From: Fedora Kernel Team <kernel-team@xxxxxxxxxxxxxxxxx>
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_SECCOMP_CACHE_DEBUG:
This enables the /proc/pid/seccomp_cache interface to monitor
seccomp cache data. The file format is subject to change. Reading
the file requires CAP_SYS_ADMIN.
This option is for debugging only. Enabling presents the risk that
an adversary may be able to infer the seccomp filter logic.
If unsure, say N.
Symbol: SECCOMP_CACHE_DEBUG [=n]
Type : bool
Defined at arch/Kconfig:520
Prompt: Show seccomp filter cache status in /proc/pid/seccomp_cache
Depends on: SECCOMP_FILTER [=y] && !HAVE_SPARSE_SYSCALL_NR [=n] && PROC_FS [=y]
Location:
-> General architecture-dependent options
-> Enable seccomp to safely execute untrusted bytecode (SECCOMP [=y])
---
Signed-off-by: Fedora Kernel Team <kernel-team@xxxxxxxxxxxxxxxxx>
---
.../common/generic/CONFIG_SECCOMP_CACHE_DEBUG | 1 +
.../generic/CONFIG_SECCOMP_CACHE_DEBUG | 23 -------------------
2 files changed, 1 insertion(+), 23 deletions(-)
create mode 100644 redhat/configs/common/generic/CONFIG_SECCOMP_CACHE_DEBUG
delete mode 100644 redhat/configs/pending-common/generic/CONFIG_SECCOMP_CACHE_DEBUG
diff --git a/redhat/configs/common/generic/CONFIG_SECCOMP_CACHE_DEBUG b/redhat/configs/common/generic/CONFIG_SECCOMP_CACHE_DEBUG
new file mode 100644
index 000000000000..af600e9beaec
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_SECCOMP_CACHE_DEBUG
@@ -0,0 +1 @@
+# CONFIG_SECCOMP_CACHE_DEBUG is not set
diff --git a/redhat/configs/pending-common/generic/CONFIG_SECCOMP_CACHE_DEBUG b/redhat/configs/pending-common/generic/CONFIG_SECCOMP_CACHE_DEBUG
deleted file mode 100644
index 5acbda82382b..000000000000
--- a/redhat/configs/pending-common/generic/CONFIG_SECCOMP_CACHE_DEBUG
+++ /dev/null
@@ -1,23 +0,0 @@
-# CONFIG_SECCOMP_CACHE_DEBUG:
-#
-# This enables the /proc/pid/seccomp_cache interface to monitor
-# seccomp cache data. The file format is subject to change. Reading
-# the file requires CAP_SYS_ADMIN.
-#
-# This option is for debugging only. Enabling presents the risk that
-# an adversary may be able to infer the seccomp filter logic.
-#
-# If unsure, say N.
-#
-# Symbol: SECCOMP_CACHE_DEBUG [=n]
-# Type : bool
-# Defined at arch/Kconfig:520
-# Prompt: Show seccomp filter cache status in /proc/pid/seccomp_cache
-# Depends on: SECCOMP_FILTER [=y] && !HAVE_SPARSE_SYSCALL_NR [=n] && PROC_FS [=y]
-# Location:
-# -> General architecture-dependent options
-# -> Enable seccomp to safely execute untrusted bytecode (SECCOMP [=y])
-#
-#
-#
-# CONFIG_SECCOMP_CACHE_DEBUG is not set
--
GitLab
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
