It would be alright but allows the root user to use TIOCSTI to compromise applications which might not be good within an untrusted root threat model (we’d also need to restrict ptrace from root and some other things).
The linux-hardened patches have tons of issues with the debian kernel sources. I’ve tried to fix it but it still wouldn’t work so I gave up (might try again some time though).
We should stay as close to the main linux-hardened patch set as possible and try to get it to work for us. I’m already planning on submitting patches like Harden module auto-loading by madaidan · Pull Request #19 · anthraxx/linux-hardened · GitHub