mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-15 00:04:15 +08:00
c50b4659e4
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64 subarchitectures. secure_computing() is called first in handle_syscall() so that the syscall emulation will be aborted quickly if matching a seccomp rule. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: James Hogan <james.hogan@imgtec.com> Cc: Meredydd Luff <meredydd@senatehouse.org> Cc: David Drysdale <drysdale@google.com> Signed-off-by: Richard Weinberger <richard@nod.at> Acked-by: Kees Cook <keescook@chromium.org>
123 lines
4.0 KiB
Plaintext
123 lines
4.0 KiB
Plaintext
config STATIC_LINK
|
|
bool "Force a static link"
|
|
default n
|
|
help
|
|
This option gives you the ability to force a static link of UML.
|
|
Normally, UML is linked as a shared binary. This is inconvenient for
|
|
use in a chroot jail. So, if you intend to run UML inside a chroot,
|
|
you probably want to say Y here.
|
|
Additionally, this option enables using higher memory spaces (up to
|
|
2.75G) for UML.
|
|
|
|
source "mm/Kconfig"
|
|
|
|
config LD_SCRIPT_STATIC
|
|
bool
|
|
default y
|
|
depends on STATIC_LINK
|
|
|
|
config LD_SCRIPT_DYN
|
|
bool
|
|
default y
|
|
depends on !LD_SCRIPT_STATIC
|
|
|
|
source "fs/Kconfig.binfmt"
|
|
|
|
config HOSTFS
|
|
tristate "Host filesystem"
|
|
help
|
|
While the User-Mode Linux port uses its own root file system for
|
|
booting and normal file access, this module lets the UML user
|
|
access files stored on the host. It does not require any
|
|
network connection between the Host and UML. An example use of
|
|
this might be:
|
|
|
|
mount none /tmp/fromhost -t hostfs -o /tmp/umlshare
|
|
|
|
where /tmp/fromhost is an empty directory inside UML and
|
|
/tmp/umlshare is a directory on the host with files the UML user
|
|
wishes to access.
|
|
|
|
For more information, see
|
|
<http://user-mode-linux.sourceforge.net/hostfs.html>.
|
|
|
|
If you'd like to be able to work with files stored on the host,
|
|
say Y or M here; otherwise say N.
|
|
|
|
config MCONSOLE
|
|
bool "Management console"
|
|
depends on PROC_FS
|
|
default y
|
|
help
|
|
The user mode linux management console is a low-level interface to
|
|
the kernel, somewhat like the i386 SysRq interface. Since there is
|
|
a full-blown operating system running under every user mode linux
|
|
instance, there is much greater flexibility possible than with the
|
|
SysRq mechanism.
|
|
|
|
If you answer 'Y' to this option, to use this feature, you need the
|
|
mconsole client (called uml_mconsole) which is present in CVS in
|
|
2.4.5-9um and later (path /tools/mconsole), and is also in the
|
|
distribution RPM package in 2.4.6 and later.
|
|
|
|
It is safe to say 'Y' here.
|
|
|
|
config MAGIC_SYSRQ
|
|
bool "Magic SysRq key"
|
|
depends on MCONSOLE
|
|
help
|
|
If you say Y here, you will have some control over the system even
|
|
if the system crashes for example during kernel debugging (e.g., you
|
|
will be able to flush the buffer cache to disk, reboot the system
|
|
immediately or dump some status information). A key for each of the
|
|
possible requests is provided.
|
|
|
|
This is the feature normally accomplished by pressing a key
|
|
while holding SysRq (Alt+PrintScreen).
|
|
|
|
On UML, this is accomplished by sending a "sysrq" command with
|
|
mconsole, followed by the letter for the requested command.
|
|
|
|
The keys are documented in <file:Documentation/sysrq.txt>. Don't say Y
|
|
unless you really know what this hack does.
|
|
|
|
config KERNEL_STACK_ORDER
|
|
int "Kernel stack size order"
|
|
default 1 if 64BIT
|
|
range 1 10 if 64BIT
|
|
default 0 if !64BIT
|
|
help
|
|
This option determines the size of UML kernel stacks. They will
|
|
be 1 << order pages. The default is OK unless you're running Valgrind
|
|
on UML, in which case, set this to 3.
|
|
|
|
config MMAPPER
|
|
tristate "iomem emulation driver"
|
|
help
|
|
This driver allows a host file to be used as emulated IO memory inside
|
|
UML.
|
|
|
|
config NO_DMA
|
|
def_bool y
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 3 if 3_LEVEL_PGTABLES
|
|
default 2
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
---help---
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y.
|