Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 68c6ac33 authored by Michal Simek's avatar Michal Simek
Browse files

microblaze: Add seccomp support



Add seccomp support.

Signed-off-by: default avatarMichal Simek <monstr@monstr.eu>
parent 04256096
Loading
Loading
Loading
Loading
+17 −0
Original line number Diff line number Diff line
@@ -121,6 +121,23 @@ config CMDLINE_FORCE
	  Set this to have arguments from the default kernel command string
	  override those passed by the boot loader.

config SECCOMP
	bool "Enable seccomp to safely compute untrusted bytecode"
	depends on PROC_FS
	default y
	help
	  This kernel feature is useful for number crunching applications
	  that may need to compute untrusted bytecode during their
	  execution. By using pipes or other transports made available to
	  the process as file descriptors supporting the read/write
	  syscalls, it's possible to isolate those applications in
	  their own address space using seccomp. Once seccomp is
	  enabled via /proc/<pid>/seccomp, it cannot be disabled
	  and the task is only allowed to execute a few safe syscalls
	  defined by each seccomp mode.

	  If unsure, say Y. Only embedded should say N here.

endmenu

menu "Advanced setup"
+16 −0
Original line number Diff line number Diff line
#ifndef _ASM_MICROBLAZE_SECCOMP_H
#define _ASM_MICROBLAZE_SECCOMP_H

#include <linux/unistd.h>

#define __NR_seccomp_read		__NR_read
#define __NR_seccomp_write		__NR_write
#define __NR_seccomp_exit		__NR_exit
#define __NR_seccomp_sigreturn		__NR_sigreturn

#define __NR_seccomp_read_32		__NR_read
#define __NR_seccomp_write_32		__NR_write
#define __NR_seccomp_exit_32		__NR_exit
#define __NR_seccomp_sigreturn_32	__NR_sigreturn

#endif	/* _ASM_MICROBLAZE_SECCOMP_H */