[Bug 3855] sshd-auth sandbox limitations

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3855

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
(In reply to Adrian Jarc from comment #5)

> If WolfSSL changes how that works, their wolfCrypt module won't be
> FIPS certified anymore, and that does not help. So this is not an
> option.

No, what I mean is asking if there are any existing WolfSSL API calls
that can be made to prepare it for sandboxing.

> As for 2. point, can we get some pointers as how we could do that?

You'll need to identify the syscall that is failing. If you build
OpenSSH with the SANDBOX_SECCOMP_FILTER_DEBUG define set in
sandbox-seccomp-filter.c (don't use this in production) you'll get an
error message including the syscall number.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.