Add CONFIG_AUDITSC and CONFIG_SECCOMP support for ppc32 Signed-off-by: David Woodhouse <dwmw2@infradead.org>

commit: ea9c102cb0a7969df5733d34f26e0b12c8a3c889 [log] [tgz]
author: David Woodhouse <dwmw2@shinybook.infradead.org> Sun May 08 15:56:09 2005 +0100
committer: David Woodhouse <dwmw2@shinybook.infradead.org> Sun May 08 15:56:09 2005 +0100
tree: 27383b18b9f62d3c4f1b5dd9f3daeffb10416c15
parent: 13e652800d1644dfedcd0d59ac95ef0beb7f3165 [diff] [blame]
diff --git a/arch/ppc/Kconfig b/arch/ppc/Kconfig
index 600f23d..cd752a3 100644
--- a/arch/ppc/Kconfig
+++ b/arch/ppc/Kconfig

@@ -1083,6 +1083,23 @@
 
 source kernel/power/Kconfig
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 endmenu
 
 config ISA_DMA_API
commit	ea9c102cb0a7969df5733d34f26e0b12c8a3c889	[log] [tgz]
author	David Woodhouse <dwmw2@shinybook.infradead.org>	Sun May 08 15:56:09 2005 +0100
committer	David Woodhouse <dwmw2@shinybook.infradead.org>	Sun May 08 15:56:09 2005 +0100
tree	27383b18b9f62d3c4f1b5dd9f3daeffb10416c15
parent	13e652800d1644dfedcd0d59ac95ef0beb7f3165 [diff] [blame]