mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 01:51:53 +00:00
1d05772060
Enable the compat keyctl wrapper on s390x so that 32-bit s390 userspace can call the keyctl() syscall. There's an s390x assembly wrapper that truncates all the register values to 32-bits and this then calls compat_sys_keyctl() - but the latter only exists if CONFIG_KEYS_COMPAT is enabled, and the s390 Kconfig doesn't enable it. Without this patch, 32-bit calls to the keyctl() syscall are given an ENOSYS error: [root@devel4 ~]# keyctl show Session Keyring -3: key inaccessible (Function not implemented) Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: dan@danny.cz Cc: Carsten Otte <cotte@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Cc: linux-s390@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
648 lines
18 KiB
Plaintext
648 lines
18 KiB
Plaintext
config MMU
|
|
def_bool y
|
|
|
|
config ZONE_DMA
|
|
def_bool y
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config HAVE_LATENCYTOP_SUPPORT
|
|
def_bool y
|
|
|
|
config RWSEM_GENERIC_SPINLOCK
|
|
bool
|
|
|
|
config RWSEM_XCHGADD_ALGORITHM
|
|
def_bool y
|
|
|
|
config ARCH_HAS_ILOG2_U32
|
|
def_bool n
|
|
|
|
config ARCH_HAS_ILOG2_U64
|
|
def_bool n
|
|
|
|
config GENERIC_HWEIGHT
|
|
def_bool y
|
|
|
|
config GENERIC_TIME_VSYSCALL
|
|
def_bool y
|
|
|
|
config GENERIC_CLOCKEVENTS
|
|
def_bool y
|
|
|
|
config GENERIC_BUG
|
|
def_bool y if BUG
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
def_bool y
|
|
|
|
config NO_IOMEM
|
|
def_bool y
|
|
|
|
config NO_DMA
|
|
def_bool y
|
|
|
|
config ARCH_DMA_ADDR_T_64BIT
|
|
def_bool 64BIT
|
|
|
|
config GENERIC_LOCKBREAK
|
|
def_bool y if SMP && PREEMPT
|
|
|
|
config PGSTE
|
|
def_bool y if KVM
|
|
|
|
config VIRT_CPU_ACCOUNTING
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
def_bool y
|
|
|
|
config S390
|
|
def_bool y
|
|
select USE_GENERIC_SMP_HELPERS if SMP
|
|
select HAVE_SYSCALL_WRAPPERS
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_FUNCTION_TRACE_MCOUNT_TEST
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_C_RECORDMCOUNT
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_OPROFILE
|
|
select HAVE_KPROBES
|
|
select HAVE_KRETPROBES
|
|
select HAVE_KVM if 64BIT
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select INIT_ALL_POSSIBLE
|
|
select HAVE_IRQ_WORK
|
|
select HAVE_PERF_EVENTS
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_ARCH_MUTEX_CPU_RELAX
|
|
select HAVE_ARCH_JUMP_LABEL if !MARCH_G5
|
|
select HAVE_RCU_TABLE_FREE if SMP
|
|
select ARCH_SAVE_PAGE_KEYS if HIBERNATION
|
|
select HAVE_MEMBLOCK
|
|
select HAVE_MEMBLOCK_NODE_MAP
|
|
select ARCH_DISCARD_MEMBLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK
|
|
select ARCH_INLINE_SPIN_LOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK_IRQ
|
|
select ARCH_INLINE_SPIN_LOCK_IRQSAVE
|
|
select ARCH_INLINE_SPIN_UNLOCK
|
|
select ARCH_INLINE_SPIN_UNLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQ
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_READ_TRYLOCK
|
|
select ARCH_INLINE_READ_LOCK
|
|
select ARCH_INLINE_READ_LOCK_BH
|
|
select ARCH_INLINE_READ_LOCK_IRQ
|
|
select ARCH_INLINE_READ_LOCK_IRQSAVE
|
|
select ARCH_INLINE_READ_UNLOCK
|
|
select ARCH_INLINE_READ_UNLOCK_BH
|
|
select ARCH_INLINE_READ_UNLOCK_IRQ
|
|
select ARCH_INLINE_READ_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_WRITE_TRYLOCK
|
|
select ARCH_INLINE_WRITE_LOCK
|
|
select ARCH_INLINE_WRITE_LOCK_BH
|
|
select ARCH_INLINE_WRITE_LOCK_IRQ
|
|
select ARCH_INLINE_WRITE_LOCK_IRQSAVE
|
|
select ARCH_INLINE_WRITE_UNLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK_BH
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQ
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
|
|
source "init/Kconfig"
|
|
|
|
source "kernel/Kconfig.freezer"
|
|
|
|
menu "Base setup"
|
|
|
|
comment "Processor type and features"
|
|
|
|
source "kernel/time/Kconfig"
|
|
|
|
config 64BIT
|
|
def_bool y
|
|
prompt "64 bit kernel"
|
|
help
|
|
Select this option if you have an IBM z/Architecture machine
|
|
and want to use the 64 bit addressing mode.
