summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-09-09 11:01:31 +0400
committerIngo Molnar <mingo@elte.hu>2008-09-09 09:09:51 +0200
commit9c0bbee8a6fc14107e9a7af6750bfe1056cbf4bc (patch)
tree19452ab3def68c249c51452f03f8501b3a74e7c8
parentafe73824f52d6767c77e9456f573a76075108279 (diff)
seccomp: drop now bogus dependency on PROC_FS
seccomp is prctl(2)-driven now. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r--arch/x86/Kconfig3
1 files changed, 1 insertions, 2 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 68d91c8233f..1e2afe60ba9 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1205,7 +1205,6 @@ config IRQBALANCE
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
- depends on PROC_FS
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
@@ -1213,7 +1212,7 @@ config SECCOMP
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
- enabled via /proc/<pid>/seccomp, it cannot be disabled
+ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode.