On Fri, Feb 25, 2022 at 03:11:43PM +0000, Mark Brown wrote: > On Fri, Feb 25, 2022 at 01:53:51PM +0000, Will Deacon wrote: > > > I still think this new behaviour should be opt-in, so adding a sysctl for > > that would be my preference if we proceed with this approach. > > I'm happy to have a sysctl but I'd rather it be opt out rather than opt > in since it seems better to default to enabling the security feature > when there is a strong expectation that it would seem better to enable > it by default sine it's not expected to be disruptive and the sysctl is > more of a "what if there's a problem" thing. I think new behaviour has to be opt-in, so that if somebody takes a new kernel then we can guarantee it's not going to break them. Systemd can enable this unconditionally if it wants to. Will
