Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Debian 11
System Settings
Kernel Configuration
Enable seccomp to safely compute untrusted bytecode
Enable seccomp to safely compute untrusted bytecode
An XCCDF Rule
Details
Profiles
Prose
Enable seccomp to safely compute untrusted bytecode
Medium Severity
This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes or other transports made available to the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_SECCOMP
, run the following command:
grep CONFIG_SECCOMP /boot/config-*
For each kernel installed, a line with value "y" should be returned.