[Bug 2011] sandbox selection needs some kind of fallback mechanism

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat May 19 00:45:42 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #1 from Colin Watson <cjwatson at debian.org> 2012-05-19 00:45:42 EST ---
Created attachment 2154
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2154
strawman patch for sandbox fallback

Perhaps something along these general lines?  I haven't quite got
seccomp_filter working for me with this patch yet; the probing
subprocess gets SIGSYS rather than doing anything more useful. 
However, that might be something to do with running 32-bit userspace on
a 64-bit kernel, and it does at least manage to fall back to the rlimit
sandbox.

I'd welcome comments on the general approach, anyway.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list