microblaze: Add seccomp support

Add seccomp support. Signed-off-by: Michal Simek <monstr@monstr.eu>
author: Michal Simek <monstr@monstr.eu> 2010-08-06 02:50:35 -0400
committer: Michal Simek <monstr@monstr.eu> 2010-10-21 01:51:25 -0400
commit: 68c6ac3366764730c6cc6bcc7003b233bd6b6571 (patch)
tree: a8496bc7ab8490d6ff68b6a653c11eb289844684 /arch/microblaze/Kconfig
parent: 0425609680927f3368b0e0270452d41759d43b3f (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
index 692fdfce2a23..dad40fc2bef8 100644
--- a/arch/microblaze/Kconfig
+++ b/arch/microblaze/Kconfig
@@ -121,6 +121,23 @@ config CMDLINE_FORCE
          Set this to have arguments from the default kernel command string
          override those passed by the boot loader.
+config SECCOMP
+        bool "Enable seccomp to safely compute untrusted bytecode"
+        depends on PROC_FS
+        default y
+        help
+          This kernel feature is useful for number crunching applications
+          that may need to compute untrusted bytecode during their
+          execution. By using pipes or other transports made available to
+          the process as file descriptors supporting the read/write
+          syscalls, it's possible to isolate those applications in
+          their own address space using seccomp. Once seccomp is
+          enabled via /proc/<pid>/seccomp, it cannot be disabled
+          and the task is only allowed to execute a few safe syscalls
+          defined by each seccomp mode.
+          If unsure, say Y. Only embedded should say N here.
 endmenu
 menu "Advanced setup"
author	Michal Simek <monstr@monstr.eu>	2010-08-06 02:50:35 -0400
committer	Michal Simek <monstr@monstr.eu>	2010-10-21 01:51:25 -0400
commit	68c6ac3366764730c6cc6bcc7003b233bd6b6571 (patch)
tree	a8496bc7ab8490d6ff68b6a653c11eb289844684 /arch/microblaze/Kconfig
parent	0425609680927f3368b0e0270452d41759d43b3f (diff)

diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..dad40fc2bef8 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig
@@ -121,6 +121,23 @@ config CMDLINE_FORCE
121	Set this to have arguments from the default kernel command string	121	Set this to have arguments from the default kernel command string
122	override those passed by the boot loader.	122	override those passed by the boot loader.
123		123
		124	config SECCOMP
		125	bool "Enable seccomp to safely compute untrusted bytecode"
		126	depends on PROC_FS
		127	default y
		128	help
		129	This kernel feature is useful for number crunching applications
		130	that may need to compute untrusted bytecode during their
		131	execution. By using pipes or other transports made available to
		132	the process as file descriptors supporting the read/write
		133	syscalls, it's possible to isolate those applications in
		134	their own address space using seccomp. Once seccomp is
		135	enabled via /proc/<pid>/seccomp, it cannot be disabled
		136	and the task is only allowed to execute a few safe syscalls
		137	defined by each seccomp mode.
		138
		139	If unsure, say Y. Only embedded should say N here.
		140
124	endmenu	141	endmenu
125		142
126	menu "Advanced setup"	143	menu "Advanced setup"