apparmor: Update help description of policy hash for introspection

Update help to note this option is not needed for small embedded systems
where regular policy introspection is not used.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 348ed6cfa08a02f2d0aad87b2c552cb46913542f..272dca497c6d2830d42b7718756aad547e81d68a 100644 (file)
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -25,7 +25,10 @@ config SECURITY_APPARMOR_HASH
        default y
        help
          This option selects whether introspection of loaded policy
-         is available to userspace via the apparmor filesystem.
+         hashes is available to userspace via the apparmor
+         filesystem. This option provides a light weight means of
+         checking loaded policy.  This option adds to policy load
+         time and can be disabled for small embedded systems.
 
 config SECURITY_APPARMOR_HASH_DEFAULT
        bool "Enable policy hash introspection by default"