Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Unified Diff: net-print/cups/files/cupstestppd-seccomp-amd64.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.
Patch Set: Created 3 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net-print/cups/cups-2.1.4-r25.ebuild ('k') | net-print/cups/files/cupstestppd-seccomp-arm.policy » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net-print/cups/files/cupstestppd-seccomp-amd64.policy
diff --git a/net-print/cups/files/cupstestppd-seccomp-amd64.policy b/net-print/cups/files/cupstestppd-seccomp-amd64.policy
index 192cee9348764915834accaf00a63be39a4f454e..90ca4e6cc128ac725dd8a33ed9b1e9286e1bc5d0 100644
--- a/net-print/cups/files/cupstestppd-seccomp-amd64.policy
+++ b/net-print/cups/files/cupstestppd-seccomp-amd64.policy
@@ -15,9 +15,10 @@ geteuid: 1
getgid: 1
getuid: 1
lstat: 1
-# Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit
-# negation, thus the manually negated mask constant.
+# Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't allow
+# bit negation, thus the manually negated mask constant.
mmap: arg2 in 0xfffffffb
+mremap: arg2 in 0xfffffffb
munmap: 1
newfstatat: 1
# Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000)
« no previous file with comments | « net-print/cups/cups-2.1.4-r25.ebuild ('k') | net-print/cups/files/cupstestppd-seccomp-arm.policy » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698