|
|
@@ -336,17 +336,6 @@ config HAVE_ARCH_SECCOMP_FILTER
|
|
|
results in the system call being skipped immediately.
|
|
|
- seccomp syscall wired up
|
|
|
|
|
|
- For best performance, an arch should use seccomp_phase1 and
|
|
|
- seccomp_phase2 directly. It should call seccomp_phase1 for all
|
|
|
- syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not
|
|
|
- need to be called from a ptrace-safe context. It must then
|
|
|
- call seccomp_phase2 if seccomp_phase1 returns anything other
|
|
|
- than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.
|
|
|
-
|
|
|
- As an additional optimization, an arch may provide seccomp_data
|
|
|
- directly to seccomp_phase1; this avoids multiple calls
|
|
|
- to the syscall_xyz helpers for every syscall.
|
|
|
-
|
|
|
config SECCOMP_FILTER
|
|
|
def_bool y
|
|
|
depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
|
Mickaël Salaün