policy.ansible" on the command line works.

Thanks.