|
|
|
|
config 32BIT
|
|
def_bool y if !64BIT
|
|
|
|
config KTIME_SCALAR
|
|
def_bool 32BIT
|
|
|
|
config SMP
|
|
def_bool y
|
|
prompt "Symmetric multi-processing support"
|
|
---help---
|
|
This enables support for systems with more than one CPU. If you have
|
|
a system with only one CPU, like most personal computers, say N. If
|
|
you have a system with more than one CPU, say Y.
|
|
|
|
If you say N here, the kernel will run on single and multiprocessor
|
|
machines, but will use only one CPU of a multiprocessor machine. If
|
|
you say Y here, the kernel will run on many, but not all,
|
|
singleprocessor machines. On a singleprocessor machine, the kernel
|
|
will run faster if you say N here.
|
|
|
|
See also the SMP-HOWTO available at
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
Even if you don't know what to do here, say Y.
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs (2-64)"
|
|
range 2 64
|
|
depends on SMP
|
|
default "32" if !64BIT
|
|
default "64" if 64BIT
|
|
help
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. The maximum supported value is 64 and the
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory - each supported CPU adds
|
|
approximately sixteen kilobytes to the kernel image.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
prompt "Support for hot-pluggable CPUs"
|
|
depends on SMP
|
|
select HOTPLUG
|
|
help
|
|
Say Y here to be able to turn CPUs off and on. CPUs
|
|
can be controlled through /sys/devices/system/cpu/cpu#.
|
|
Say N if you want to disable CPU hotplug.
|
|
|
|
config SCHED_MC
|
|
def_bool n
|
|
|
|
config SCHED_BOOK
|
|
def_bool y
|
|
prompt "Book scheduler support"
|
|
depends on SMP
|
|
select SCHED_MC
|
|
help
|
|
Book scheduler support improves the CPU scheduler's decision making
|
|
when dealing with machines that have several books.
|
|
|
|
config MATHEMU
|
|
def_bool y
|
|
prompt "IEEE FPU emulation"
|
|
depends on MARCH_G5
|
|
help
|
|
This option is required for IEEE compliant floating point arithmetic
|
|
on older ESA/390 machines. Say Y unless you know your machine doesn't
|
|
need this.
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
prompt "Kernel support for 31 bit emulation"
|
|
depends on 64BIT
|
|
select COMPAT_BINFMT_ELF
|
|
help
|
|
Select this option if you want to enable your system kernel to
|
|
handle system-calls from ELF binaries for 31 bit ESA. This option
|
|
(and some other stuff like libraries and such) is needed for
|
|
executing 31 bit applications. It is safe to say "Y".
