diff --git a/aya/src/sys/feature_probe.rs b/aya/src/sys/feature_probe.rs
index 0dd06120..e19b48c9 100644
--- a/aya/src/sys/feature_probe.rs
+++ b/aya/src/sys/feature_probe.rs
@@ -21,7 +21,7 @@ use super::{
 use crate::{
     MockableFd,
     maps::MapType,
-    programs::{ProgramError, ProgramType},
+    programs::{LsmAttachType, ProgramError, ProgramType},
     util::page_size,
 };
 
@@ -159,7 +159,10 @@ pub fn is_program_supported(program_type: ProgramType) -> Result<bool, ProgramEr
                 // explicitly.
                 //
                 // h/t to https://www.exein.io/blog/exploring-bpf-lsm-support-on-aarch64-with-ftrace.
-                if !matches!(program_type, ProgramType::Lsm(_)) {
+                //
+                // The same test for cGroup LSM programs would require attaching to a real cgroup,
+                // which is more involved and not possible in the general case.
+                if !matches!(program_type, ProgramType::Lsm(LsmAttachType::Mac)) {
                     Ok(true)
                 } else {
                     match bpf_raw_tracepoint_open(None, prog_fd.as_fd()) {
diff --git a/test/integration-test/src/tests/lsm.rs b/test/integration-test/src/tests/lsm.rs
index c4726883..795441ea 100644
--- a/test/integration-test/src/tests/lsm.rs
+++ b/test/integration-test/src/tests/lsm.rs
@@ -3,6 +3,7 @@ use aya::{
     Btf, Ebpf,
     programs::{Lsm, LsmAttachType, LsmCgroup, ProgramError, ProgramType},
     sys::{SyscallError, is_program_supported},
+    util::KernelVersion,
 };
 
 use crate::utils::Cgroup;
@@ -57,7 +58,19 @@ fn lsm_cgroup() {
     let prog = bpf.program_mut("test_lsm_cgroup").unwrap();
     let prog: &mut LsmCgroup = prog.try_into().unwrap();
     let btf = Btf::from_sys_fs().expect("could not get btf from sys");
-    prog.load("socket_bind", &btf).unwrap();
+    match prog.load("socket_bind", &btf) {
+        Ok(()) => {}
+        Err(err) => match err {
+            ProgramError::LoadError { io_error, .. }
+                if !is_program_supported(ProgramType::Lsm(LsmAttachType::Cgroup)).unwrap() =>
+            {
+                assert_eq!(io_error.raw_os_error(), Some(libc::EINVAL));
+                eprintln!("skipping test - LSM cgroup programs not supported at load");
+                return;
+            }
+            err => panic!("unexpected error loading LSM cgroup program: {err}"),
+        },
+    }
 
     assert_matches!(std::net::TcpListener::bind("127.0.0.1:0"), Ok(_));
 
@@ -68,12 +81,15 @@ fn lsm_cgroup() {
     let link_id = {
         let result = prog.attach(cgroup.fd());
 
-        if !is_program_supported(ProgramType::Lsm(LsmAttachType::Cgroup)).unwrap() {
+        // See https://www.exein.io/blog/exploring-bpf-lsm-support-on-aarch64-with-ftrace.
+        if cfg!(target_arch = "aarch64")
+            && KernelVersion::current().unwrap() < KernelVersion::new(6, 4, 0)
+        {
             assert_matches!(result, Err(ProgramError::SyscallError(SyscallError { call, io_error })) => {
                 assert_eq!(call, "bpf_link_create");
                 assert_eq!(io_error.raw_os_error(), Some(524));
             });
-            eprintln!("skipping test - LSM programs not supported");
+            eprintln!("skipping test - LSM cgroup programs not supported at attach");
             return;
         }
         result.unwrap()