apparmor: Update help description of policy hash for introspection

Update help to note this option is not needed for small embedded systems where regular policy introspection is not used. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen 2021-02-01 02:20:35 -0800
committer: John Johansen 2022-07-09 15:13:59 -0700
commit: 65cc9c391c3c4096ccc47ecd8b9f58f470b57225 (patch)
tree: a885dee0f47ee7d06dd7a08000d88755c4348fd9
parent: 0fc6ab404c521b403a73d0ec2410785ce2cf1fb4 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 348ed6cfa08a..272dca497c6d 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -25,7 +25,10 @@ config SECURITY_APPARMOR_HASH
 	default y
 	help
 	  This option selects whether introspection of loaded policy
-	  is available to userspace via the apparmor filesystem.
+	  hashes is available to userspace via the apparmor
+	  filesystem. This option provides a light weight means of
+	  checking loaded policy.  This option adds to policy load
+	  time and can be disabled for small embedded systems.
 
 config SECURITY_APPARMOR_HASH_DEFAULT
        bool "Enable policy hash introspection by default"
author	John Johansen	2021-02-01 02:20:35 -0800
committer	John Johansen	2022-07-09 15:13:59 -0700
commit	65cc9c391c3c4096ccc47ecd8b9f58f470b57225 (patch)
tree	a885dee0f47ee7d06dd7a08000d88755c4348fd9
parent	0fc6ab404c521b403a73d0ec2410785ce2cf1fb4 (diff)