[S390] secure computing arch backend Enable secure computing on s390 as well. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

commit: bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02 [log] [tgz]
author: Heiko Carstens <heiko.carstens@de.ibm.com> Fri Jun 12 10:26:26 2009 +0200
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> Fri Jun 12 10:27:31 2009 +0200
tree: 56119ef1804f60122aba7b780768938936d180a1
parent: 7757591ab4a36314a258e181dbf0994415c288c2 [diff] [blame]
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 2eca5fe..1094787 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig

@@ -567,6 +567,24 @@
 	  the KVM hypervisor. This will add detection for KVM as well  as a
 	  virtio transport. If KVM is detected, the virtio console will be
 	  the default console.
+
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y.
+
 endmenu
 
 source "net/Kconfig"
commit	bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02	[log] [tgz]
author	Heiko Carstens <heiko.carstens@de.ibm.com>	Fri Jun 12 10:26:26 2009 +0200
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	Fri Jun 12 10:27:31 2009 +0200
tree	56119ef1804f60122aba7b780768938936d180a1
parent	7757591ab4a36314a258e181dbf0994415c288c2 [diff] [blame]