Index: net-print/cups/files/cupstestppd-seccomp-amd64.policy |
diff --git a/net-print/cups/files/cupstestppd-seccomp-amd64.policy b/net-print/cups/files/cupstestppd-seccomp-amd64.policy |
index 192cee9348764915834accaf00a63be39a4f454e..90ca4e6cc128ac725dd8a33ed9b1e9286e1bc5d0 100644 |
--- a/net-print/cups/files/cupstestppd-seccomp-amd64.policy |
+++ b/net-print/cups/files/cupstestppd-seccomp-amd64.policy |
@@ -15,9 +15,10 @@ geteuid: 1 |
getgid: 1 |
getuid: 1 |
lstat: 1 |
-# Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit |
-# negation, thus the manually negated mask constant. |
+# Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't allow |
+# bit negation, thus the manually negated mask constant. |
mmap: arg2 in 0xfffffffb |
+mremap: arg2 in 0xfffffffb |
munmap: 1 |
newfstatat: 1 |
# Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000) |