diff options
author | Clemens Gruber <clemens.gruber@pqgruber.com> | 2018-06-27 17:24:08 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-06-28 12:07:36 +0200 |
commit | 12d2997b4660a89985626abc88a074094d14b9e0 (patch) | |
tree | 95c8d7a29c20a1293316005f98705380bc308276 /rules/file.in | |
parent | 37f92ae91a86ac58eff005f9fd561d845cb592d3 (diff) | |
download | ptxdist-12d2997b4660a89985626abc88a074094d14b9e0.tar.gz ptxdist-12d2997b4660a89985626abc88a074094d14b9e0.tar.xz |
file: seccomp sandboxing
Support seccomp sandboxing to reduce the attack surface and enable it by
default. Important for usecases with files from untrusted sources.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/file.in')
-rw-r--r-- | rules/file.in | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/rules/file.in b/rules/file.in index a4e0a7125..3f44cc380 100644 --- a/rules/file.in +++ b/rules/file.in @@ -1,10 +1,11 @@ ## SECTION=shell_and_console -config FILE +menuconfig FILE tristate select HOST_FILE select ZLIB select GCCLIBS_GCC_S + select LIBSECCOMP if FILE_SECCOMP prompt "file" help The file command is "a file type guesser", that is, a command-line tool @@ -15,3 +16,14 @@ config FILE reliable, but requires a bit of I/O. http://www.darwinsys.com/file/ + +if FILE + +config FILE_SECCOMP + bool + default y + prompt "enable seccomp sandboxing" + help + Enables seccomp sandboxing to reduce the attack surface. + +endif |