seccomp_filter

Carsten Mattner carstenmattner at gmail.com
Tue Aug 21 01:39:13 EST 2012


On Thu, Jul 26, 2012 at 1:57 PM, Damien Miller <djm at mindrot.org> wrote:
> On Thu, 26 Jul 2012, Carsten Mattner wrote:
>
>> > HEAD will fallback to the rlimit pseudo-sandbox if seccomp was enabled at
>> > compile-time but is not available at runtime. openssh-6.0 will fatal() for
>> > these cases.
>>
>> That sounds good. Is it available in a single commit I could backport
>> until the next release? Is it correct that November 2012 is the
>> release date for 6.1?
>
> It will probably be sooner than that. Perhaps late this month even.
>
> http://hg.mindrot.org/openssh/raw-rev/d8de6b1ebec9 should be all you
> need.

Any new on the 6.1 release?

Also when running ./configure with a sufficient linux kernel and headers
will the autoconf script default to the seccomp sandbox?


More information about the openssh-unix-dev mailing list