Bug 951870

Summary:	sys-kernel/gentoo-kernel-6.13.7 landlock: Disabled but requested by user space.
Product:	Gentoo Linux	Reporter:	Julien Delquié <julien.dlq>
Component:	Current packages	Assignee:	Distribution Kernel Project <dist-kernel>
Status:	UNCONFIRMED ---
Severity:	normal	CC:	foufou33, nowa
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Julien Delquié 2025-03-23 08:18:49 UTC

In journalctl -rkb, the kernel is complaining about: « landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration »

What I can see, is that it seems supported:
$ zgrep LANDLOCK /proc/config.gz         
CONFIG_SECURITY_LANDLOCK=y

But it may be missing here:
$ zgrep CONFIG_LSM= /proc/config.gz
CONFIG_LSM="yama"

Actually, I do not have any knowledge about landlock.

Reproducible: Always

Steps to Reproduce:
1. boot gentoo-kernel
Actual Results:  
kernel complaining about landlock

Expected Results:  
kernel not complaining about landlock

I don't know how long this issue has been there.

Comment 1 Sam James archtester

2025-03-23 09:00:04 UTC

I've been seeing this for a while too and kept meaning to file a bug for it. I think we need to add it to CONFIG_LSM indeed but not verified.

Comment 2 Sam James archtester

2025-03-23 09:00:30 UTC

(This shows up especially often on systems because `xz` uses Landlock, so it shows up whenever a distfile is first unpacked..)

Comment 3 Nowa Ammerlaan gentoo-dev

2025-03-23 09:02:13 UTC

You can just enable this via kernel cmdline "lsm=landlock", works on my end to suppress this warning.

Comment 4 Sam James archtester

2025-03-23 09:03:49 UTC

(In reply to Nowa Ammerlaan from comment #3)
> You can just enable this via kernel cmdline "lsm=landlock", works on my end
> to suppress this warning.

Sure, I just think it makes sense for us to enable it too.