Is this a clean installation of 10.0 - as opposed to an upgrade? Can you please report whether the capability module is loaded? 

This is an upgrade. Capability module is loaded. Still apparmor cannot be started

This can be worked around by ensuring that the capability module is not loaded at boot time.

Edit the file: /etc/sysconfig/kernel 

Ensure that the configuration entry:
   MODULES_LOADED_ON_BOOT=""
does _not_ contain an entry for the capability module.

If it does remove the text (leaving the parameter blank if nothing else is there) and then save the file. During the next boot process this module will not be loaded.

To fix this for the currently running system run the following as root:

rmmod capability
rcsubdomain restart

I executed your proposals. But still:

centraal:~ # cd /etc/sysconfig/
centraal:/etc/sysconfig # mcedit kernel

centraal:/etc/sysconfig # rmmod capability
centraal:/etc/sysconfig # rcsubdomain restart
FATAL: Error inserting subdomain (/lib/modules/2.6.13-15-default/kernel/security                                            /subdomain/subdomain.ko): Resource temporarily unavailable
Loading SubDomain module                                             failed
- could not start SubDomain                                          failed
centraal:/etc/sysconfig #

Can you perform the following and attach the output?

Thanks for your help.

1) cat /proc/cmdline
2) uname -a
3) lsmod output before AND after running rmmod capability
4) dmesg

Created attachment 55601 [details]
output fronm one of my boxes

Sorry I missed a step. 
I need the dmesg output from after you run "rcsubdomain start".

So:
  rcusbdomain start
  dmesg > dmesg.txt


Sorry about that. Thanks again for the help.

Created attachment 55612 [details]
dmsg after command 'rcusbdomain start '

Hi Henk.

Thanks for providing us your dmesg, but the kernel messages are obviously not present.  All I can think is that the ide errors are occuring with such frequency to flush them.

I'm assuming 'modprobe subdomain' (with MODULES_LOADED_ON_BOOT="") fails also.   Can you confirm.   Also, if it fails, what happens if you try 'modprobe capability'?

I realise this is frustrating but it is unclear at this point why the module is not loading for you.   I don't see any other LSM modules loaded in your lsmod samples which is what normally causes the message you provided.  

This is a unmodified SuSE kernel, correct?

As an example,  the following is what I see on my SL10 system with MODULES_LOADED_ON_BOOT="".

sles10smp: # uname -a
Linux ermintrude 2.6.13-15-smp #1 SMP Tue Sep 13 14:56:15 UTC 2005 i686 i6  
sles10smp: # modprobe subdomain
sles10smp: # rmmod subdomain
sles10smp: # modprobe capability
sles10smp: # modprobe subdomain
FATAL: Error inserting subdomain (/lib/modules/2.6.13-15-smp/kernel/security/subdomain/subdomain.ko): Resource temporarily unavailable
sles10smp: # dmesg | tail -4
SubDomain: SubDomain (version 1.2-13.42r5011imnx_suse) initialized
SubDomain: SubDomain protection removed
Capability LSM initialized
SubDomain: Unable to load SubDomain


If you cannot get clean logging from dmesg, you may want to try adding a line like this to syslog.conf (or the equiv if you are using syslogng)

kern.*  -/var/log/kern

and then restart syslogd (/etc/init.d/syslog restart)


Thanks for your patience and cooperation.

Hello Tony,
I think I found the bug myself. I still had the service avguard loaded and started. In SuSE 9.3 and before, dazuko had to be loaded before capability. So MODULES_LOADED_ON_BOOT="dazuko capability".
Your college asked me to removed capability from that list, or at least, that is what I understood. You asked me for MODULES_LOADED_ON_BOOT="". So I emptied it.
Now I discovered that dazuko should be removed too. 

Now module subdomain will be loaded as it should do!!
By by to antivir!

Thanks

Putting all the keywords in one comment field to assist bugzilla searches: dazuko apparmor immunix subdomain antivir MODULES_LOADED_ON_BOOT