Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Landlock requested by user space
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1892
Location: PB, Germany
PostPosted: Sun Mar 30, 2025 10:32 pm    Post subject: Landlock requested by user space Reply with quote
Hi, I noticed this syslog line:
Code:
 [kernel] [ 9839.902404] landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration
Who from the user space did request it?
Do I need this as a user with network mounts like nfs?
Why doesn't the gentoo-kernel-bin Distribution Kernel activte it?
What do I need to do, just adding
Code:
lsm=landlock
to the CMDLINE?

https://landlock.io/ is the home of Landlock.
https://wiki.gentoo.org/wiki/Security_Handbook/Linux_Security_Modules/Landlock isn't ready yet.
_________________
HP ZBook Power G9 i7-12700H|HP ProDesk 600 G5 i7-9700|HP EliteDesk 800 G1 i7-4790|HP Compaq Pro 6300 i7-3770
Back to top
View user's profile Send private message
alienjon
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1732
PostPosted: Sat Apr 05, 2025 4:05 pm    Post subject: Reply with quote
Following. Just noticed this message pop up in my dmesg as well. Using dist-kernel as well.
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1892
Location: PB, Germany
PostPosted: Sat Apr 05, 2025 4:48 pm    Post subject: Reply with quote
Trying to understand what Landlock is made for, isn't that the same purpose that AppArmor was made for?
_________________
HP ZBook Power G9 i7-12700H|HP ProDesk 600 G5 i7-9700|HP EliteDesk 800 G1 i7-4790|HP Compaq Pro 6300 i7-3770
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5572
Location: Bavaria
PostPosted: Sat Apr 05, 2025 5:14 pm    Post subject: Reply with quote
Massimo B. wrote:
Trying to understand what Landlock is made for, isn't that the same purpose that AppArmor was made for?

Yes and no ...

The main difference is: The user must configure AppArmor (with profiles for every application) - With Landlock now the application itself can define what the kernel (=LSM "landlock") shall allow and disallow for it.

I'm a bit confused about our distribution kernel, because I was under the impression that landlock is activated here. Maybe @sam or @mpagano can tell us more.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy