[redhat] New configs in arch/Kconfig

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

CONFIG_SECCOMP_CACHE_DEBUG:

This enables the /proc/pid/seccomp_cache interface to monitor seccomp cache data. The file format is subject to change. Reading the file requires CAP_SYS_ADMIN.

This option is for debugging only. Enabling presents the risk that an adversary may be able to infer the seccomp filter logic.

If unsure, say N.

Symbol: SECCOMP_CACHE_DEBUG [=n] Type : bool Defined at arch/Kconfig:520 Prompt: Show seccomp filter cache status in /proc/pid/seccomp_cache Depends on: SECCOMP_FILTER [=y] && !HAVE_SPARSE_SYSCALL_NR [=n] && PROC_FS [=y] Location: -> General architecture-dependent options -> Enable seccomp to safely execute untrusted bytecode (SECCOMP [=y])

---

Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org