From c90f06943e05519a87140dc407cf589c220aeedf Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@gmx.de>
Date: Wed, 27 Aug 2014 14:39:56 +0200
Subject: parisc: Wire up seccomp, getrandom and memfd_create syscalls

With secure computing we only support the SECCOMP_MODE_STRICT mode for
now.

Signed-off-by: Helge Deller <deller@gmx.de>
---
 arch/parisc/Kconfig | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'arch/parisc/Kconfig')

diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig
index 6e75e2030927..1554a6f2a5bb 100644
--- a/arch/parisc/Kconfig
+++ b/arch/parisc/Kconfig
@@ -321,6 +321,22 @@ source "fs/Kconfig"
 
 source "arch/parisc/Kconfig.debug"
 
+config SECCOMP
+	def_bool y
+	prompt "Enable seccomp to safely compute untrusted bytecode"
+	---help---
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 source "security/Kconfig"
 
 source "crypto/Kconfig"
-- 
cgit v1.2.3-59-g8ed1b