See https://bugs.archlinux.org/task/23242 for more info: Description: I can't use securityfs with other (eg. AppArmor) LSMs. TOMOYO seems to be breaking everything and can't be even disabled. Also it does not provide option to disable/enable it by default bootparam in kernel config. on 2.6.36 i can see only tomoyo directory in /sys/kernel/security/ and on 2.6.37 i can't see anything at all. I've tried to disable it using ccsecurity=off (according to old-version docs: http://tomoyo.sourceforge.jp/1.8/phase-1.html.en ) I've tried to disable it using tomoyo=0 (according to how selinux and apparmor are disabled by selinux=0 and apparmor=0) i've tried to override it using security=apparmor non of those approaches made apparmor usable Additional info: * package version(s) * config and/or log files etc. [root@insomnia harvie]# uname -a Linux insomnia 2.6.37-ARCH #1 SMP PREEMPT Tue Mar 8 08:08:06 UTC 2011 i686 Mobile AMD Sempron(tm) Processor 3000+ AuthenticAMD GNU/Linux [root@insomnia harvie]# aa-status apparmor module is loaded. apparmor filesystem is not mounted. [root@insomnia harvie]# mount | grep -i security none on /sys/kernel/security type securityfs (rw) [root@insomnia harvie]# ls -a /sys/kernel/security . .. [root@insomnia harvie]# cat /proc/cmdline BOOT_IMAGE=/vmlinuz26 root=/dev/disk/by-uuid/348c69e0-de31-4589-bf0a-276815c5e17a ro resume=/dev/sda3 ccsecurity=off security=apparmor video=sisfb:mode:1280x800x32,rate:76 [root@insomnia harvie]# zcat /proc/config.gz | grep -i 'TOMOYO|APPARMOR' [root@insomnia harvie]# zcat /proc/config.gz | grep -Ei 'TOMOYO|APPARMOR' CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set ------------------------------ log from 2.6.36: [16:35:29] 0 ;) root@molly:~# uname -a Linux molly 2.6.36-ARCH #1 SMP PREEMPT Fri Dec 10 20:32:37 CET 2010 x86_64 Intel(R) Xeon(R) CPU X3430 @ 2.40GHz GenuineIntel GNU/Linux [16:35:33] 0 ;) root@molly:~# aa-status apparmor module is loaded. apparmor filesystem is not mounted. [16:35:44] 3 ;( root@molly:~# mount | grep -i security none on /sys/kernel/security type securityfs (rw) [16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security tomoyo/ ./ ../ [16:35:59] 0 ;) root@molly:~# cat /proc/cmdline root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200 [16:36:07] 0 ;) root@molly:~# zcat /proc/config.gz | grep -Ei 'TOMOYO|APPARMOR' CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
sorry, i was just bit confused about apparmor, forget about it