diff options
author | Michal Simek <monstr@monstr.eu> | 2010-08-06 08:50:35 +0200 |
---|---|---|
committer | Michal Simek <monstr@monstr.eu> | 2010-10-21 15:51:25 +1000 |
commit | 68c6ac3366764730c6cc6bcc7003b233bd6b6571 (patch) | |
tree | a8496bc7ab8490d6ff68b6a653c11eb289844684 /arch/microblaze/Kconfig | |
parent | 0425609680927f3368b0e0270452d41759d43b3f (diff) |
microblaze: Add seccomp support
Add seccomp support.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Diffstat (limited to 'arch/microblaze/Kconfig')
-rw-r--r-- | arch/microblaze/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..dad40fc2bef8 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig @@ -121,6 +121,23 @@ config CMDLINE_FORCE Set this to have arguments from the default kernel command string override those passed by the boot loader. +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via /proc/<pid>/seccomp, it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. Only embedded should say N here. + endmenu menu "Advanced setup" |