|
Lines 189-198
Link Here
|
| 189 |
#endif /* __NR_futex || __NR_futex_time64 */ |
189 |
#endif /* __NR_futex || __NR_futex_time64 */ |
| 190 |
|
190 |
|
| 191 |
#if defined(__NR_mmap) || defined(__NR_mmap2) |
191 |
#if defined(__NR_mmap) || defined(__NR_mmap2) |
|
|
192 |
# ifdef MAP_FIXED_NOREPLACE |
| 193 |
# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE |
| 194 |
# else |
| 195 |
# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED |
| 196 |
# endif /* MAP_FIXED_NOREPLACE */ |
| 192 |
/* Use this for both __NR_mmap and __NR_mmap2 variants */ |
197 |
/* Use this for both __NR_mmap and __NR_mmap2 variants */ |
| 193 |
# define SC_MMAP(_nr) \ |
198 |
# define SC_MMAP(_nr) \ |
| 194 |
SC_DENY_UNLESS_ARG_MASK(_nr, 3, \ |
199 |
SC_DENY_UNLESS_ARG_MASK(_nr, 3, SC_MMAP_FLAGS, EINVAL), \ |
| 195 |
MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE, EINVAL), \ |
|
|
| 196 |
SC_ALLOW_ARG_MASK(_nr, 2, PROT_READ|PROT_WRITE|PROT_NONE) |
200 |
SC_ALLOW_ARG_MASK(_nr, 2, PROT_READ|PROT_WRITE|PROT_NONE) |
| 197 |
#endif /* __NR_mmap || __NR_mmap2 */ |
201 |
#endif /* __NR_mmap || __NR_mmap2 */ |
| 198 |
|
202 |
|
|
Lines 308-318
static const struct sock_filter preauth_insns[] = {
Link Here
|
| 308 |
#endif |
312 |
#endif |
| 309 |
#ifdef __NR_madvise |
313 |
#ifdef __NR_madvise |
| 310 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_NORMAL), |
314 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_NORMAL), |
|
|
315 |
# ifdef MADV_FREE |
| 311 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_FREE), |
316 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_FREE), |
|
|
317 |
# endif |
| 318 |
# ifdef MADV_DONTNEED |
| 312 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTNEED), |
319 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTNEED), |
|
|
320 |
# endif |
| 321 |
# ifdef MADV_DONTFORK |
| 313 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTFORK), |
322 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTFORK), |
|
|
323 |
# endif |
| 324 |
# ifdef MADV_DONTDUMP |
| 314 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTDUMP), |
325 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTDUMP), |
|
|
326 |
# endif |
| 327 |
# ifdef MADV_WIPEONFORK |
| 315 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_WIPEONFORK), |
328 |
SC_ALLOW_ARG(__NR_madvise, 2, MADV_WIPEONFORK), |
|
|
329 |
# endif |
| 316 |
SC_DENY(__NR_madvise, EINVAL), |
330 |
SC_DENY(__NR_madvise, EINVAL), |
| 317 |
#endif |
331 |
#endif |
| 318 |
#ifdef __NR_mmap |
332 |
#ifdef __NR_mmap |