seccomp: drop now bogus dependency on PROC_FS

seccomp is prctl(2)-driven now. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>

seccomp: drop now bogus dependency on PROC_FS
seccomp is prctl(2)-driven now. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Alexey Dobriyan · Ingo Molnar
1 parent afe73824f5
Showing 1 changed file with 1 additions and 2 deletions Side-by-side Diff
arch/x86/Kconfig
@@ -1205,7 +1205,6 @@
 config SECCOMP
 	def_bool y
 	prompt "Enable seccomp to safely compute untrusted bytecode"
-	depends on PROC_FS
 	help
 	  This kernel feature is useful for number crunching applications
 	  that may need to compute untrusted bytecode during their
@@ -1213,7 +1212,7 @@
 	  the process as file descriptors supporting the read/write
 	  syscalls, it's possible to isolate those applications in
 	  their own address space using seccomp. Once seccomp is
-	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
 	  and the task is only allowed to execute a few safe syscalls
 	  defined by each seccomp mode.
...	...	@@ -1205,7 +1205,6 @@
1205	1205	config SECCOMP
1206	1206	def_bool y
1207	1207	prompt "Enable seccomp to safely compute untrusted bytecode"
1208		- depends on PROC_FS
1209	1208	help
1210	1209	This kernel feature is useful for number crunching applications
1211	1210	that may need to compute untrusted bytecode during their
...	...	@@ -1213,7 +1212,7 @@
1213	1212	the process as file descriptors supporting the read/write
1214	1213	syscalls, it's possible to isolate those applications in
1215	1214	their own address space using seccomp. Once seccomp is
1216		- enabled via /proc/<pid>/seccomp, it cannot be disabled
	1215	+ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
1217	1216	and the task is only allowed to execute a few safe syscalls
1218	1217	defined by each seccomp mode.
1219	1218