diff options
| author | David S. Miller <davem@davemloft.net> | 2005-07-10 19:49:28 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2005-07-10 19:49:28 -0400 |
| commit | bb49bcda15f1bc1a52c7f887db278447f332eaa7 (patch) | |
| tree | dec754638f3cbc4123e715c42573648859e20735 /arch/sparc64/Kconfig | |
| parent | af166d15c3ad4d501a0c4fb5b4547bb2ba205918 (diff) | |
[SPARC64]: Add SECCOMP support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64/Kconfig')
| -rw-r--r-- | arch/sparc64/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig index 4b1329286242..6a4733683f0f 100644 --- a/arch/sparc64/Kconfig +++ b/arch/sparc64/Kconfig | |||
| @@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB | |||
| 43 | 43 | ||
| 44 | endchoice | 44 | endchoice |
| 45 | 45 | ||
| 46 | config SECCOMP | ||
| 47 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 48 | depends on PROC_FS | ||
| 49 | default y | ||
| 50 | help | ||
| 51 | This kernel feature is useful for number crunching applications | ||
| 52 | that may need to compute untrusted bytecode during their | ||
| 53 | execution. By using pipes or other transports made available to | ||
| 54 | the process as file descriptors supporting the read/write | ||
| 55 | syscalls, it's possible to isolate those applications in | ||
| 56 | their own address space using seccomp. Once seccomp is | ||
| 57 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 58 | and the task is only allowed to execute a few safe syscalls | ||
| 59 | defined by each seccomp mode. | ||
| 60 | |||
| 61 | If unsure, say Y. Only embedded should say N here. | ||
| 62 | |||
| 46 | source kernel/Kconfig.hz | 63 | source kernel/Kconfig.hz |
| 47 | 64 | ||
| 48 | source "init/Kconfig" | 65 | source "init/Kconfig" |