diff options
author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2009-06-12 10:26:26 +0200 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2009-06-12 10:27:31 +0200 |
commit | bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02 (patch) | |
tree | 56119ef1804f60122aba7b780768938936d180a1 /arch/s390/Kconfig | |
parent | 7757591ab4a36314a258e181dbf0994415c288c2 (diff) | |
download | op-kernel-dev-bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02.zip op-kernel-dev-bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02.tar.gz |
[S390] secure computing arch backend
Enable secure computing on s390 as well.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/Kconfig')
-rw-r--r-- | arch/s390/Kconfig | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 2eca5fe..1094787 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -567,6 +567,24 @@ bool "s390 guest support for KVM (EXPERIMENTAL)" the KVM hypervisor. This will add detection for KVM as well as a virtio transport. If KVM is detected, the virtio console will be the default console. + +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via /proc/<pid>/seccomp, it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. + endmenu source "net/Kconfig" |