diff options
author | Ralf Baechle <ralf@linux-mips.org> | 2005-03-18 17:36:42 +0000 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2005-10-29 19:30:58 +0100 |
commit | 127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch) | |
tree | 9e6b394e9987b933707856422879922016532533 | |
parent | 53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff) |
SECCOMP for MIPS.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-rw-r--r-- | arch/mips/Kconfig | 17 | ||||
-rw-r--r-- | include/asm-mips/thread_info.h | 10 |
2 files changed, 23 insertions, 4 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index 41d782e207c..b54ac9a75d5 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -1530,6 +1530,23 @@ config BINFMT_ELF32 bool default y if MIPS32_O32 || MIPS32_N32 +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS && BROKEN + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via /proc/<pid>/seccomp, it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. Only embedded should say N here. + config PM bool "Power Management support (EXPERIMENTAL)" depends on EXPERIMENTAL && MACH_AU1X00 diff --git a/include/asm-mips/thread_info.h b/include/asm-mips/thread_info.h index a70cb0854c8..66a0c2ae7d6 100644 --- a/include/asm-mips/thread_info.h +++ b/include/asm-mips/thread_info.h @@ -114,6 +114,7 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define TIF_SIGPENDING 2 /* signal pending */ #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ #define TIF_SYSCALL_AUDIT 4 /* syscall auditing active */ +#define TIF_SECCOMP 5 /* secure computing */ #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */ #define TIF_MEMDIE 18 @@ -124,13 +125,14 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) +#define _TIF_SECCOMP (1<<TIF_SECCOMP) #define _TIF_USEDFPU (1<<TIF_USEDFPU) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) -#define _TIF_WORK_MASK 0x0000ffef /* work to do on - interrupt/exception return */ -#define _TIF_ALLWORK_MASK 0x8000ffff /* work to do on any return to - u-space */ +/* work to do on interrupt/exception return */ +#define _TIF_WORK_MASK (0x0000ffef & ~_TIF_SECCOMP) +/* work to do on any return to u-space */ +#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP) #endif /* __KERNEL__ */ |