diff options
author | Ralf Baechle <ralf@linux-mips.org> | 2005-03-18 12:36:42 -0500 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2005-10-29 14:30:58 -0400 |
commit | 127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch) | |
tree | 9e6b394e9987b933707856422879922016532533 /arch | |
parent | 53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff) |
SECCOMP for MIPS.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/mips/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index 41d782e207c3..b54ac9a75d5f 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig | |||
@@ -1530,6 +1530,23 @@ config BINFMT_ELF32 | |||
1530 | bool | 1530 | bool |
1531 | default y if MIPS32_O32 || MIPS32_N32 | 1531 | default y if MIPS32_O32 || MIPS32_N32 |
1532 | 1532 | ||
1533 | config SECCOMP | ||
1534 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
1535 | depends on PROC_FS && BROKEN | ||
1536 | default y | ||
1537 | help | ||
1538 | This kernel feature is useful for number crunching applications | ||
1539 | that may need to compute untrusted bytecode during their | ||
1540 | execution. By using pipes or other transports made available to | ||
1541 | the process as file descriptors supporting the read/write | ||
1542 | syscalls, it's possible to isolate those applications in | ||
1543 | their own address space using seccomp. Once seccomp is | ||
1544 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
1545 | and the task is only allowed to execute a few safe syscalls | ||
1546 | defined by each seccomp mode. | ||
1547 | |||
1548 | If unsure, say Y. Only embedded should say N here. | ||
1549 | |||
1533 | config PM | 1550 | config PM |
1534 | bool "Power Management support (EXPERIMENTAL)" | 1551 | bool "Power Management support (EXPERIMENTAL)" |
1535 | depends on EXPERIMENTAL && MACH_AU1X00 | 1552 | depends on EXPERIMENTAL && MACH_AU1X00 |