diff options
| author | Michal Simek <monstr@monstr.eu> | 2010-08-06 02:50:35 -0400 |
|---|---|---|
| committer | Michal Simek <monstr@monstr.eu> | 2010-10-21 01:51:25 -0400 |
| commit | 68c6ac3366764730c6cc6bcc7003b233bd6b6571 (patch) | |
| tree | a8496bc7ab8490d6ff68b6a653c11eb289844684 /arch/microblaze | |
| parent | 0425609680927f3368b0e0270452d41759d43b3f (diff) | |
microblaze: Add seccomp support
Add seccomp support.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Diffstat (limited to 'arch/microblaze')
| -rw-r--r-- | arch/microblaze/Kconfig | 17 | ||||
| -rw-r--r-- | arch/microblaze/include/asm/seccomp.h | 16 |
2 files changed, 33 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..dad40fc2bef8 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig | |||
| @@ -121,6 +121,23 @@ config CMDLINE_FORCE | |||
| 121 | Set this to have arguments from the default kernel command string | 121 | Set this to have arguments from the default kernel command string |
| 122 | override those passed by the boot loader. | 122 | override those passed by the boot loader. |
| 123 | 123 | ||
| 124 | config SECCOMP | ||
| 125 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 126 | depends on PROC_FS | ||
| 127 | default y | ||
| 128 | help | ||
| 129 | This kernel feature is useful for number crunching applications | ||
| 130 | that may need to compute untrusted bytecode during their | ||
| 131 | execution. By using pipes or other transports made available to | ||
| 132 | the process as file descriptors supporting the read/write | ||
| 133 | syscalls, it's possible to isolate those applications in | ||
| 134 | their own address space using seccomp. Once seccomp is | ||
| 135 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 136 | and the task is only allowed to execute a few safe syscalls | ||
| 137 | defined by each seccomp mode. | ||
| 138 | |||
| 139 | If unsure, say Y. Only embedded should say N here. | ||
| 140 | |||
| 124 | endmenu | 141 | endmenu |
| 125 | 142 | ||
| 126 | menu "Advanced setup" | 143 | menu "Advanced setup" |
diff --git a/arch/microblaze/include/asm/seccomp.h b/arch/microblaze/include/asm/seccomp.h new file mode 100644 index 000000000000..0d912758a0d7 --- /dev/null +++ b/arch/microblaze/include/asm/seccomp.h | |||
| @@ -0,0 +1,16 @@ | |||
| 1 | #ifndef _ASM_MICROBLAZE_SECCOMP_H | ||
| 2 | #define _ASM_MICROBLAZE_SECCOMP_H | ||
| 3 | |||
| 4 | #include <linux/unistd.h> | ||
| 5 | |||
| 6 | #define __NR_seccomp_read __NR_read | ||
| 7 | #define __NR_seccomp_write __NR_write | ||
| 8 | #define __NR_seccomp_exit __NR_exit | ||
| 9 | #define __NR_seccomp_sigreturn __NR_sigreturn | ||
| 10 | |||
| 11 | #define __NR_seccomp_read_32 __NR_read | ||
| 12 | #define __NR_seccomp_write_32 __NR_write | ||
| 13 | #define __NR_seccomp_exit_32 __NR_exit | ||
| 14 | #define __NR_seccomp_sigreturn_32 __NR_sigreturn | ||
| 15 | |||
| 16 | #endif /* _ASM_MICROBLAZE_SECCOMP_H */ | ||