summaryrefslogtreecommitdiff
path: root/arch/parisc/Kconfig
diff options
context:
space:
mode:
authorHelge Deller <deller@gmx.de>2014-08-27 14:39:56 +0200
committerHelge Deller <deller@gmx.de>2014-08-27 14:39:56 +0200
commitc90f06943e05519a87140dc407cf589c220aeedf (patch)
treee2ae9c471881462dba751849fc1ea0a53dc36168 /arch/parisc/Kconfig
parent3335f75a8877ac50f27510cda1368108bca0f151 (diff)
parisc: Wire up seccomp, getrandom and memfd_create syscalls
With secure computing we only support the SECCOMP_MODE_STRICT mode for now. Signed-off-by: Helge Deller <deller@gmx.de>
Diffstat (limited to 'arch/parisc/Kconfig')
-rw-r--r--arch/parisc/Kconfig16
1 files changed, 16 insertions, 0 deletions
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig
index 6e75e2030927..1554a6f2a5bb 100644
--- a/arch/parisc/Kconfig
+++ b/arch/parisc/Kconfig
@@ -321,6 +321,22 @@ source "fs/Kconfig"
source "arch/parisc/Kconfig.debug"
+config SECCOMP
+ def_bool y
+ prompt "Enable seccomp to safely compute untrusted bytecode"
+ ---help---
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
+ If unsure, say Y. Only embedded should say N here.
+
source "security/Kconfig"
source "crypto/Kconfig"