[RFC PATCH 6/7] security: enable system call isolation in kernel config
Mike Rapoport
rppt at linux.ibm.com
Thu Apr 25 21:45:53 UTC 2019
Add SYSCALL_ISOLATION Kconfig option to enable build of SCI infrastructure.
Signed-off-by: Mike Rapoport <rppt at linux.ibm.com>
---
security/Kconfig | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/security/Kconfig b/security/Kconfig
index e4fe2f3..0c6929a 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -65,6 +65,16 @@ config PAGE_TABLE_ISOLATION
See Documentation/x86/pti.txt for more details.
+config SYSCALL_ISOLATION
+ bool "System call isolation"
+ default n
+ depends on PAGE_TABLE_ISOLATION && !X86_PAE
+ help
+ This is an experimental feature to allow executing system
+ calls in an isolated address space.
+
+ If you are unsure how to answer this question, answer N.
+
config SECURITY_INFINIBAND
bool "Infiniband Security Hooks"
depends on SECURITY && INFINIBAND
--
2.7.4
More information about the Linux-security-module-archive
mailing list