diff options
| -rw-r--r-- | arch/x86/Kconfig | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 68d91c8233f4..1e2afe60ba99 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -1205,7 +1205,6 @@ config IRQBALANCE | |||
| 1205 | config SECCOMP | 1205 | config SECCOMP |
| 1206 | def_bool y | 1206 | def_bool y |
| 1207 | prompt "Enable seccomp to safely compute untrusted bytecode" | 1207 | prompt "Enable seccomp to safely compute untrusted bytecode" |
| 1208 | depends on PROC_FS | ||
| 1209 | help | 1208 | help |
| 1210 | This kernel feature is useful for number crunching applications | 1209 | This kernel feature is useful for number crunching applications |
| 1211 | that may need to compute untrusted bytecode during their | 1210 | that may need to compute untrusted bytecode during their |
| @@ -1213,7 +1212,7 @@ config SECCOMP | |||
| 1213 | the process as file descriptors supporting the read/write | 1212 | the process as file descriptors supporting the read/write |
| 1214 | syscalls, it's possible to isolate those applications in | 1213 | syscalls, it's possible to isolate those applications in |
| 1215 | their own address space using seccomp. Once seccomp is | 1214 | their own address space using seccomp. Once seccomp is |
| 1216 | enabled via /proc/<pid>/seccomp, it cannot be disabled | 1215 | enabled via prctl(PR_SET_SECCOMP), it cannot be disabled |
| 1217 | and the task is only allowed to execute a few safe syscalls | 1216 | and the task is only allowed to execute a few safe syscalls |
| 1218 | defined by each seccomp mode. | 1217 | defined by each seccomp mode. |
| 1219 | 1218 | ||