diff options
Diffstat (limited to 'arch/parisc/Kconfig')
| -rw-r--r-- | arch/parisc/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 6e75e2030927..1554a6f2a5bb 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig | |||
| @@ -321,6 +321,22 @@ source "fs/Kconfig" | |||
| 321 | 321 | ||
| 322 | source "arch/parisc/Kconfig.debug" | 322 | source "arch/parisc/Kconfig.debug" |
| 323 | 323 | ||
| 324 | config SECCOMP | ||
| 325 | def_bool y | ||
| 326 | prompt "Enable seccomp to safely compute untrusted bytecode" | ||
| 327 | ---help--- | ||
| 328 | This kernel feature is useful for number crunching applications | ||
| 329 | that may need to compute untrusted bytecode during their | ||
| 330 | execution. By using pipes or other transports made available to | ||
| 331 | the process as file descriptors supporting the read/write | ||
| 332 | syscalls, it's possible to isolate those applications in | ||
| 333 | their own address space using seccomp. Once seccomp is | ||
| 334 | enabled via prctl(PR_SET_SECCOMP), it cannot be disabled | ||
| 335 | and the task is only allowed to execute a few safe syscalls | ||
| 336 | defined by each seccomp mode. | ||
| 337 | |||
| 338 | If unsure, say Y. Only embedded should say N here. | ||
| 339 | |||
| 324 | source "security/Kconfig" | 340 | source "security/Kconfig" |
| 325 | 341 | ||
| 326 | source "crypto/Kconfig" | 342 | source "crypto/Kconfig" |