diff options
author | Helge Deller <deller@gmx.de> | 2014-08-27 16:39:56 +0400 |
---|---|---|
committer | Helge Deller <deller@gmx.de> | 2014-08-27 16:39:56 +0400 |
commit | c90f06943e05519a87140dc407cf589c220aeedf (patch) | |
tree | e2ae9c471881462dba751849fc1ea0a53dc36168 /arch/parisc/Kconfig | |
parent | 3335f75a8877ac50f27510cda1368108bca0f151 (diff) | |
download | linux-c90f06943e05519a87140dc407cf589c220aeedf.tar.xz |
parisc: Wire up seccomp, getrandom and memfd_create syscalls
With secure computing we only support the SECCOMP_MODE_STRICT mode for
now.
Signed-off-by: Helge Deller <deller@gmx.de>
Diffstat (limited to 'arch/parisc/Kconfig')
-rw-r--r-- | arch/parisc/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 6e75e2030927..1554a6f2a5bb 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -321,6 +321,22 @@ source "fs/Kconfig" source "arch/parisc/Kconfig.debug" +config SECCOMP + def_bool y + prompt "Enable seccomp to safely compute untrusted bytecode" + ---help--- + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. Only embedded should say N here. + source "security/Kconfig" source "crypto/Kconfig" |