[pvl1]

Hello,
I have two ARMv7h boards, neither of which were able to mount a nfs server over ipv4, but were able to using ipv6. I noticed that when the board would begin a tcp session, the syn packet had extra IP layer parameters. These options are related to section 3.2 of rfc7569, something about netlabels, CIPSO and ipv4 MLS systems. None of which i have deployed/configured.
This led to tracked me down to the following kernel option:
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,landlock"

While my stock 6.10.10 x86_64 nfs server has:
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"

After compiling an arm kernel with that LSM line, my arm board is able to mount the nfs server over ipv4.

Thank you

[graysky]

Which kernel package are you currently using? linux-armv7? Also, do you mind compiling it with this line and reporting back:
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,landlock,lockdown,bpf"

[pvl1]

Hello @graysky
Indeed it was linux-armv7|
I tried compiling with your CONFIG_LSM and I am able to mount nfs.
I recognize that this is a matter of including bpf
its not even listed at make_clickable_callback(MAGIC_URL_FULL, '
', 'https://docs.kernel.org/admin-guide/LSM/index.html', '', ' class="postlink"')

could i have used the stock kernel and either installed bpf or augmented the kernel command line to enable bpf?
thank you

[graysky]

What do you mean by the "stock kernel"?

[pvl1]

sorry that was misleading.
by stock, i meant using the repo linux-armv7 package.
not in anyway modifying the package

[graysky]

Makes sense, I will modify the config for linux-armv7.