net-print/cups/files/cupstestppd-seccomp-x86.policy - Issue 3016643002: Add mremap as an allowed syscall for cupstestppd. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(45)

My Issues | Starred Open | Closed | All

Unified Diff: net-print/cups/files/cupstestppd-seccomp-x86.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Patch Set: Created 3 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « net-print/cups/files/cupstestppd-seccomp-arm.policy ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net-print/cups/files/cupstestppd-seccomp-x86.policy

diff --git a/net-print/cups/files/cupstestppd-seccomp-x86.policy b/net-print/cups/files/cupstestppd-seccomp-x86.policy

index 90c0718167ef794f48abaaa916ee2a28e1177560..d4d63029f45bdb080fad9783a985f9876ed36fc0 100644

--- a/net-print/cups/files/cupstestppd-seccomp-x86.policy

+++ b/net-print/cups/files/cupstestppd-seccomp-x86.policy

@@ -16,11 +16,12 @@ geteuid32: 1

getgid32: 1

getuid32: 1

lstat: 1

-# Disallow mmap with PROT_EXEC set. The syntax here doesn't

+# Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't

# allow bit negation, so we are using a negated mask as a

# constant.

mmap2: arg2 in 0xfffffffb

mprotect: 1

+mremap: arg2 in 0xfffffffb

munmap: 1

newfstatat: 1

# Restrict open flags. O_DIRECTORY (0x10000), O_LARGEFILE (0x8000),

« no previous file with comments | « net-print/cups/files/cupstestppd-seccomp-arm.policy ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698