summaryrefslogtreecommitdiff
path: root/arch/s390/Kconfig
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2009-06-12 12:26:26 +0400
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2009-06-12 12:27:31 +0400
commitbcf5cef7db869dd3b0ec55ad99641e66b2f5cf02 (patch)
tree56119ef1804f60122aba7b780768938936d180a1 /arch/s390/Kconfig
parent7757591ab4a36314a258e181dbf0994415c288c2 (diff)
downloadlinux-bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02.tar.xz
[S390] secure computing arch backend
Enable secure computing on s390 as well. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/Kconfig')
-rw-r--r--arch/s390/Kconfig18
1 files changed, 18 insertions, 0 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 2eca5fe0e75b..1094787e97e5 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -567,6 +567,24 @@ bool "s390 guest support for KVM (EXPERIMENTAL)"
the KVM hypervisor. This will add detection for KVM as well as a
virtio transport. If KVM is detected, the virtio console will be
the default console.
+
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via /proc/<pid>/seccomp, it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
+ If unsure, say Y.
+
endmenu
source "net/Kconfig"