where xxx is the UUID of the disk. I then changed the boot order to boot that newly created entry. This seems to work because, when I run efibootmgr --unicode after a restart, it shows the newly created entry under BootCurrent.
However, when I run cat /sys/kernel/security/lsm, it still shows capability,landlock,lockdown,yama,bpf so it seems to have ignored the newly added lsm kernel parameter.
Am I missing something here, or why isn't it using the new value including apparmor for lsm? Is it possible, that certain kernel parameters are not supported?
I would like to enable AppArmor on my machine, and therefore I am following https://wiki.archlinux.org/title/AppArmor.
Since I'm using EFISTUB, I ran the following command to add the required
lsmkernel parameter:where
xxxis the UUID of the disk. I then changed the boot order to boot that newly created entry. This seems to work because, when I runefibootmgr --unicodeafter a restart, it shows the newly created entry underBootCurrent.However, when I run
cat /sys/kernel/security/lsm, it still showscapability,landlock,lockdown,yama,bpfso it seems to have ignored the newly addedlsmkernel parameter.Am I missing something here, or why isn't it using the new value including
apparmorforlsm? Is it possible, that certain kernel parameters are not supported?