In journalctl -rkb, the kernel is complaining about: « landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration » What I can see, is that it seems supported: $ zgrep LANDLOCK /proc/config.gz CONFIG_SECURITY_LANDLOCK=y But it may be missing here: $ zgrep CONFIG_LSM= /proc/config.gz CONFIG_LSM="yama" Actually, I do not have any knowledge about landlock. Reproducible: Always Steps to Reproduce: 1. boot gentoo-kernel Actual Results: kernel complaining about landlock Expected Results: kernel not complaining about landlock I don't know how long this issue has been there.
I've been seeing this for a while too and kept meaning to file a bug for it. I think we need to add it to CONFIG_LSM indeed but not verified.
(This shows up especially often on systems because `xz` uses Landlock, so it shows up whenever a distfile is first unpacked..)
You can just enable this via kernel cmdline "lsm=landlock", works on my end to suppress this warning.
(In reply to Nowa Ammerlaan from comment #3) > You can just enable this via kernel cmdline "lsm=landlock", works on my end > to suppress this warning. Sure, I just think it makes sense for us to enable it too.
Should be fixed in today's kernels: commit 4bda3507dacddef3b87319938f2ac12e777e2c3a Author: Sam James <sam@gentoo.org> Date: Tue Apr 8 05:41:05 2025 +0100 base.config: enable landlock by default xz supports this and dmesg gives noise when something tries to use landlock but it isn't enabled. Bug: https://bugs.gentoo.org/951870 Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Michał Górny <mgorny@gentoo.org>
