diff options
-rw-r--r-- | arch/microblaze/Kconfig | 17 | ||||
-rw-r--r-- | arch/microblaze/include/asm/seccomp.h | 16 |
2 files changed, 33 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..dad40fc2bef8 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig | |||
@@ -121,6 +121,23 @@ config CMDLINE_FORCE | |||
121 | Set this to have arguments from the default kernel command string | 121 | Set this to have arguments from the default kernel command string |
122 | override those passed by the boot loader. | 122 | override those passed by the boot loader. |
123 | 123 | ||
124 | config SECCOMP | ||
125 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
126 | depends on PROC_FS | ||
127 | default y | ||
128 | help | ||
129 | This kernel feature is useful for number crunching applications | ||
130 | that may need to compute untrusted bytecode during their | ||
131 | execution. By using pipes or other transports made available to | ||
132 | the process as file descriptors supporting the read/write | ||
133 | syscalls, it's possible to isolate those applications in | ||
134 | their own address space using seccomp. Once seccomp is | ||
135 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
136 | and the task is only allowed to execute a few safe syscalls | ||
137 | defined by each seccomp mode. | ||
138 | |||
139 | If unsure, say Y. Only embedded should say N here. | ||
140 | |||
124 | endmenu | 141 | endmenu |
125 | 142 | ||
126 | menu "Advanced setup" | 143 | menu "Advanced setup" |
diff --git a/arch/microblaze/include/asm/seccomp.h b/arch/microblaze/include/asm/seccomp.h new file mode 100644 index 000000000000..0d912758a0d7 --- /dev/null +++ b/arch/microblaze/include/asm/seccomp.h | |||
@@ -0,0 +1,16 @@ | |||
1 | #ifndef _ASM_MICROBLAZE_SECCOMP_H | ||
2 | #define _ASM_MICROBLAZE_SECCOMP_H | ||
3 | |||
4 | #include <linux/unistd.h> | ||
5 | |||
6 | #define __NR_seccomp_read __NR_read | ||
7 | #define __NR_seccomp_write __NR_write | ||
8 | #define __NR_seccomp_exit __NR_exit | ||
9 | #define __NR_seccomp_sigreturn __NR_sigreturn | ||
10 | |||
11 | #define __NR_seccomp_read_32 __NR_read | ||
12 | #define __NR_seccomp_write_32 __NR_write | ||
13 | #define __NR_seccomp_exit_32 __NR_exit | ||
14 | #define __NR_seccomp_sigreturn_32 __NR_sigreturn | ||
15 | |||
16 | #endif /* _ASM_MICROBLAZE_SECCOMP_H */ | ||