aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/microblaze/Kconfig17
-rw-r--r--arch/microblaze/include/asm/seccomp.h16
2 files changed, 33 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
index 692fdfce2a23..dad40fc2bef8 100644
--- a/arch/microblaze/Kconfig
+++ b/arch/microblaze/Kconfig
@@ -121,6 +121,23 @@ config CMDLINE_FORCE
121 Set this to have arguments from the default kernel command string 121 Set this to have arguments from the default kernel command string
122 override those passed by the boot loader. 122 override those passed by the boot loader.
123 123
124config SECCOMP
125 bool "Enable seccomp to safely compute untrusted bytecode"
126 depends on PROC_FS
127 default y
128 help
129 This kernel feature is useful for number crunching applications
130 that may need to compute untrusted bytecode during their
131 execution. By using pipes or other transports made available to
132 the process as file descriptors supporting the read/write
133 syscalls, it's possible to isolate those applications in
134 their own address space using seccomp. Once seccomp is
135 enabled via /proc/<pid>/seccomp, it cannot be disabled
136 and the task is only allowed to execute a few safe syscalls
137 defined by each seccomp mode.
138
139 If unsure, say Y. Only embedded should say N here.
140
124endmenu 141endmenu
125 142
126menu "Advanced setup" 143menu "Advanced setup"
diff --git a/arch/microblaze/include/asm/seccomp.h b/arch/microblaze/include/asm/seccomp.h
new file mode 100644
index 000000000000..0d912758a0d7
--- /dev/null
+++ b/arch/microblaze/include/asm/seccomp.h
@@ -0,0 +1,16 @@
1#ifndef _ASM_MICROBLAZE_SECCOMP_H
2#define _ASM_MICROBLAZE_SECCOMP_H
3
4#include <linux/unistd.h>
5
6#define __NR_seccomp_read __NR_read
7#define __NR_seccomp_write __NR_write
8#define __NR_seccomp_exit __NR_exit
9#define __NR_seccomp_sigreturn __NR_sigreturn
10
11#define __NR_seccomp_read_32 __NR_read
12#define __NR_seccomp_write_32 __NR_write
13#define __NR_seccomp_exit_32 __NR_exit
14#define __NR_seccomp_sigreturn_32 __NR_sigreturn
15
16#endif /* _ASM_MICROBLAZE_SECCOMP_H */