kernel_optimize_test/arch/um/Kconfig.um
Mickaël Salaün c50b4659e4 um: Add seccomp support
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through
prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64
subarchitectures.

secure_computing() is called first in handle_syscall() so that the
syscall emulation will be aborted quickly if matching a seccomp rule.

This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Meredydd Luff <meredydd@senatehouse.org>
Cc: David Drysdale <drysdale@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Kees Cook <keescook@chromium.org>
2016-01-10 21:49:49 +01:00

123 lines
4.0 KiB
Plaintext

config STATIC_LINK
bool "Force a static link"
default n
help
This option gives you the ability to force a static link of UML.
Normally, UML is linked as a shared binary. This is inconvenient for
use in a chroot jail. So, if you intend to run UML inside a chroot,
you probably want to say Y here.
Additionally, this option enables using higher memory spaces (up to
2.75G) for UML.
source "mm/Kconfig"
config LD_SCRIPT_STATIC
bool
default y
depends on STATIC_LINK
config LD_SCRIPT_DYN
bool
default y
depends on !LD_SCRIPT_STATIC
source "fs/Kconfig.binfmt"
config HOSTFS
tristate "Host filesystem"
help
While the User-Mode Linux port uses its own root file system for
booting and normal file access, this module lets the UML user
access files stored on the host. It does not require any
network connection between the Host and UML. An example use of
this might be:
mount none /tmp/fromhost -t hostfs -o /tmp/umlshare
where /tmp/fromhost is an empty directory inside UML and
/tmp/umlshare is a directory on the host with files the UML user
wishes to access.
For more information, see
<http://user-mode-linux.sourceforge.net/hostfs.html>.
If you'd like to be able to work with files stored on the host,
say Y or M here; otherwise say N.
config MCONSOLE
bool "Management console"
depends on PROC_FS
default y
help
The user mode linux management console is a low-level interface to
the kernel, somewhat like the i386 SysRq interface. Since there is
a full-blown operating system running under every user mode linux
instance, there is much greater flexibility possible than with the
SysRq mechanism.
If you answer 'Y' to this option, to use this feature, you need the
mconsole client (called uml_mconsole) which is present in CVS in
2.4.5-9um and later (path /tools/mconsole), and is also in the
distribution RPM package in 2.4.6 and later.
It is safe to say 'Y' here.
config MAGIC_SYSRQ
bool "Magic SysRq key"
depends on MCONSOLE
help
If you say Y here, you will have some control over the system even
if the system crashes for example during kernel debugging (e.g., you
will be able to flush the buffer cache to disk, reboot the system
immediately or dump some status information). A key for each of the
possible requests is provided.
This is the feature normally accomplished by pressing a key
while holding SysRq (Alt+PrintScreen).
On UML, this is accomplished by sending a "sysrq" command with
mconsole, followed by the letter for the requested command.
The keys are documented in <file:Documentation/sysrq.txt>. Don't say Y
unless you really know what this hack does.
config KERNEL_STACK_ORDER
int "Kernel stack size order"
default 1 if 64BIT
range 1 10 if 64BIT
default 0 if !64BIT
help
This option determines the size of UML kernel stacks. They will
be 1 << order pages. The default is OK unless you're running Valgrind
on UML, in which case, set this to 3.
config MMAPPER
tristate "iomem emulation driver"
help
This driver allows a host file to be used as emulated IO memory inside
UML.
config NO_DMA
def_bool y
config PGTABLE_LEVELS
int
default 3 if 3_LEVEL_PGTABLES
default 2
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
---help---
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
execution. By using pipes or other transports made available to
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode.
If unsure, say Y.