Linux-libre 4.5-gnu

author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2016-03-25 03:53:42 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2016-03-25 03:53:42 -0300
commit: 03dd4cb26d967f9588437b0fc9cc0e8353322bb7 (patch)
tree: fa581f6dc1c0596391690d1f67eceef3af8246dc /arch/um/Kconfig.um
parent: d4e493caf788ef44982e131ff9c786546904d934 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/arch/um/Kconfig.um b/arch/um/Kconfig.um
index 28a9885e3..4b2ed5858 100644
--- a/arch/um/Kconfig.um
+++ b/arch/um/Kconfig.um
@@ -104,3 +104,19 @@ config PGTABLE_LEVELS
 	int
 	default 3 if 3_LEVEL_PGTABLES
 	default 2
+
+config SECCOMP
+	def_bool y
+	prompt "Enable seccomp to safely compute untrusted bytecode"
+	---help---
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y.
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2016-03-25 03:53:42 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2016-03-25 03:53:42 -0300
commit	03dd4cb26d967f9588437b0fc9cc0e8353322bb7 (patch)
tree	fa581f6dc1c0596391690d1f67eceef3af8246dc /arch/um/Kconfig.um
parent	d4e493caf788ef44982e131ff9c786546904d934 (diff)