You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
where xxx is the UUID of the disk. I then changed the boot order to boot that newly created entry. This seems to work because, when I run efibootmgr --unicode after a restart, it shows the newly created entry under BootCurrent.
However, when I run cat /sys/kernel/security/lsm, it still shows capability,landlock,lockdown,yama,bpf so it seems to have ignored the newly added lsm kernel parameter.
Am I missing something here, or why isn't it using the new value including apparmor for lsm? Is it possible, that certain kernel parameters are not supported?
The text was updated successfully, but these errors were encountered:
I would like to enable AppArmor on my machine, and therefore I am following https://wiki.archlinux.org/title/AppArmor.
Since I'm using EFISTUB, I ran the following command to add the required
lsmkernel parameter:# efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "Arch Linux" --loader /vmlinuz-linux --unicode 'cryptdevice=UUID=xxx:root root=/dev/mapper/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img lsm=landlock,lockdown,yama,integrity,apparmor,bpf'where
xxxis the UUID of the disk. I then changed the boot order to boot that newly created entry. This seems to work because, when I runefibootmgr --unicodeafter a restart, it shows the newly created entry underBootCurrent.However, when I run
cat /sys/kernel/security/lsm, it still showscapability,landlock,lockdown,yama,bpfso it seems to have ignored the newly addedlsmkernel parameter.Am I missing something here, or why isn't it using the new value including
apparmorforlsm? Is it possible, that certain kernel parameters are not supported?The text was updated successfully, but these errors were encountered: