On Fri, Sep 22, 2023 at 04:55:05PM +0200, KP Singh wrote: > This config influences the nature of the static key that guards the > static call for LSM hooks. > > When enabled, it indicates that an LSM static call slot is more likely > to be initialized. When disabled, it optimizes for the case when static > call slot is more likely to be not initialized. > > When a major LSM like (SELinux, AppArmor, Smack etc) is active on a > system the system would benefit from enabling the config. However there > are other cases which would benefit from the config being disabled > (e.g. a system with a BPF LSM with no hooks enabled by default, or an > LSM like loadpin / yama). Ultimately, there is no one-size fits all > solution. > [...] > Acked-by: Song Liu <song@xxxxxxxxxx> > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx> Looks great! Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
