[Bug 1205603] New: bpf lsm enabled but not included in LSM list - openSUSE Kernel Bugs - openSUSE Mailing Lists

newer
[Bug 1210068] Leap 15.5 beta...

[Bug 1205603] New: bpf lsm enabled but not included in LSM list

older
[Bug 1210111] intel 3400 sata...

bugzilla_noreply＠suse.com

21 Nov 2022 21 Nov '22

15:55

https://bugzilla.suse.com/show_bug.cgi?id=1205603 Bug ID: 1205603 Summary: bpf lsm enabled but not included in LSM list Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: mrueckert@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- During my system upgrades i noticed the following message: ```systemd[1]: bpf-lsm: BPF LSM hook not enabled in the kernel, BPF LSM not supported``` but we have: ```CONFIG_BPF_LSM=y``` i asked Frank Bui what it checks for. it checks for the string "bpf" in this list: ``` cat /sys/kernel/security/lsm lockdown,capability,apparmor ``` it seems ```CONFIG_LSM="integrity,apparmor"``` needs an update. -- You are receiving this mail because: You are the assignee for the bug.

Attachments:

attachment.html (text/html — 2.5 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠suse.com

21 Nov 21 Nov

15:57

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

https://bugzilla.suse.com/show_bug.cgi?id=1205603 https://bugzilla.suse.com/show_bug.cgi?id=1205603#c1 --- Comment #1 from Jeff Mahoney --- The default value for this in the upstream kernel when apparmor is the default LSM: landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

23 Nov 23 Nov

17:06

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

https://bugzilla.suse.com/show_bug.cgi?id=1205603 https://bugzilla.suse.com/show_bug.cgi?id=1205603#c2 Takashi Iwai changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tiwai@suse.com --- Comment #2 from Takashi Iwai --- bpf was removed from the list explicitly, at commit 0a20128a486536db31e484f5848e239f8acd0fba: Revert "config: Enable BPF LSM" (bsc#1197746) This reverts commit c2c25b18721866d6211054f542987036ed6e0a50. This config change was reported to break boot if SELinux is enabled. Revert until we have a fix. -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

24 Nov 24 Nov

10:45

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

https://bugzilla.suse.com/show_bug.cgi?id=1205603 https://bugzilla.suse.com/show_bug.cgi?id=1205603#c3 --- Comment #3 from Marcus R�ckert --- well there was more removed than just bpf :) -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10:49

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

https://bugzilla.suse.com/show_bug.cgi?id=1205603 https://bugzilla.suse.com/show_bug.cgi?id=1205603#c4 --- Comment #4 from Takashi Iwai --- Not really, others haven't been added from the beginning in our config. OTOH, bpf was added once but removed later due to a regression. -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

7 Feb 7 Feb

10:49

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

https://bugzilla.suse.com/show_bug.cgi?id=1205603 https://bugzilla.suse.com/show_bug.cgi?id=1205603#c5 Alexander Bergmann changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abergmann@suse.com --- Comment #5 from Alexander Bergmann --- I've came across the problem that YAMA is not initialized during boot. There is also no /proc/sys/kernel/yama directory because of this. It looks like yama is also missing inside the CONFIG_LSM variable. Compared to Ubuntu, where the access to the ptrace_scope switch is possible, the SUSE configuration also missing 'Landlock support' and 'kernel lockdown'. CONFIG_LSM="landlock,lockdown,yama,integrity,apparmor" -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

17 Apr 17 Apr

15:59

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

http://bugzilla.suse.com/show_bug.cgi?id=1205603 http://bugzilla.suse.com/show_bug.cgi?id=1205603#c10 Marcus Rückert changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #10 from Marcus Rückert --- this seems fixed in TW -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

16:02

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

http://bugzilla.suse.com/show_bug.cgi?id=1205603 http://bugzilla.suse.com/show_bug.cgi?id=1205603#c11 Marcus Rückert changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Status|RESOLVED |REOPENED --- Comment #11 from Marcus Rückert --- reopen in case we want to update the list also in leap/SLE -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

16:09

New subject: [Bug 1205603] bpf lsm enabled but not included in LSM list

http://bugzilla.suse.com/show_bug.cgi?id=1205603 http://bugzilla.suse.com/show_bug.cgi?id=1205603#c12 Dirk Mueller changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jeffm@suse.com) CC| |jeffm@suse.com --- Comment #12 from Dirk Mueller --- Jeff, this needs to be fixed in the ALP kernel as well (and SLE etc)? not listing selinux in SLE15 seems wrong -- You are receiving this mail because: You are the assignee for the bug.

Reply

Sign in to reply online Use email software

388

Age (days ago)

535

Last active (days ago)

Download

8 comments

1 participants

tags

participants (1)

bugzilla_noreply＠suse.com