[Bug 2752] Allow syscalls for openssl engines on s390x
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri May 25 13:56:00 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2752
--- Comment #7 from Damien Miller <djm at mindrot.org> ---
I've committed the getuid patch.
wrt the remaining patches:
There isn't much point in permitting flock() - the process is in a
chroot environment and all fs operations should fail here. Could we
SC_DENY it with ENOENT or EACCESS instead?
The ipc(2) syscall is much too broad to allow in a sandbox - it
includes a number of capabilities that could be used for sandbox
escape. Is there a safe subset that could be enabled?
Is there any documentation on the ZSENDEP11CPRB ioctl?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list