sh: seccomp support.
This hooks up the seccomp thread flag and associated callback from the
syscall tracer.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index cb992c3..0ae5411 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -483,6 +483,23 @@
For more details see Documentation/kdump/kdump.txt
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via prctl, it cannot be disabled and the task is only
+ allowed to execute a few safe syscalls defined by each seccomp
+ mode.
+
+ If unsure, say N.
+
config SMP
bool "Symmetric multi-processing support"
depends on SYS_SUPPORTS_SMP