Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 951870 - sys-kernel/gentoo-kernel-6.13.7 landlock: Disabled but requested by user space.
Summary: sys-kernel/gentoo-kernel-6.13.7 landlock: Disabled but requested by user space.
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Distribution Kernel Project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-23 08:18 UTC by Julien Delquié
Modified: 2025-04-04 05:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julien Delquié 2025-03-23 08:18:49 UTC 
In journalctl -rkb, the kernel is complaining about: « landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration »

What I can see, is that it seems supported:
$ zgrep LANDLOCK /proc/config.gz         
CONFIG_SECURITY_LANDLOCK=y

But it may be missing here:
$ zgrep CONFIG_LSM= /proc/config.gz
CONFIG_LSM="yama"

Actually, I do not have any knowledge about landlock.

Reproducible: Always

Steps to Reproduce:
1. boot gentoo-kernel
Actual Results:  
kernel complaining about landlock

Expected Results:  
kernel not complaining about landlock

I don't know how long this issue has been there.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-03-23 09:00:04 UTC 
I've been seeing this for a while too and kept meaning to file a bug for it. I think we need to add it to CONFIG_LSM indeed but not verified.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-03-23 09:00:30 UTC 
(This shows up especially often on systems because `xz` uses Landlock, so it shows up whenever a distfile is first unpacked..)
Comment 3 Nowa Ammerlaan gentoo-dev 2025-03-23 09:02:13 UTC 
You can just enable this via kernel cmdline "lsm=landlock", works on my end to suppress this warning.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-03-23 09:03:49 UTC 
(In reply to Nowa Ammerlaan from comment #3)
> You can just enable this via kernel cmdline "lsm=landlock", works on my end
> to suppress this warning.

Sure, I just think it makes sense for us to enable it too.