On Fri, Feb 25, 2022 at 01:53:51PM +0000, Will Deacon wrote:

> I still think this new behaviour should be opt-in, so adding a sysctl for
> that would be my preference if we proceed with this approach.

I'm happy to have a sysctl but I'd rather it be opt out rather than opt
in since it seems better to default to enabling the security feature
when there is a strong expectation that it would seem better to enable
it by default sine it's not expected to be disruptive and the sysctl is
more of a "what if there's a problem" thing.