Skip to content

Commit

Permalink
microblaze: Add seccomp support
Browse files Browse the repository at this point in the history
Add seccomp support.

Signed-off-by: Michal Simek <monstr@monstr.eu>
  • Loading branch information
Michal Simek committed Oct 21, 2010
1 parent 0425609 commit 68c6ac3
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
17 changes: 17 additions & 0 deletions arch/microblaze/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,23 @@ config CMDLINE_FORCE
Set this to have arguments from the default kernel command string
override those passed by the boot loader.

config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
execution. By using pipes or other transports made available to
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
enabled via /proc/<pid>/seccomp, it cannot be disabled
and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode.

If unsure, say Y. Only embedded should say N here.

endmenu

menu "Advanced setup"
Expand Down
16 changes: 16 additions & 0 deletions arch/microblaze/include/asm/seccomp.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#ifndef _ASM_MICROBLAZE_SECCOMP_H
#define _ASM_MICROBLAZE_SECCOMP_H

#include <linux/unistd.h>

#define __NR_seccomp_read __NR_read
#define __NR_seccomp_write __NR_write
#define __NR_seccomp_exit __NR_exit
#define __NR_seccomp_sigreturn __NR_sigreturn

#define __NR_seccomp_read_32 __NR_read
#define __NR_seccomp_write_32 __NR_write
#define __NR_seccomp_exit_32 __NR_exit
#define __NR_seccomp_sigreturn_32 __NR_sigreturn

#endif /* _ASM_MICROBLAZE_SECCOMP_H */

0 comments on commit 68c6ac3

Please sign in to comment.