Commit 9c0bbee8a6fc14107e9a7af6750bfe1056cbf4bc
Committed by
Ingo Molnar
1 parent
afe73824f5
Exists in
master
and in
20 other branches
seccomp: drop now bogus dependency on PROC_FS
seccomp is prctl(2)-driven now. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Showing 1 changed file with 1 additions and 2 deletions Side-by-side Diff
arch/x86/Kconfig
... | ... | @@ -1205,7 +1205,6 @@ |
1205 | 1205 | config SECCOMP |
1206 | 1206 | def_bool y |
1207 | 1207 | prompt "Enable seccomp to safely compute untrusted bytecode" |
1208 | - depends on PROC_FS | |
1209 | 1208 | help |
1210 | 1209 | This kernel feature is useful for number crunching applications |
1211 | 1210 | that may need to compute untrusted bytecode during their |
... | ... | @@ -1213,7 +1212,7 @@ |
1213 | 1212 | the process as file descriptors supporting the read/write |
1214 | 1213 | syscalls, it's possible to isolate those applications in |
1215 | 1214 | their own address space using seccomp. Once seccomp is |
1216 | - enabled via /proc/<pid>/seccomp, it cannot be disabled | |
1215 | + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled | |
1217 | 1216 | and the task is only allowed to execute a few safe syscalls |
1218 | 1217 | defined by each seccomp mode. |
1219 | 1218 |