diff options
Diffstat (limited to 'arch/ppc/Kconfig')
| -rw-r--r-- | arch/ppc/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/ppc/Kconfig b/arch/ppc/Kconfig index 6e6377a69d5b..54ce6da22644 100644 --- a/arch/ppc/Kconfig +++ b/arch/ppc/Kconfig | |||
| @@ -1083,6 +1083,23 @@ source "drivers/zorro/Kconfig" | |||
| 1083 | 1083 | ||
| 1084 | source kernel/power/Kconfig | 1084 | source kernel/power/Kconfig |
| 1085 | 1085 | ||
| 1086 | config SECCOMP | ||
| 1087 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 1088 | depends on PROC_FS | ||
| 1089 | default y | ||
| 1090 | help | ||
| 1091 | This kernel feature is useful for number crunching applications | ||
| 1092 | that may need to compute untrusted bytecode during their | ||
| 1093 | execution. By using pipes or other transports made available to | ||
| 1094 | the process as file descriptors supporting the read/write | ||
| 1095 | syscalls, it's possible to isolate those applications in | ||
| 1096 | their own address space using seccomp. Once seccomp is | ||
| 1097 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 1098 | and the task is only allowed to execute a few safe syscalls | ||
| 1099 | defined by each seccomp mode. | ||
| 1100 | |||
| 1101 | If unsure, say Y. Only embedded should say N here. | ||
| 1102 | |||
| 1086 | endmenu | 1103 | endmenu |
| 1087 | 1104 | ||
| 1088 | config ISA_DMA_API | 1105 | config ISA_DMA_API |