diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-09-09 11:01:31 +0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2008-09-09 09:09:51 +0200 |
commit | 9c0bbee8a6fc14107e9a7af6750bfe1056cbf4bc (patch) | |
tree | 19452ab3def68c249c51452f03f8501b3a74e7c8 | |
parent | afe73824f52d6767c77e9456f573a76075108279 (diff) |
seccomp: drop now bogus dependency on PROC_FS
seccomp is prctl(2)-driven now.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r-- | arch/x86/Kconfig | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 68d91c8233f..1e2afe60ba9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1205,7 +1205,6 @@ config IRQBALANCE config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" - depends on PROC_FS help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their @@ -1213,7 +1212,7 @@ config SECCOMP the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is - enabled via /proc/<pid>/seccomp, it cannot be disabled + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode. |