summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorRalf Baechle <ralf@linux-mips.org>2005-03-18 17:36:42 +0000
committerRalf Baechle <ralf@linux-mips.org>2005-10-29 19:30:58 +0100
commit127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch)
tree9e6b394e9987b933707856422879922016532533 /arch
parent53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff)
downloadlinux-127c6f662348cbf2b1c09e6fc2748af316f7d2d6.tar.bz2
SECCOMP for MIPS.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'arch')
-rw-r--r--arch/mips/Kconfig17
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 41d782e207c3..b54ac9a75d5f 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1530,6 +1530,23 @@ config BINFMT_ELF32
bool
default y if MIPS32_O32 || MIPS32_N32
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS && BROKEN
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via /proc/<pid>/seccomp, it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
+ If unsure, say Y. Only embedded should say N here.
+
config PM
bool "Power Management support (EXPERIMENTAL)"
depends on EXPERIMENTAL && MACH_AU1X00