net-print/cups/files/cupstestppd-seccomp-x86.policy - Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net-print/cups/files/cupstestppd-seccomp-x86.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Patch Set: Created 3 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # Copyright 2016 The Chromium OS Authors. All rights reserved.	1 # Copyright 2016 The Chromium OS Authors. All rights reserved.

2 # Use of this source code is governed by a BSD-style license that can be	2 # Use of this source code is governed by a BSD-style license that can be

3 # found in the LICENSE file.	3 # found in the LICENSE file.

4	4

5 access: 1	5 access: 1

6 brk: 1	6 brk: 1

7 close: 1	7 close: 1

8 exit: 1	8 exit: 1

9 exit_group: 1	9 exit_group: 1

10 fcntl64: 1	10 fcntl64: 1

11 fstat64: 1	11 fstat64: 1

12 futex: 1	12 futex: 1

13 getdents64: 1	13 getdents64: 1

14 getegid32: 1	14 getegid32: 1

15 geteuid32: 1	15 geteuid32: 1

16 getgid32: 1	16 getgid32: 1

17 getuid32: 1	17 getuid32: 1

18 lstat: 1	18 lstat: 1

19 # Disallow mmap with PROT_EXEC set. The syntax here doesn't	19 # Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't

20 # allow bit negation, so we are using a negated mask as a	20 # allow bit negation, so we are using a negated mask as a

21 # constant.	21 # constant.

22 mmap2: arg2 in 0xfffffffb	22 mmap2: arg2 in 0xfffffffb

23 mprotect: 1	23 mprotect: 1

	24 mremap: arg2 in 0xfffffffb

24 munmap: 1	25 munmap: 1

25 newfstatat: 1	26 newfstatat: 1

26 # Restrict open flags. O_DIRECTORY (0x10000), O_LARGEFILE (0x8000),	27 # Restrict open flags. O_DIRECTORY (0x10000), O_LARGEFILE (0x8000),

27 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are	28 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are

28 # specified directly.	29 # specified directly.

29 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x8000\|0x80000	30 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x8000\|0x80000

30 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x8000\|0x80000	31 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x8000\|0x80000

31 open: 1	32 open: 1

32 openat: 1	33 openat: 1

33 read: 1	34 read: 1

34 stat64: 1	35 stat64: 1

35 uname: 1	36 uname: 1

36 write: 1	37 write: 1

OLD	NEW

« no previous file with comments | « net-print/cups/files/cupstestppd-seccomp-arm.policy ('k') | no next file » | no next file with comments »