net-print/cups/files/cupstestppd-seccomp-arm.policy - Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net-print/cups/files/cupstestppd-seccomp-arm.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.

Patch Set: Created 3 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # Copyright 2016 The Chromium OS Authors. All rights reserved.	1 # Copyright 2016 The Chromium OS Authors. All rights reserved.

2 # Use of this source code is governed by a BSD-style license that can be	2 # Use of this source code is governed by a BSD-style license that can be

3 # found in the LICENSE file.	3 # found in the LICENSE file.

4	4

5 access: 1	5 access: 1

6 brk: 1	6 brk: 1

7 close: 1	7 close: 1

8 exit: 1	8 exit: 1

9 exit_group: 1	9 exit_group: 1

10 fcntl64: 1	10 fcntl64: 1

11 fstat64: 1	11 fstat64: 1

12 fstatat64: 1	12 fstatat64: 1

13 futex: 1	13 futex: 1

14 getdents64: 1	14 getdents64: 1

15 getegid32: 1	15 getegid32: 1

16 geteuid32: 1	16 geteuid32: 1

17 getgid32: 1	17 getgid32: 1

18 getuid32: 1	18 getuid32: 1

19 lstat: 1	19 lstat: 1

20 lstat64: 1	20 lstat64: 1

21 # Disallow mmap with PROT_EXEC set. The syntax here doesn't	21 # Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't

22 # allow bit negation, so we are using a negated mask as a	22 # allow bit negation, so we are using a negated mask as a

23 # constant.	23 # constant.

24 mmap2: arg2 in 0xfffffffb	24 mmap2: arg2 in 0xfffffffb

	25 mremap: arg2 in 0xfffffffb

25 munmap: 1	26 munmap: 1

26 # Restrict open flags. O_DIRECTORY (0x4000), O_LARGEFILE (0x20000),	27 # Restrict open flags. O_DIRECTORY (0x4000), O_LARGEFILE (0x20000),

27 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are	28 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are

28 # specified directly.	29 # specified directly.

29 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x4000\|0x20000\|0x80000	30 open: arg1 in O_RDONLY\|O_NONBLOCK\|0x4000\|0x20000\|0x80000

30 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x4000\|0x20000\|0x80000	31 openat: arg2 in O_RDONLY\|O_NONBLOCK\|0x4000\|0x20000\|0x80000

31 read: 1	32 read: 1

32 stat64: 1	33 stat64: 1

33 write: 1	34 write: 1

OLD	NEW

« no previous file with comments | « net-print/cups/files/cupstestppd-seccomp-amd64.policy ('k') | net-print/cups/files/cupstestppd-seccomp-x86.policy » ('j') | no next file with comments »