* Borislav Petkov <[email protected]> wrote:
> Oh, and you've built the kernel with the option to be able to disable
> PTI so it's not like you haven't seen it already.
In general in many corporate environments requiring kernel reboots or kernel
rebuilds limits the real-world usability of any kernel feature we offer down to
"non-existent". Saying "build your own kernel or reboot" is excluding a large
subset of our real-world users.
Build and boot options are fine for developers and testing. Otherwise
_everything_
not readily accessible when your distro kernel has booted up is essentially
behind
a usability (and corporate policy) wall so steep that it's essentially
non-existent to many users.
So either we make this properly sysctl (and/or prctl) controllable, or just
don't
do it at all.
Thanks,
Ingo
