Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(304)

Unified Diff: net-print/cups/files/cupstestppd-seccomp-arm.policy

Issue 3016643002: Add mremap as an allowed syscall for cupstestppd.
Patch Set: Created 3 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net-print/cups/files/cupstestppd-seccomp-arm.policy
diff --git a/net-print/cups/files/cupstestppd-seccomp-arm.policy b/net-print/cups/files/cupstestppd-seccomp-arm.policy
index f9b624dfd56db81693c8a40dc52fc1a592f89b14..9d31f5b9a4804414809973990d2b0998fbf90475 100644
--- a/net-print/cups/files/cupstestppd-seccomp-arm.policy
+++ b/net-print/cups/files/cupstestppd-seccomp-arm.policy
@@ -18,10 +18,11 @@ getgid32: 1
getuid32: 1
lstat: 1
lstat64: 1
-# Disallow mmap with PROT_EXEC set. The syntax here doesn't
+# Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't
# allow bit negation, so we are using a negated mask as a
# constant.
mmap2: arg2 in 0xfffffffb
+mremap: arg2 in 0xfffffffb
munmap: 1
# Restrict open flags. O_DIRECTORY (0x4000), O_LARGEFILE (0x20000),
# and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are
« no previous file with comments | « net-print/cups/files/cupstestppd-seccomp-amd64.policy ('k') | net-print/cups/files/cupstestppd-seccomp-x86.policy » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698