Landlock not loaded by kernel but expected by tracker-miner-fs-3

[BlobCodes]

Issue Description

I just started using Vanilla OS, but cannot get my music library to show up in GNOME Music.

Investigating this, I found out that the tracker3 extractor used to gather the audio metadata refuses to run because the kernel has the landlock security module disabled:

$ tracker3 extract /mnt/media/Music/Alfa\ Mist/Antiphon/01.\ Keep\ On.opus 

(tracker extract:558170): Tracker-CRITICAL **: 16:02:06.395: Could not get landlock supported ABI: Die Operation wird nicht unterstützt
**
Tracker:ERROR:../src/tracker/tracker-extract.c:59:extractor_child_setup: code should not be reached
Bail out! Tracker:ERROR:../src/tracker/tracker-extract.c:59:extractor_child_setup: code should not be reached

When this happens, I get the following messages on journalctl:

landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration
Refusing to extract file data since Landlock could not be enabled. Update your kernel to fix this warning.

Steps to Reproduce

• Run tracker3 extract . (or supply any file)

On what version of Vanilla OS this happens?

Vanilla OS 2 Orchid

Additional Information

I think this issue was caused by #56 - before this PR, the CONFIG_LSM kernel config should have been used for initializing the LSMs (CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf") - but now, the kernel parameter lsm=integrity overrides this behaviour and stops landlock from loading.

I don't know if this is expected, but if it was, tracker-miner-fs-3 should at least be built without enforcing landlock usage.

---

$ cat /sys/kernel/security/lsm 
lockdown,capability,ima,evmroot

[BlobCodes]

I recently found out that the kernel args can easily be modified using abroot kargs edit.

Removing the lsm=integrity parameter from the kernel args fixes the issue.