it seems the linux kernel shipped with PVE doesn't have lockdown support:
(output of pve-kernel-6.2.9-1-pve)
is there a reason why its disabled at compile time?
i couldn't find any info about it, the default ubuntu kernel seems to support it.
edit:
https://git.proxmox.com/?p=pve-kernel.git;a=commit;h=f6d3198e5d8d038f86342a094b8472a69b6df608
->
https://bugzilla.proxmox.com/show_bug.cgi?id=2814
so, whats preventing enabling it again?
afaik is disabled when secureboot is disabled, i.e.
Code:
$ cat /sys/kernel/security/lsm
capability,yama,apparmor
is there a reason why its disabled at compile time?
i couldn't find any info about it, the default ubuntu kernel seems to support it.
edit:
https://git.proxmox.com/?p=pve-kernel.git;a=commit;h=f6d3198e5d8d038f86342a094b8472a69b6df608
->
https://bugzilla.proxmox.com/show_bug.cgi?id=2814
so, whats preventing enabling it again?
afaik is disabled when secureboot is disabled, i.e.
Code:
mokutil --disable-validation
Last edited: