X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=arch%2Fmicroblaze%2FKconfig;h=387d5ffdfd3aea4e9807349edb1a6d6852cbb221;hb=ce9d8d9f7214c7b74a5dd7be8221545269a31155;hp=692fdfce2a2357122119429ceb36779f13640560;hpb=e9a68707d736f4f73d7e209885d7b4c5c452b1dc;p=pandora-kernel.git diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig index 692fdfce2a23..387d5ffdfd3a 100644 --- a/arch/microblaze/Kconfig +++ b/arch/microblaze/Kconfig @@ -1,8 +1,3 @@ -# For a description of the syntax of this configuration file, -# see Documentation/kbuild/kconfig-language.txt. - -mainmenu "Linux/Microblaze Kernel Configuration" - config MICROBLAZE def_bool y select HAVE_MEMBLOCK @@ -121,6 +116,23 @@ config CMDLINE_FORCE Set this to have arguments from the default kernel command string override those passed by the boot loader. +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via /proc//seccomp, it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. Only embedded should say N here. + endmenu menu "Advanced setup"