[SPARC64]: Add SECCOMP support.

Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2005-07-10 23:49:28 (GMT)
committer: David S. Miller <davem@davemloft.net> 2005-07-10 23:49:28 (GMT)
commit: bb49bcda15f1bc1a52c7f887db278447f332eaa7 (patch)
tree: dec754638f3cbc4123e715c42573648859e20735 /arch/sparc64/Kconfig
parent: af166d15c3ad4d501a0c4fb5b4547bb2ba205918 (diff)
download: linux-fsl-qoriq-bb49bcda15f1bc1a52c7f887db278447f332eaa7.tar.xz
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig
index 4b13292..6a47336 100644
--- a/arch/sparc64/Kconfig
+++ b/arch/sparc64/Kconfig
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
 
 endchoice
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 source kernel/Kconfig.hz
 
 source "init/Kconfig"
author	David S. Miller <davem@davemloft.net>	2005-07-10 23:49:28 (GMT)
committer	David S. Miller <davem@davemloft.net>	2005-07-10 23:49:28 (GMT)
commit	bb49bcda15f1bc1a52c7f887db278447f332eaa7 (patch)
tree	dec754638f3cbc4123e715c42573648859e20735 /arch/sparc64/Kconfig
parent	af166d15c3ad4d501a0c4fb5b4547bb2ba205918 (diff)
download	linux-fsl-qoriq-bb49bcda15f1bc1a52c7f887db278447f332eaa7.tar.xz