Merge master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6

[linux-2.6] / arch / sparc64 / Kconfig

diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig
index 4b13292862422d1108fb57a686f5ff32c2b8626a..6a4733683f0fa746eb8fedaeb3ddef67c2d78ce0 100644 (file)
--- a/arch/sparc64/Kconfig
+++ b/arch/sparc64/Kconfig
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
 
 endchoice
 
+config SECCOMP
+       bool "Enable seccomp to safely compute untrusted bytecode"
+       depends on PROC_FS
+       default y
+       help
+         This kernel feature is useful for number crunching applications
+         that may need to compute untrusted bytecode during their
+         execution. By using pipes or other transports made available to
+         the process as file descriptors supporting the read/write
+         syscalls, it's possible to isolate those applications in
+         their own address space using seccomp. Once seccomp is
+         enabled via /proc/<pid>/seccomp, it cannot be disabled
+         and the task is only allowed to execute a few safe syscalls
+         defined by each seccomp mode.
+
+         If unsure, say Y. Only embedded should say N here.
+
 source kernel/Kconfig.hz
 
 source "init/Kconfig"