On Wed, Oct 3, 2018 at 11:17 AM, James Morris <jmorris@xxxxxxxxx> wrote: > On Tue, 2 Oct 2018, John Johansen wrote: >> To me a list like >> lsm.enable=X,Y,Z > > What about even simpler: > > lsm=selinux,!apparmor,yama We're going to have lsm.order=, so I'd like to keep it with a dot separator (this makes it more like module parameters, too). You want to mix enable/disable in the same string? That implies you'd want implicit enabling (i.e. it complements the builtin enabling), which is opposite from what John wanted. -Kees -- Kees Cook Pixel Security
