X-Git-Url: https://git.karo-electronics.de/?a=blobdiff_plain;f=arch%2Fmicroblaze%2FKconfig;h=387d5ffdfd3aea4e9807349edb1a6d6852cbb221;hb=51399a391940e676877c7a791138081f13a0bab7;hp=44b4b76d7eca42b6f4c034e947d4ff461dee5da7;hpb=df4d303647ebe5e2f7e473e32ccef9f8549e9d45;p=mv-sheeva.git

diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
index 44b4b76d7ec..387d5ffdfd3 100644
--- a/arch/microblaze/Kconfig
+++ b/arch/microblaze/Kconfig
@@ -116,6 +116,23 @@ config CMDLINE_FORCE
 	  Set this to have arguments from the default kernel command string
 	  override those passed by the boot loader.
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 endmenu
 
 menu "Advanced setup"