LIDS modes

BOOT
Valid until LIDS is 'Sealed" (/sbin/lidsadm -I)
No capability-related ACLs are enforced
File ACLs are still enforced

POSTBOOT
After LIDS sealing time
Both capability and file ACLs are enforced

SHUTDOWN
After "lidsadm -S -- +SHUTDOWN" is called
Allow more capabilities here to allow unmounting, for example.

LEARNING
ACL violation are logged, but not restricted
lids_learnd can read message and write out related rules for integration into your ACL lists.