OLD | NEW |
1 # Copyright 2016 The Chromium OS Authors. All rights reserved. | 1 # Copyright 2016 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 access: 1 | 5 access: 1 |
6 brk: 1 | 6 brk: 1 |
7 close: 1 | 7 close: 1 |
8 exit: 1 | 8 exit: 1 |
9 exit_group: 1 | 9 exit_group: 1 |
10 fcntl64: 1 | 10 fcntl64: 1 |
11 fstat64: 1 | 11 fstat64: 1 |
12 futex: 1 | 12 futex: 1 |
13 getdents64: 1 | 13 getdents64: 1 |
14 getegid32: 1 | 14 getegid32: 1 |
15 geteuid32: 1 | 15 geteuid32: 1 |
16 getgid32: 1 | 16 getgid32: 1 |
17 getuid32: 1 | 17 getuid32: 1 |
18 lstat: 1 | 18 lstat: 1 |
19 # Disallow mmap with PROT_EXEC set. The syntax here doesn't | 19 # Disallow mmap and mremap with PROT_EXEC set. The syntax here doesn't |
20 # allow bit negation, so we are using a negated mask as a | 20 # allow bit negation, so we are using a negated mask as a |
21 # constant. | 21 # constant. |
22 mmap2: arg2 in 0xfffffffb | 22 mmap2: arg2 in 0xfffffffb |
23 mprotect: 1 | 23 mprotect: 1 |
| 24 mremap: arg2 in 0xfffffffb |
24 munmap: 1 | 25 munmap: 1 |
25 newfstatat: 1 | 26 newfstatat: 1 |
26 # Restrict open flags. O_DIRECTORY (0x10000), O_LARGEFILE (0x8000), | 27 # Restrict open flags. O_DIRECTORY (0x10000), O_LARGEFILE (0x8000), |
27 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are | 28 # and O_CLOEXEC (0x80000) aren't symbols minijail knows, so are |
28 # specified directly. | 29 # specified directly. |
29 open: arg1 in O_RDONLY|O_NONBLOCK|0x10000|0x8000|0x80000 | 30 open: arg1 in O_RDONLY|O_NONBLOCK|0x10000|0x8000|0x80000 |
30 openat: arg2 in O_RDONLY|O_NONBLOCK|0x10000|0x8000|0x80000 | 31 openat: arg2 in O_RDONLY|O_NONBLOCK|0x10000|0x8000|0x80000 |
31 open: 1 | 32 open: 1 |
32 openat: 1 | 33 openat: 1 |
33 read: 1 | 34 read: 1 |
34 stat64: 1 | 35 stat64: 1 |
35 uname: 1 | 36 uname: 1 |
36 write: 1 | 37 write: 1 |
OLD | NEW |