On Wed, 3 Oct 2018, Kees Cook wrote: > On Wed, Oct 3, 2018 at 11:17 AM, James Morris <jmorris@xxxxxxxxx> wrote: > > On Tue, 2 Oct 2018, John Johansen wrote: > >> To me a list like > >> lsm.enable=X,Y,Z > > > > What about even simpler: > > > > lsm=selinux,!apparmor,yama > > We're going to have lsm.order=, so I'd like to keep it with a dot > separator (this makes it more like module parameters, too). You want > to mix enable/disable in the same string? That implies you'd want > implicit enabling (i.e. it complements the builtin enabling), which is > opposite from what John wanted. > Why can't this be the order as well? -- James Morris <jmorris@xxxxxxxxx>
