diff options
| author | Paul Mundt <lethal@linux-sh.org> | 2008-07-30 02:30:52 -0400 |
|---|---|---|
| committer | Paul Mundt <lethal@linux-sh.org> | 2008-08-01 15:39:32 -0400 |
| commit | c4637d475170ca0d99973efd07df727012db6cd1 (patch) | |
| tree | 8d2f6581dfaf0ea148753845513fff3dd53ce13f /arch/sh/Kconfig | |
| parent | cec3fd3e2a7cacf37e2bd6d9fa915337245cc563 (diff) | |
sh: seccomp support.
This hooks up the seccomp thread flag and associated callback from the
syscall tracer.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Diffstat (limited to 'arch/sh/Kconfig')
| -rw-r--r-- | arch/sh/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index cb992c3d6b71..0ae541107f3f 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig | |||
| @@ -483,6 +483,23 @@ config CRASH_DUMP | |||
| 483 | 483 | ||
| 484 | For more details see Documentation/kdump/kdump.txt | 484 | For more details see Documentation/kdump/kdump.txt |
| 485 | 485 | ||
| 486 | config SECCOMP | ||
| 487 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 488 | depends on PROC_FS | ||
| 489 | default y | ||
| 490 | help | ||
| 491 | This kernel feature is useful for number crunching applications | ||
| 492 | that may need to compute untrusted bytecode during their | ||
| 493 | execution. By using pipes or other transports made available to | ||
| 494 | the process as file descriptors supporting the read/write | ||
| 495 | syscalls, it's possible to isolate those applications in | ||
| 496 | their own address space using seccomp. Once seccomp is | ||
| 497 | enabled via prctl, it cannot be disabled and the task is only | ||
| 498 | allowed to execute a few safe syscalls defined by each seccomp | ||
| 499 | mode. | ||
| 500 | |||
| 501 | If unsure, say N. | ||
| 502 | |||
| 486 | config SMP | 503 | config SMP |
| 487 | bool "Symmetric multi-processing support" | 504 | bool "Symmetric multi-processing support" |
| 488 | depends on SYS_SUPPORTS_SMP | 505 | depends on SYS_SUPPORTS_SMP |