On Thu, 6 Apr 2017, David Howells wrote: > James Morris <jmor...@namei.org> wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in that case.
Ideally, yes. > > Also, the implementation of lift_kernel_lockdown() should be conditional on > CONFIG_ALLOW_LOCKDOWN_LIFT. > > David > -- James Morris <jmor...@namei.org>
