+17

arch/microblaze/Kconfig

reviewed

··· 121 121 Set this to have arguments from the default kernel command string 122 122 override those passed by the boot loader. 123 123 124 124 + config SECCOMP 125 125 + bool "Enable seccomp to safely compute untrusted bytecode" 126 126 + depends on PROC_FS 127 127 + default y 128 128 + help 129 129 + This kernel feature is useful for number crunching applications 130 130 + that may need to compute untrusted bytecode during their 131 131 + execution. By using pipes or other transports made available to 132 132 + the process as file descriptors supporting the read/write 133 133 + syscalls, it's possible to isolate those applications in 134 134 + their own address space using seccomp. Once seccomp is 135 135 + enabled via /proc/<pid>/seccomp, it cannot be disabled 136 136 + and the task is only allowed to execute a few safe syscalls 137 137 + defined by each seccomp mode. 138 138 + 139 139 + If unsure, say Y. Only embedded should say N here. 140 140 + 124 141 endmenu 125 142 126 143 menu "Advanced setup"

+16

arch/microblaze/include/asm/seccomp.h

reviewed

··· 1 1 + #ifndef _ASM_MICROBLAZE_SECCOMP_H 2 2 + #define _ASM_MICROBLAZE_SECCOMP_H 3 3 + 4 4 + #include <linux/unistd.h> 5 5 + 6 6 + #define __NR_seccomp_read __NR_read 7 7 + #define __NR_seccomp_write __NR_write 8 8 + #define __NR_seccomp_exit __NR_exit 9 9 + #define __NR_seccomp_sigreturn __NR_sigreturn 10 10 + 11 11 + #define __NR_seccomp_read_32 __NR_read 12 12 + #define __NR_seccomp_write_32 __NR_write 13 13 + #define __NR_seccomp_exit_32 __NR_exit 14 14 + #define __NR_seccomp_sigreturn_32 __NR_sigreturn 15 15 + 16 16 + #endif /* _ASM_MICROBLAZE_SECCOMP_H */