[Bug 2011] sandbox selection needs some kind of fallback mechanism
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat May 19 00:45:42 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2011
--- Comment #1 from Colin Watson <cjwatson at debian.org> 2012-05-19 00:45:42 EST ---
Created attachment 2154
--> https://bugzilla.mindrot.org/attachment.cgi?id=2154
strawman patch for sandbox fallback
Perhaps something along these general lines? I haven't quite got
seccomp_filter working for me with this patch yet; the probing
subprocess gets SIGSYS rather than doing anything more useful.
However, that might be something to do with running 32-bit userspace on
a 64-bit kernel, and it does at least manage to fall back to the rlimit
sandbox.
I'd welcome comments on the general approach, anyway.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list