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y if COMPAT && SYSVIPC
|
|
|
|
config KEYS_COMPAT
|
|
def_bool y if COMPAT && KEYS
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y
|
|
|
|
comment "Code generation options"
|
|
|
|
choice
|
|
prompt "Processor type"
|
|
default MARCH_G5
|
|
|
|
config MARCH_G5
|
|
bool "System/390 model G5 and G6"
|
|
depends on !64BIT
|
|
help
|
|
Select this to build a 31 bit kernel that works
|
|
on all ESA/390 and z/Architecture machines.
|
|
|
|
config MARCH_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
help
|
|
Select this to enable optimizations for model z800/z900 (2064 and
|
|
2066 series). This will enable some optimizations that are not
|
|
available on older ESA/390 (31 Bit) only CPUs.
|
|
|
|
config MARCH_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
help
|
|
Select this to enable optimizations for model z890/z990 (2084 and
|
|
2086 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z9_109
|
|
bool "IBM System z9"
|
|
help
|
|
Select this to enable optimizations for IBM System z9 (2094 and
|
|
2096 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z10
|
|
bool "IBM System z10"
|
|
help
|
|
Select this to enable optimizations for IBM System z10 (2097 and
|
|
2098 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
help
|
|
Select this to enable optimizations for IBM zEnterprise 114 and 196
|
|
(2818 and 2817 series). The kernel will be slightly faster but will
|
|
not work on older machines.
|
|
|
|
endchoice
|
|
|
|
config PACK_STACK
|
|
def_bool y
|
|
prompt "Pack kernel stack"
|
|
help
|
|
This option enables the compiler option -mkernel-backchain if it
|
|
is available. If the option is available the compiler supports
|
|
the new stack layout which dramatically reduces the minimum stack
|
|
frame size. With an old compiler a non-leaf function needs a
|
|
minimum of 96 bytes on 31 bit and 160 bytes on 64 bit. With
|
|
-mkernel-backchain the minimum size drops to 16 byte on 31 bit
|
|
and 24 byte on 64 bit.
|
|
|
|
Say Y if you are unsure.
|
|
|
|
config SMALL_STACK
|
|
def_bool n
|
|
prompt "Use 8kb for kernel stack instead of 16kb"
|
|
depends on PACK_STACK && 64BIT && !LOCKDEP
|
|
help
|
|
If you say Y here and the compiler supports the -mkernel-backchain
|
|
option the kernel will use a smaller kernel stack size. The reduced
|
|
size is 8kb instead of 16kb. This allows to run more threads on a
|
|
system and reduces the pressure on the memory management for higher
|
|
order page allocations.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config CHECK_STACK
|
|
def_bool y
|
|
prompt "Detect kernel stack overflow"
|
|
help
|
|
This option enables the compiler option -mstack-guard and
|
|
-mstack-size if they are available. If the compiler supports them
|
|
it will emit additional code to each function prolog to trigger
|
|
an illegal operation if the kernel stack is about to overflow.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config STACK_GUARD
|
|
int "Size of the guard area (128-1024)"
|
|
range 128 1024
|
|
depends on CHECK_STACK
|
|
default "256"
|
|
help
|
|
This allows you to specify the size of the guard area at the lower
|
|
end of the kernel stack. If the kernel stack points into the guard
|
|
area on function entry an illegal operation is triggered. The size
|
|
needs to be a power of 2. Please keep in mind that the size of an
|
|
interrupt frame is 184 bytes for 31 bit and 328 bytes on 64 bit.
|
|
The minimum size for the stack guard should be 256 for 31 bit and
|
|
512 for 64 bit.
|
|
|
|
config WARN_DYNAMIC_STACK
|
|
def_bool n
|
|
prompt "Emit compiler warnings for function with dynamic stack usage"
|
|
help
|
|
This option enables the compiler option -mwarn-dynamicstack. If the
|
|
compiler supports this options generates warnings for functions
|
|
that dynamically allocate stack space using alloca.
|
|
|
|
Say N if you are unsure.
|
|
|
|
comment "Kernel preemption"
|
|
|
|
source "kernel/Kconfig.preempt"
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
select SPARSEMEM_VMEMMAP_ENABLE
|
|
select SPARSEMEM_VMEMMAP
|
|
select SPARSEMEM_STATIC if !64BIT
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool y
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTPLUG
|
|
def_bool y if SPARSEMEM
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTREMOVE
|
|
def_bool y
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y if 64BIT
|
|
|
|
source "mm/Kconfig"
|
|
|
|
comment "I/O subsystem configuration"
|
|
|
|
config QDIO
|
|
def_tristate y
|
|
prompt "QDIO support"
|
|
---help---
|
|
This driver provides the Queued Direct I/O base support for
|
|
IBM System z.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called qdio.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CHSC_SCH
|
|
def_tristate m
|
|
prompt "Support for CHSC subchannels"
|
|
help
|
|
This driver allows usage of CHSC subchannels. A CHSC subchannel
|
|
is usually present on LPAR only.
