[mainline] LTP: lsm_list_modules02 test failing - syscall returns incorrect LSM IDs.

From: Samir M

Date: Mon Apr 13 2026 - 09:42:16 EST

Hi,

I'm reporting a bug in the lsm_list_modules() syscall on kernel version 7.0.0-rc7. The syscall is returning LSM IDs that don't match the active LSMs shown in /sys/kernel/security/lsm.

Problem Summary:
================
The lsm_list_modules() syscall returns LSM IDs for modules that are NOT active (safesetid, apparmor), while failing to return IDs for modules that ARE active (yama, ima).

Active LSMs (from /sys/kernel/security/lsm):
lockdown,capability,landlock,yama,selinux,bpf,ima,evm

Kernel Configuration:
=====================
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_SAFESETID is not set

This confirms AppArmor and SafeSetID are NOT compiled into the kernel.

Test Output:
============
Running: /opt/ltp/testcases/bin/lsm_list_modules02

tst_buffers.c:57: TINFO: Test is using guarded buffers
tst_test.c:2059: TINFO: LTP version: 20260130-105-g07b599e48
tst_test.c:2062: TINFO: Tested kernel: 7.0.0-rc7 #1 SMP PREEMPT ppc64le
tst_kconfig.c:90: TINFO: Parsing kernel config '/lib/modules/7.0.0-rc7/build/.config'
tst_test.c:1887: TINFO: Overall timeout per run is 0h 05m 24s
lsm_list_modules02.c:40: TPASS: lsm_list_modules(ids, size, 0) returned 8
lsm_list_modules02.c:42: TPASS: lsm_num == lsm_names_count (8)
lsm_list_modules02.c:43: TPASS: *size == lsm_num * sizeof(uint64_t) (64)
lsm_list_modules02.c:110: TFAIL: 'safesetid' has not been found
lsm_list_modules02.c:104: TPASS: 'capability' is enabled
lsm_list_modules02.c:104: TPASS: 'bpf' is enabled
lsm_list_modules02.c:110: TFAIL: 'apparmor' has not been found
lsm_list_modules02.c:104: TPASS: 'selinux' is enabled
lsm_list_modules02.c:104: TPASS: 'lockdown' is enabled
lsm_list_modules02.c:104: TPASS: 'landlock' is enabled
lsm_list_modules02.c:104: TPASS: 'evm' is enabled

Summary:
passed   9
failed   2
broken   0
skipped  0
warnings 0

The Issue:
==========
The lsm_list_modules() syscall is returning:
- safesetid (NOT in /sys/kernel/security/lsm and NOT compiled in kernel)
- apparmor (NOT in /sys/kernel/security/lsm and NOT compiled in kernel)

But it's NOT returning:
- yama (IS in /sys/kernel/security/lsm)
- ima (IS in /sys/kernel/security/lsm)

Expected Behavior:
==================
The lsm_list_modules() syscall should return LSM IDs that exactly match the active LSMs listed in /sys/kernel/security/lsm. It should not return IDs for LSMs that are not compiled into the kernel or not active.

Reproduction Steps:
===================
1. Install LTP at /opt/ltp
2. Verify active LSMs: cat /sys/kernel/security/lsm
3. Check kernel config to confirm AppArmor and SafeSetID are not compiled
4. Run: /opt/ltp/testcases/bin/lsm_list_modules02

Environment:
============
Kernel Version: 7.0.0-rc7
Architecture: ppc64le
LTP Version: 20260130-105-g07b599e48

This appears to be a bug in the lsm_list_modules() syscall implementation where it's not correctly reporting the active LSM modules.

If you happen to fix the above issue, then please add below tag.
Reported-by: Samir M <samir@xxxxxxxxxxxxx>

Thanks,
Samir