Skip to content

Commit

Permalink
seccomp: drop now bogus dependency on PROC_FS
Browse files Browse the repository at this point in the history 
seccomp is prctl(2)-driven now.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
  • Loading branch information
Alexey Dobriyan authored and Ingo Molnar committed Sep 9, 2008
1 parent afe7382 commit 9c0bbee
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions arch/x86/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1205,15 +1205,14 @@ config IRQBALANCE
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
execution. By using pipes or other transports made available to
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
enabled via /proc/<pid>/seccomp, it cannot be disabled
enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode.

Expand Down

0 comments on commit 9c0bbee

Please sign in to comment.