CONFIG_MODIFY_LDT_SYSCALL: Enable the LDT (local descriptor table)

The Linux kernel configuration item CONFIG_MODIFY_LDT_SYSCALL:

Linux can allow user programs to install a per-process x86 Local Descriptor Table (LDT) using the modify_ldt(2) system call. This is required to run 16-bit or segmented code such as DOSEMU or some Wine programs. It is also used by some very old threading libraries.

Enabling this feature adds a small amount of overhead to context switches and increases the low-level kernel attack surface. Disabling it removes the modify_ldt(2) system call.

Saying 'N' here may make sense for embedded or server kernels.



