OLD | NEW |
1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 access: 1 | 5 access: 1 |
6 brk: 1 | 6 brk: 1 |
7 close: 1 | 7 close: 1 |
8 exit_group: 1 | 8 exit_group: 1 |
9 fcntl: 1 | 9 fcntl: 1 |
10 fstat: 1 | 10 fstat: 1 |
11 futex: 1 | 11 futex: 1 |
12 getdents:1 | 12 getdents:1 |
13 getegid: 1 | 13 getegid: 1 |
14 geteuid: 1 | 14 geteuid: 1 |
15 getgid: 1 | 15 getgid: 1 |
16 getuid: 1 | 16 getuid: 1 |
17 lstat: 1 | 17 lstat: 1 |
18 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit | 18 # Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't allow |
19 # negation, thus the manually negated mask constant. | 19 # bit negation, thus the manually negated mask constant. |
20 mmap: arg2 in 0xfffffffb | 20 mmap: arg2 in 0xfffffffb |
| 21 mremap: arg2 in 0xfffffffb |
21 munmap: 1 | 22 munmap: 1 |
22 newfstatat: 1 | 23 newfstatat: 1 |
23 # Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000) | 24 # Restrict open flags. O_DIRECTORY (0x10000) and O_CLOEXEC (0x80000) |
24 # aren't symbols minijail knows, so are specified directly. | 25 # aren't symbols minijail knows, so are specified directly. |
25 open: arg1 in O_RDONLY|O_NONBLOCK|0x10000|0x80000 | 26 open: arg1 in O_RDONLY|O_NONBLOCK|0x10000|0x80000 |
26 openat: arg2 in O_RDONLY|O_NONBLOCK|0x10000|0x80000 | 27 openat: arg2 in O_RDONLY|O_NONBLOCK|0x10000|0x80000 |
27 read: 1 | 28 read: 1 |
28 stat: 1 | 29 stat: 1 |
29 write: 1 | 30 write: 1 |
OLD | NEW |