net-print/cups/files/cupstestppd-seccomp-amd64.policy - Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net-print/cups/files/cupstestppd-seccomp-amd64.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Patch Set: Created 3 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.	1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.

2 # Use of this source code is governed by a BSD-style license that can be	2 # Use of this source code is governed by a BSD-style license that can be

3 # found in the LICENSE file.	3 # found in the LICENSE file.

4	4

5 access: 1	5 access: 1

6 brk: 1	6 brk: 1

7 close: 1	7 close: 1

8 exit_group: 1	8 exit_group: 1

9 fcntl: 1	9 fcntl: 1

10 fstat: 1	10 fstat: 1

11 futex: 1	11 futex: 1

12 getdents:1	12 getdents:1

13 getegid: 1	13 getegid: 1

14 geteuid: 1	14 geteuid: 1

15 getgid: 1	15 getgid: 1

16 getuid: 1	16 getuid: 1

17 lstat: 1	17 lstat: 1

18 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit	18 # Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't allow

19 # negation, thus the manually negated mask constant.	19 # bit negation, thus the manually negated mask constant.

20 mmap: arg2 in 0xfffffffb	20 mmap: arg2 in 0xfffffffb

	21 mremap: arg2 in 0xfffffffb

21 munmap: 1	22 munmap: 1

22 newfstatat: 1	23 newfstatat: 1

23 # Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000)	24 # Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000)

24 # aren't symbols minijail knows, so are specified directly.	25 # aren't symbols minijail knows, so are specified directly.

25 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x80000	26 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x80000

26 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x80000	27 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x10000\|0x80000

27 read: 1	28 read: 1

28 stat: 1	29 stat: 1

29 write: 1	30 write: 1

OLD	NEW

« no previous file with comments | « net-print/cups/cups-2.1.4-r25.ebuild ('k') | net-print/cups/files/cupstestppd-seccomp-arm.policy » ('j') | no next file with comments »