diff options
Diffstat (limited to 'arch/microblaze/Kconfig')
| -rw-r--r-- | arch/microblaze/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..dad40fc2bef8 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig | |||
| @@ -121,6 +121,23 @@ config CMDLINE_FORCE | |||
| 121 | Set this to have arguments from the default kernel command string | 121 | Set this to have arguments from the default kernel command string |
| 122 | override those passed by the boot loader. | 122 | override those passed by the boot loader. |
| 123 | 123 | ||
| 124 | config SECCOMP | ||
| 125 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 126 | depends on PROC_FS | ||
| 127 | default y | ||
| 128 | help | ||
| 129 | This kernel feature is useful for number crunching applications | ||
| 130 | that may need to compute untrusted bytecode during their | ||
| 131 | execution. By using pipes or other transports made available to | ||
| 132 | the process as file descriptors supporting the read/write | ||
| 133 | syscalls, it's possible to isolate those applications in | ||
| 134 | their own address space using seccomp. Once seccomp is | ||
| 135 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 136 | and the task is only allowed to execute a few safe syscalls | ||
| 137 | defined by each seccomp mode. | ||
| 138 | |||
| 139 | If unsure, say Y. Only embedded should say N here. | ||
| 140 | |||
| 124 | endmenu | 141 | endmenu |
| 125 | 142 | ||
| 126 | menu "Advanced setup" | 143 | menu "Advanced setup" |