diff options
author | Paul Mundt <lethal@linux-sh.org> | 2008-07-30 15:30:52 +0900 |
---|---|---|
committer | Paul Mundt <lethal@linux-sh.org> | 2008-08-02 04:39:32 +0900 |
commit | c4637d475170ca0d99973efd07df727012db6cd1 (patch) | |
tree | 8d2f6581dfaf0ea148753845513fff3dd53ce13f /arch/sh/Kconfig | |
parent | cec3fd3e2a7cacf37e2bd6d9fa915337245cc563 (diff) | |
download | op-kernel-dev-c4637d475170ca0d99973efd07df727012db6cd1.zip op-kernel-dev-c4637d475170ca0d99973efd07df727012db6cd1.tar.gz |
sh: seccomp support.
This hooks up the seccomp thread flag and associated callback from the
syscall tracer.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Diffstat (limited to 'arch/sh/Kconfig')
-rw-r--r-- | arch/sh/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index cb992c3..0ae5411 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -483,6 +483,23 @@ config CRASH_DUMP For more details see Documentation/kdump/kdump.txt +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via prctl, it cannot be disabled and the task is only + allowed to execute a few safe syscalls defined by each seccomp + mode. + + If unsure, say N. + config SMP bool "Symmetric multi-processing support" depends on SYS_SUPPORTS_SMP |