Commit 68c6ac33 authored by Michal Simek's avatar Michal Simek
Browse files

microblaze: Add seccomp support 



Add seccomp support.

Signed-off-by: default avatarMichal Simek <monstr@monstr.eu>
parent 04256096

arch/microblaze/Kconfig

+17 −0
Original line number Diff line number Diff line
@@ -121,6 +121,23 @@ config CMDLINE_FORCE 
	  Set this to have arguments from the default kernel command string

	  override those passed by the boot loader.



config SECCOMP

	bool "Enable seccomp to safely compute untrusted bytecode"

	depends on PROC_FS

	default y

	help

	  This kernel feature is useful for number crunching applications

	  that may need to compute untrusted bytecode during their

	  execution. By using pipes or other transports made available to

	  the process as file descriptors supporting the read/write

	  syscalls, it's possible to isolate those applications in

	  their own address space using seccomp. Once seccomp is

	  enabled via /proc/<pid>/seccomp, it cannot be disabled

	  and the task is only allowed to execute a few safe syscalls

	  defined by each seccomp mode.



	  If unsure, say Y. Only embedded should say N here.



endmenu



menu "Advanced setup"

arch/microblaze/include/asm/seccomp.h

0 → 100644
+16 −0
Original line number Diff line number Diff line 
#ifndef _ASM_MICROBLAZE_SECCOMP_H

#define _ASM_MICROBLAZE_SECCOMP_H



#include <linux/unistd.h>



#define __NR_seccomp_read		__NR_read

#define __NR_seccomp_write		__NR_write

#define __NR_seccomp_exit		__NR_exit

#define __NR_seccomp_sigreturn		__NR_sigreturn



#define __NR_seccomp_read_32		__NR_read

#define __NR_seccomp_write_32		__NR_write

#define __NR_seccomp_exit_32		__NR_exit

#define __NR_seccomp_sigreturn_32	__NR_sigreturn



#endif	/* _ASM_MICROBLAZE_SECCOMP_H */