diff options
Diffstat (limited to 'arch/s390/Kconfig')
| -rw-r--r-- | arch/s390/Kconfig | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 2eca5fe0e75b..1094787e97e5 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig | |||
| @@ -567,6 +567,24 @@ bool "s390 guest support for KVM (EXPERIMENTAL)" | |||
| 567 | the KVM hypervisor. This will add detection for KVM as well as a | 567 | the KVM hypervisor. This will add detection for KVM as well as a |
| 568 | virtio transport. If KVM is detected, the virtio console will be | 568 | virtio transport. If KVM is detected, the virtio console will be |
| 569 | the default console. | 569 | the default console. |
| 570 | |||
| 571 | config SECCOMP | ||
| 572 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 573 | depends on PROC_FS | ||
| 574 | default y | ||
| 575 | help | ||
| 576 | This kernel feature is useful for number crunching applications | ||
| 577 | that may need to compute untrusted bytecode during their | ||
| 578 | execution. By using pipes or other transports made available to | ||
| 579 | the process as file descriptors supporting the read/write | ||
| 580 | syscalls, it's possible to isolate those applications in | ||
| 581 | their own address space using seccomp. Once seccomp is | ||
| 582 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 583 | and the task is only allowed to execute a few safe syscalls | ||
| 584 | defined by each seccomp mode. | ||
| 585 | |||
| 586 | If unsure, say Y. | ||
| 587 | |||
| 570 | endmenu | 588 | endmenu |
| 571 | 589 | ||
| 572 | source "net/Kconfig" | 590 | source "net/Kconfig" |