Public bug reported: Since Landlock[1] is enabled in ubuntu 5.13 kernels[2], I wonder if it should be added to CONFIG_LSM[3] so that the feature is usable without having to override the lsm parameter on the kernel command line (and reboot).
Upstream seems to have it enabled since it was merged before 5.13-rc1.[4] I tried to use landlock this morning on ubuntu 20.04 with kernel linux- image-5.13.0-21-generic 5.13.0-21.21~20.04.1 and was a bit surprised that it didn't work right away, it returned ENOTSUPP. I had to dig around a bit to see that it needs to be added to CONFIG_LSM before it can actually be used. To make it work, I added the following to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub: lsm=landlock,lockdown,yama,integrity,apparmor Then grub-update + reboot. It'd be great if it was available without having to jump through hoops (and a reboot), but otherwise maybe the above info will help others trying to figure out why landlock isn't working even-though the feature is configured in the kernel. [1] https://www.kernel.org/doc/html/latest/userspace-api/landlock.html [2] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian.hwe-5.13/config/config.common.ubuntu?h=hwe-5.13#n9230 [3] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian.hwe-5.13/config/config.common.ubuntu?h=hwe-5.13#n5722 [4] https://github.com/torvalds/linux/commit/385975dca53eb41031d0cbd1de318eb1bc5d6bb9 ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1950381 Title: Adding landlock to CONFIG_LSM in 5.13 kernels Status in linux package in Ubuntu: New Bug description: Since Landlock[1] is enabled in ubuntu 5.13 kernels[2], I wonder if it should be added to CONFIG_LSM[3] so that the feature is usable without having to override the lsm parameter on the kernel command line (and reboot). Upstream seems to have it enabled since it was merged before 5.13-rc1.[4] I tried to use landlock this morning on ubuntu 20.04 with kernel linux-image-5.13.0-21-generic 5.13.0-21.21~20.04.1 and was a bit surprised that it didn't work right away, it returned ENOTSUPP. I had to dig around a bit to see that it needs to be added to CONFIG_LSM before it can actually be used. To make it work, I added the following to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub: lsm=landlock,lockdown,yama,integrity,apparmor Then grub-update + reboot. It'd be great if it was available without having to jump through hoops (and a reboot), but otherwise maybe the above info will help others trying to figure out why landlock isn't working even-though the feature is configured in the kernel. [1] https://www.kernel.org/doc/html/latest/userspace-api/landlock.html [2] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian.hwe-5.13/config/config.common.ubuntu?h=hwe-5.13#n9230 [3] https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian.hwe-5.13/config/config.common.ubuntu?h=hwe-5.13#n5722 [4] https://github.com/torvalds/linux/commit/385975dca53eb41031d0cbd1de318eb1bc5d6bb9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1950381/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
