seccomp_filter

Damien Miller djm at mindrot.org
Tue Aug 21 08:59:25 EST 2012


On Mon, 20 Aug 2012, Carsten Mattner wrote:

> On Thu, Jul 26, 2012 at 1:57 PM, Damien Miller <djm at mindrot.org> wrote:
> > On Thu, 26 Jul 2012, Carsten Mattner wrote:
> >
> >> > HEAD will fallback to the rlimit pseudo-sandbox if seccomp was enabled at
> >> > compile-time but is not available at runtime. openssh-6.0 will fatal() for
> >> > these cases.
> >>
> >> That sounds good. Is it available in a single commit I could backport
> >> until the next release? Is it correct that November 2012 is the
> >> release date for 6.1?
> >
> > It will probably be sooner than that. Perhaps late this month even.
> >
> > http://hg.mindrot.org/openssh/raw-rev/d8de6b1ebec9 should be all you
> > need.
> 
> Any new on the 6.1 release?

within days

> Also when running ./configure with a sufficient linux kernel and headers
> will the autoconf script default to the seccomp sandbox?

Yes

-d


More information about the openssh-unix-dev mailing list