|author||Michal Simek <email@example.com>||2010-08-06 08:50:35 +0200|
|committer||Michal Simek <firstname.lastname@example.org>||2010-10-21 15:51:25 +1000|
microblaze: Add seccomp support
Add seccomp support. Signed-off-by: Michal Simek <email@example.com>
Diffstat (limited to 'arch/microblaze/Kconfig')
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
index 692fdfce2a2..dad40fc2bef 100644
@@ -121,6 +121,23 @@ config CMDLINE_FORCE
Set this to have arguments from the default kernel command string
override those passed by the boot loader.
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS
+ default y
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via /proc/<pid>/seccomp, it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+ If unsure, say Y. Only embedded should say N here.
menu "Advanced setup"