Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter
From: Kees Cook <hidden>
Date: 2018-10-03 18:20:50
Also in:
linux-arch, linux-doc, lkml
From: Kees Cook <hidden>
Date: 2018-10-03 18:20:50
Also in:
linux-arch, linux-doc, lkml
On Wed, Oct 3, 2018 at 11:17 AM, James Morris [off-list ref] wrote:
On Tue, 2 Oct 2018, John Johansen wrote:quoted
To me a list like lsm.enable=X,Y,ZWhat about even simpler: lsm=selinux,!apparmor,yama
We're going to have lsm.order=, so I'd like to keep it with a dot separator (this makes it more like module parameters, too). You want to mix enable/disable in the same string? That implies you'd want implicit enabling (i.e. it complements the builtin enabling), which is opposite from what John wanted. -Kees -- Kees Cook Pixel Security