seccomp: drop now bogus dependency on PROC_FS
authorAlexey Dobriyan <adobriyan@gmail.com>
Tue, 9 Sep 2008 07:01:31 +0000 (11:01 +0400)
committerIngo Molnar <mingo@elte.hu>
Tue, 9 Sep 2008 07:09:51 +0000 (09:09 +0200)
seccomp is prctl(2)-driven now.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
arch/x86/Kconfig

index 68d91c8233f42162039af96c8ed1fdd3e1d6a88e..1e2afe60ba992328268b7108ced2f69ea4276a8b 100644 (file)
@@ -1205,7 +1205,6 @@ config IRQBALANCE
 config SECCOMP
        def_bool y
        prompt "Enable seccomp to safely compute untrusted bytecode"
-       depends on PROC_FS
        help
          This kernel feature is useful for number crunching applications
          that may need to compute untrusted bytecode during their
@@ -1213,7 +1212,7 @@ config SECCOMP
          the process as file descriptors supporting the read/write
          syscalls, it's possible to isolate those applications in
          their own address space using seccomp. Once seccomp is
-         enabled via /proc/<pid>/seccomp, it cannot be disabled
+         enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
          and the task is only allowed to execute a few safe syscalls
          defined by each seccomp mode.