SECCOMP for MIPS.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
author: Ralf Baechle <ralf@linux-mips.org> 2005-03-18 17:36:42 +0000
committer: Ralf Baechle <ralf@linux-mips.org> 2005-10-29 19:30:58 +0100
commit: 127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch)
tree: 9e6b394e9987b933707856422879922016532533 /arch/mips/Kconfig
parent: 53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 41d782e207c3..b54ac9a75d5f 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1530,6 +1530,23 @@ config BINFMT_ELF32
 	bool
 	default y if MIPS32_O32 || MIPS32_N32
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS && BROKEN
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 config PM
 	bool "Power Management support (EXPERIMENTAL)"
 	depends on EXPERIMENTAL && MACH_AU1X00
author	Ralf Baechle <ralf@linux-mips.org>	2005-03-18 17:36:42 +0000
committer	Ralf Baechle <ralf@linux-mips.org>	2005-10-29 19:30:58 +0100
commit	127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch)
tree	9e6b394e9987b933707856422879922016532533 /arch/mips/Kconfig
parent	53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff)