提交 9c0bbee8 编写于 作者: A Alexey Dobriyan 提交者: Ingo Molnar

seccomp: drop now bogus dependency on PROC_FS

seccomp is prctl(2)-driven now.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
上级 afe73824
...@@ -1205,7 +1205,6 @@ config IRQBALANCE ...@@ -1205,7 +1205,6 @@ config IRQBALANCE
config SECCOMP config SECCOMP
def_bool y def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode" prompt "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
help help
This kernel feature is useful for number crunching applications This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their that may need to compute untrusted bytecode during their
...@@ -1213,7 +1212,7 @@ config SECCOMP ...@@ -1213,7 +1212,7 @@ config SECCOMP
the process as file descriptors supporting the read/write the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is their own address space using seccomp. Once seccomp is
enabled via /proc/<pid>/seccomp, it cannot be disabled enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
and the task is only allowed to execute a few safe syscalls and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode. defined by each seccomp mode.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册