From ce2cb6ec7e9a868af6d71ddd29ca9e741ff871d7 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 9 Sep 2008 11:01:31 +0400 Subject: [PATCH] --- yaml --- r: 110373 b: refs/heads/master c: 9c0bbee8a6fc14107e9a7af6750bfe1056cbf4bc h: refs/heads/master i: 110371: 8bb63e0e90f804f79862622b8a9c5de31475ccf4 v: v3 --- [refs] | 2 +- trunk/arch/x86/Kconfig | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index 739f5d8e5af2..6cdaf1d6dd10 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: afe73824f52d6767c77e9456f573a76075108279 +refs/heads/master: 9c0bbee8a6fc14107e9a7af6750bfe1056cbf4bc diff --git a/trunk/arch/x86/Kconfig b/trunk/arch/x86/Kconfig index 68d91c8233f4..1e2afe60ba99 100644 --- a/trunk/arch/x86/Kconfig +++ b/trunk/arch/x86/Kconfig @@ -1205,7 +1205,6 @@ config IRQBALANCE config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" - depends on PROC_FS help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their @@ -1213,7 +1212,7 @@ config SECCOMP the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is - enabled via /proc//seccomp, it cannot be disabled + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode.