madaidan via Whonix Forum:
security-misc enables it after X starts which isn’t as good as having it enabled all the time.
I see. Maybe better add this as a sysctl, in a package that gets only
installed inside VMs? (then it would also be enabled in initramfs
already) Reason is that this would be way more easy to disable / debug /
Do we have other (security) settings too which are VM-only?
Do we have other (security) settings too which are host-only?
Also we yet have to create security-paranoid(opt-in package for settings
which are too experimental for security-misc default package?