https://bugzilla.suse.com/show_bug.cgi?id=1227282 https://bugzilla.suse.com/show_bug.cgi?id=1227282#c2 Cathy Hu <cathy.hu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[SELinux]: enabling SELinux |[SELinux]: kernel params |for 15.6 does not work |security=selinux selinux=1 | |appends selinux behind bpf, | |leading to broken system Assignee|cathy.hu@suse.com |kernel-bugs@suse.de --- Comment #2 from Cathy Hu <cathy.hu@suse.com> --- Reassigning to kernel people: in Leap 15.6 kernel version 6.4.0-150600.23.7.3 (the current release), when I set the kernel parameters in /etc/default/grub in GRUB_CMDLINE_LINUX_DEFAULT: security=selinux selinux=1 this results in this error reported by Felix: https://bugzilla.suse.com/show_bug.cgi?id=1226937#c5 I think it is because it appends `selinux` like this: /sys/kernel/security/lsm -> lockdown,capability,bpf,selinux However, selinux should be loaded before bpf. When I overwrite the lsm list via `lsm=` parameter like this, it works and the system boots up: lsm=selinux,bpf selinux=1 /sys/kernel/security/lsm -> lockdown,capability,selinux,bpf In tumbleweed (kernel-default-6.9.7-1.1), this seems to be fixed, so setting security=selinux selinux=1 results in: /sys/kernel/security/lsm -> lockdown,capability,landlock,yama,selinux,bpf,ima,evm Can this be fixed on the kernel side? Please let me know if you need more info or I am doing something really wrong :D Thanks! -- You are receiving this mail because: You are on the CC list for the bug.