https://bugzilla.suse.com/show_bug.cgi?id=1197746 https://bugzilla.suse.com/show_bug.cgi?id=1197746#c9 --- Comment #9 from Fabian Vogt <fvogt@suse.com> --- (In reply to Micha�� Rostecki from comment #7)

What is setting the security=selinux parameter? Is it YaST? I will try to check, but I would appreciate some hints from someone who knows the answer.

YaST and prebuilt images at least, it's also part of the documentation. It's also used in some scripts like transactional-update.

If so, I think the good solution would be setting lsm=[...],bpf (with ensuring that BPF is the last one) exactly at the same place.

IMO breaking the security= option is not acceptable, especially with this rather misleading error and using lsm=...,bpf instead is a workaround at best. It would have to be implemented in YaST, changed in prebuilt images and also handled on kernel update installation (editing grub config in %post...). Is there any reason bpf signals that it implements the getprocattr hook? -- You are receiving this mail because: You are on the CC list for the bug.