Vanilla-OS
Landlock not loaded by kernel but expected by `tracker-miner-fs-3`
Issue Description
I just started using Vanilla OS, but cannot get my music library to show up in GNOME Music.
Investigating this, I found out that the tracker3 extractor used to gather the audio metadata refuses to run because the kernel has the landlock security module disabled:
$ tracker3 extract /mnt/media/Music/Alfa\ Mist/Antiphon/01.\ Keep\ On.opus
(tracker extract:558170): Tracker-CRITICAL **: 16:02:06.395: Could not get landlock supported ABI: Die Operation wird nicht unterstützt
**
Tracker:ERROR:../src/tracker/tracker-extract.c:59:extractor_child_setup: code should not be reached
Bail out! Tracker:ERROR:../src/tracker/tracker-extract.c:59:extractor_child_setup: code should not be reached
When this happens, I get the following messages on journalctl:
landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration
Refusing to extract file data since Landlock could not be enabled. Update your kernel to fix this warning.
Steps to Reproduce
- Run
tracker3 extract .(or supply any file)
On what version of Vanilla OS this happens?
Vanilla OS 2 Orchid
Additional Information
I think this issue was caused by #56 - before this PR, the CONFIG_LSM kernel config should have been used for initializing the LSMs (CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf") - but now, the kernel parameter lsm=integrity overrides this behaviour and stops landlock from loading.
I don't know if this is expected, but if it was, tracker-miner-fs-3 should at least be built without enforcing landlock usage.
$ cat /sys/kernel/security/lsm
lockdown,capability,ima,evmroot
I recently found out that the kernel args can easily be modified using abroot kargs edit.
Removing the lsm=integrity parameter from the kernel args fixes the issue.