From 65cc9c391c3c4096ccc47ecd8b9f58f470b57225 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 1 Feb 2021 02:20:35 -0800
Subject: apparmor: Update help description of policy hash for introspection

Update help to note this option is not needed for small embedded systems
where regular policy introspection is not used.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/Kconfig | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'security')

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 348ed6cfa08a..272dca497c6d 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -25,7 +25,10 @@ config SECURITY_APPARMOR_HASH
 	default y
 	help
 	  This option selects whether introspection of loaded policy
-	  is available to userspace via the apparmor filesystem.
+	  hashes is available to userspace via the apparmor
+	  filesystem. This option provides a light weight means of
+	  checking loaded policy.  This option adds to policy load
+	  time and can be disabled for small embedded systems.
 
 config SECURITY_APPARMOR_HASH_DEFAULT
        bool "Enable policy hash introspection by default"
-- 
cgit v1.2.3