On 05/14/2018 08:34 AM, Florian Weimer wrote: >>> The initial PKRU value can currently be configured by the system >>> administrator. I fear this approach has too many moving parts to be >>> viable. >> >> Honestly, I think we should drop that option. I don’t see how we can >> expect an administrator to do this usefully. > > I don't disagree—it makes things way less predictable in practice. I originally put that thing in there to make Andy happy with the initial permissions, and give us a way to back it out if something went wrong. I have no objections to removing it either. -- To unsubscribe from this list: send the line "unsubscribe linux-x86_64" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html