1 files changed, 17 insertions, 0 deletions
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index 9def1f52d03a..2ba12d761723 100644
--- a/arch/tile/Kconfig
+++ b/arch/tile/Kconfig
@@ -32,6 +32,7 @@ config TILE
        select EDAC_SUPPORT
        select GENERIC_STRNCPY_FROM_USER
        select GENERIC_STRNLEN_USER
+        select HAVE_ARCH_SECCOMP_FILTER
 # FIXME: investigate whether we need/want these options.
 #       select HAVE_IOREMAP_PROT
@@ -221,6 +222,22 @@ config COMPAT
          If enabled, the kernel will support running TILE-Gx binaries
          that were built with the -m32 option.
+config SECCOMP
+        bool "Enable seccomp to safely compute untrusted bytecode"
+        depends on PROC_FS
+        help
+          This kernel feature is useful for number crunching applications
+          that may need to compute untrusted bytecode during their
+          execution. By using pipes or other transports made available to
+          the process as file descriptors supporting the read/write
+          syscalls, it's possible to isolate those applications in
+          their own address space using seccomp. Once seccomp is
+          enabled via prctl, it cannot be disabled and the task is only
+          allowed to execute a few safe syscalls defined by each seccomp
+          mode.
+          If unsure, say N.
 config SYSVIPC_COMPAT
        def_bool y
        depends on COMPAT && SYSVIPC

diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index 9def1f52d03a..2ba12d761723 100644 --- a/arch/tile/Kconfig +++ b/arch/tile/Kconfig
@@ -32,6 +32,7 @@ config TILE
32	select EDAC_SUPPORT	32	select EDAC_SUPPORT
33	select GENERIC_STRNCPY_FROM_USER	33	select GENERIC_STRNCPY_FROM_USER
34	select GENERIC_STRNLEN_USER	34	select GENERIC_STRNLEN_USER
		35	select HAVE_ARCH_SECCOMP_FILTER
35		36
36	# FIXME: investigate whether we need/want these options.	37	# FIXME: investigate whether we need/want these options.
37	# select HAVE_IOREMAP_PROT	38	# select HAVE_IOREMAP_PROT
@@ -221,6 +222,22 @@ config COMPAT
221	If enabled, the kernel will support running TILE-Gx binaries	222	If enabled, the kernel will support running TILE-Gx binaries
222	that were built with the -m32 option.	223	that were built with the -m32 option.
223		224
		225	config SECCOMP
		226	bool "Enable seccomp to safely compute untrusted bytecode"
		227	depends on PROC_FS
		228	help
		229	This kernel feature is useful for number crunching applications
		230	that may need to compute untrusted bytecode during their
		231	execution. By using pipes or other transports made available to
		232	the process as file descriptors supporting the read/write
		233	syscalls, it's possible to isolate those applications in
		234	their own address space using seccomp. Once seccomp is
		235	enabled via prctl, it cannot be disabled and the task is only
		236	allowed to execute a few safe syscalls defined by each seccomp
		237	mode.
		238
		239	If unsure, say N.
		240
224	config SYSVIPC_COMPAT	241	config SYSVIPC_COMPAT
225	def_bool y	242	def_bool y
226	depends on COMPAT && SYSVIPC	243	depends on COMPAT && SYSVIPC