microblaze: Add seccomp support Add seccomp support. Signed-off-by: Michal Simek <monstr@monstr.eu>

commit: 68c6ac3366764730c6cc6bcc7003b233bd6b6571 [log] [tgz]
author: Michal Simek <monstr@monstr.eu> Fri Aug 06 08:50:35 2010 +0200
committer: Michal Simek <monstr@monstr.eu> Thu Oct 21 15:51:25 2010 +1000
tree: a8496bc7ab8490d6ff68b6a653c11eb289844684
parent: 0425609680927f3368b0e0270452d41759d43b3f [diff] [blame]
diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
index 692fdfc..dad40fc 100644
--- a/arch/microblaze/Kconfig
+++ b/arch/microblaze/Kconfig

@@ -121,6 +121,23 @@
 	  Set this to have arguments from the default kernel command string
 	  override those passed by the boot loader.
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 endmenu
 
 menu "Advanced setup"
commit	68c6ac3366764730c6cc6bcc7003b233bd6b6571	[log] [tgz]
author	Michal Simek <monstr@monstr.eu>	Fri Aug 06 08:50:35 2010 +0200
committer	Michal Simek <monstr@monstr.eu>	Thu Oct 21 15:51:25 2010 +1000
tree	a8496bc7ab8490d6ff68b6a653c11eb289844684
parent	0425609680927f3368b0e0270452d41759d43b3f [diff] [blame]