microblaze: Add seccomp support
Add seccomp support. Signed-off-by: Michal Simek <monstr@monstr.eu>
This commit is contained in:
Родитель
0425609680
Коммит
68c6ac3366
|
@ -121,6 +121,23 @@ config CMDLINE_FORCE
|
|||
Set this to have arguments from the default kernel command string
|
||||
override those passed by the boot loader.
|
||||
|
||||
config SECCOMP
|
||||
bool "Enable seccomp to safely compute untrusted bytecode"
|
||||
depends on PROC_FS
|
||||
default y
|
||||
help
|
||||
This kernel feature is useful for number crunching applications
|
||||
that may need to compute untrusted bytecode during their
|
||||
execution. By using pipes or other transports made available to
|
||||
the process as file descriptors supporting the read/write
|
||||
syscalls, it's possible to isolate those applications in
|
||||
their own address space using seccomp. Once seccomp is
|
||||
enabled via /proc/<pid>/seccomp, it cannot be disabled
|
||||
and the task is only allowed to execute a few safe syscalls
|
||||
defined by each seccomp mode.
|
||||
|
||||
If unsure, say Y. Only embedded should say N here.
|
||||
|
||||
endmenu
|
||||
|
||||
menu "Advanced setup"
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
#ifndef _ASM_MICROBLAZE_SECCOMP_H
|
||||
#define _ASM_MICROBLAZE_SECCOMP_H
|
||||
|
||||
#include <linux/unistd.h>
|
||||
|
||||
#define __NR_seccomp_read __NR_read
|
||||
#define __NR_seccomp_write __NR_write
|
||||
#define __NR_seccomp_exit __NR_exit
|
||||
#define __NR_seccomp_sigreturn __NR_sigreturn
|
||||
|
||||
#define __NR_seccomp_read_32 __NR_read
|
||||
#define __NR_seccomp_write_32 __NR_write
|
||||
#define __NR_seccomp_exit_32 __NR_exit
|
||||
#define __NR_seccomp_sigreturn_32 __NR_sigreturn
|
||||
|
||||
#endif /* _ASM_MICROBLAZE_SECCOMP_H */
|
Загрузка…
Ссылка в новой задаче