|
|
The driver creates a device /dev/chsc, which may be used to
|
|
obtain I/O configuration information about the machine and
|
|
to issue asynchronous chsc commands (DANGEROUS).
|
|
You will usually only want to use this interface on a special
|
|
LPAR designated for system management.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called chsc_sch.
|
|
|
|
If unsure, say N.
|
|
|
|
comment "Misc"
|
|
|
|
config IPL
|
|
def_bool y
|
|
prompt "Builtin IPL record support"
|
|
help
|
|
If you want to use the produced kernel to IPL directly from a
|
|
device, you have to merge a bootsector specific to the device
|
|
into the first bytes of the kernel. You will have to select the
|
|
IPL device.
|
|
|
|
choice
|
|
prompt "IPL method generated into head.S"
|
|
depends on IPL
|
|
default IPL_VM
|
|
help
|
|
Select "tape" if you want to IPL the image from a Tape.
|
|
|
|
Select "vm_reader" if you are running under VM/ESA and want
|
|
to IPL the image from the emulated card reader.
|
|
|
|
config IPL_TAPE
|
|
bool "tape"
|
|
|
|
config IPL_VM
|
|
bool "vm_reader"
|
|
|
|
endchoice
|
|
|
|
source "fs/Kconfig.binfmt"
|
|
|
|
config FORCE_MAX_ZONEORDER
|
|
int
|
|
default "9"
|
|
|
|
config PFAULT
|
|
def_bool y
|
|
prompt "Pseudo page fault support"
|
|
help
|
|
Select this option, if you want to use PFAULT pseudo page fault
|
|
handling under VM. If running native or in LPAR, this option
|
|
has no effect. If your VM does not support PFAULT, PAGEEX
|
|
pseudo page fault handling will be used.
|
|
Note that VM 4.2 supports PFAULT but has a bug in its
|
|
implementation that causes some problems.
|
|
Everybody who wants to run Linux under VM != VM4.2 should select
|
|
this option.
|
|
|
|
config SHARED_KERNEL
|
|
def_bool y
|
|
prompt "VM shared kernel support"
|
|
help
|
|
Select this option, if you want to share the text segment of the
|
|
Linux kernel between different VM guests. This reduces memory
|
|
usage with lots of guests but greatly increases kernel size.
|
|
Also if a kernel was IPL'ed from a shared segment the kexec system
|
|
call will not work.
|
|
You should only select this option if you know what you are
|
|
doing and want to exploit this feature.
|
|
|
|
config CMM
|
|
def_tristate n
|
|
prompt "Cooperative memory management"
|
|
help
|
|
Select this option, if you want to enable the kernel interface
|
|
to reduce the memory size of the system. This is accomplished
|
|
by allocating pages of memory and put them "on hold". This only
|
|
makes sense for a system running under VM where the unused pages
|
|
will be reused by VM for other guest systems. The interface
|
|
allows an external monitor to balance memory of many systems.
|
|
Everybody who wants to run Linux under VM should select this
|
|
option.
|
|
|
|
config CMM_IUCV
|
|
def_bool y
|
|
prompt "IUCV special message interface to cooperative memory management"
|
|
depends on CMM && (SMSGIUCV=y || CMM=SMSGIUCV)
|
|
help
|
|
Select this option to enable the special message interface to
|
|
the cooperative memory management.
|
|
|
|
config APPLDATA_BASE
|
|
def_bool n
|
|
prompt "Linux - VM Monitor Stream, base infrastructure"
|
|
depends on PROC_FS
|
|
help
|
|
This provides a kernel interface for creating and updating z/VM APPLDATA
|
|
monitor records. The monitor records are updated at certain time
|
|
intervals, once the timer is started.
|
|
Writing 1 or 0 to /proc/appldata/timer starts(1) or stops(0) the timer,
|
|
i.e. enables or disables monitoring on the Linux side.
