Kernel landlock message on the logs

Hello there!

I’m on F40 and getting this message on the logs. What does it mean? I thought it could be related to the hardening planed, but those are for F41. I have Fedora’s kernel installed also, but I’m on CB for now. Is there some parameter I should use or just ignore it?

Captura de tela de 2024-05-16 10-49-531838×71 18.8 KB

❯ uname -a
Linux tars 6.9.0-cb1.0.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Mon May 13 17:59:23 UTC 2024 x86_64 GNU/Linux

❯ dmesg | grep landlock || journalctl -kb -g landlock
dmesg: read kernel buffer failed: Operação não permitida
mai 16 10:23:17 tars kernel: landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration

❯ zgrep -h "^CONFIG_LSM=" "/boot/config-$(uname -r)" /proc/config.gz 2>/dev/null
CONFIG_LSM="“lockdown,yama,integrity,selinux,bpf,landlock”"
CONFIG_LSM="“lockdown,yama,integrity,selinux,bpf,landlock”"

This does not appear to be a standard linux kernel that I am familiar with, nor one from rawhide.
What spin of f40 are you running?

6.9.0-cb1.0 is not Fedora’s kernel, is CachyOS’s. I have both Fedora’s and CachyOS’s kernels installed.
That seems related to not being booted to Fedora’s one. Is there a boot parameter or a build time parameter?

… or something else