On Fri, Jan 03, 2025 at 03:48:23PM -0500, Liam R. Howlett wrote: > So we have at least two userspace uses that this will breaks: checkpoint > restore and now gVisor, but who knows what else? How many config > options before we decide this can't be just on by default? See my reply to Lorenzo, but I'm not arguing for it to be enabled by default. I was trying to show how we traditionally handle these kinds of features: putting their enablement behind a Kconfig and boot param that work together. That way distro kernels have it _available_ without making it _enabled_, and specialty kernels can have in enabled by default (and can disable it at boot if needed too). -- Kees Cook