|
|
A custom interval value (in seconds) can be written to
|
|
/proc/appldata/interval.
|
|
|
|
Defaults are 60 seconds interval and timer off.
|
|
The /proc entries can also be read from, showing the current settings.
|
|
|
|
config APPLDATA_MEM
|
|
def_tristate m
|
|
prompt "Monitor memory management statistics"
|
|
depends on APPLDATA_BASE && VM_EVENT_COUNTERS
|
|
help
|
|
This provides memory management related data to the Linux - VM Monitor
|
|
Stream, like paging/swapping rate, memory utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/memory creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
The /proc entry can also be read from, showing the current settings.
|
|
|
|
This can also be compiled as a module, which will be called
|
|
appldata_mem.o.
|
|
|
|
config APPLDATA_OS
|
|
def_tristate m
|
|
prompt "Monitor OS statistics"
|
|
depends on APPLDATA_BASE
|
|
help
|
|
This provides OS related data to the Linux - VM Monitor Stream, like
|
|
CPU utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/os creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_os.o.
|
|
|
|
config APPLDATA_NET_SUM
|
|
def_tristate m
|
|
prompt "Monitor overall network statistics"
|
|
depends on APPLDATA_BASE && NET
|
|
help
|
|
This provides network related data to the Linux - VM Monitor Stream,
|
|
currently there is only a total sum of network I/O statistics, no
|
|
per-interface data.
|
|
Writing 1 or 0 to /proc/appldata/net_sum creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_net_sum.o.
|
|
|
|
source kernel/Kconfig.hz
|
|
|
|
config S390_HYPFS_FS
|
|
def_bool y
|
|
prompt "s390 hypervisor file system support"
|
|
select SYS_HYPERVISOR
|
|
help
|
|
This is a virtual file system intended to provide accounting
|
|
information in an s390 hypervisor environment.
|
|
|
|
config KEXEC
|
|
def_bool n
|
|
prompt "kexec system call"
|
|
help
|
|
kexec is a system call that implements the ability to shutdown your
|
|
current kernel, and to start another kernel. It is like a reboot
|
|
but is independent of hardware/microcode support.
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
depends on 64BIT
|
|
select KEXEC
|
|
help
|
|
Generate crash dump after being started by kexec.
|
|
Crash dump kernels are loaded in the main kernel with kexec-tools
|
|
into a specially reserved region and then later executed after
|
|
a crash by kdump/kexec.
|
|
For more details see Documentation/kdump/kdump.txt
|
|
|
|
config ZFCPDUMP
|
|
def_bool n
|
|
prompt "zfcpdump support"
|
|
select SMP
|
|
help
|
|
Select this option if you want to build an zfcpdump enabled kernel.
|
|
Refer to <file:Documentation/s390/zfcpdump.txt> for more details on this.
|
|
|
|
config S390_GUEST
|
|
def_bool y
|
|
prompt "s390 guest support for KVM (EXPERIMENTAL)"
|
|
depends on 64BIT && EXPERIMENTAL
|
|
select VIRTUALIZATION
|
|
select VIRTIO
|
|
select VIRTIO_RING
|
|
select VIRTIO_CONSOLE
|
|
help
|
|
Select this option if you want to run the kernel as a guest under
|
|
the KVM hypervisor. This will add detection for KVM as well as a
|
|
virtio transport. If KVM is detected, the virtio console will be
|
|
the default console.
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
depends on PROC_FS
|
|
help
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via /proc/<pid>/seccomp, it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
endmenu
|
|
|
|
menu "Power Management"
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
endmenu
|
|
|
|
source "net/Kconfig"
|
|
|
|
config PCMCIA
|
|
def_bool n
|
|
|
|
config CCW
|
|
def_bool y
|
|
|
|
source "drivers/Kconfig"
|
|
|
|
source "fs/Kconfig"
|
|
|
|
source "arch/s390/Kconfig.debug"
|
|
|
|
source "security/Kconfig"
|
|
|
|
source "crypto/Kconfig"
|
|
|
|
source "lib/Kconfig"
|
|
|
|
source "arch/s390/kvm/Kconfig"
|