seccomp_filter

Carsten Mattner carstenmattner at gmail.com
Thu Jul 26 00:48:36 EST 2012


Can I configure openssh with --sandbox=seccomp_filter and have it still run
on older kernels with sandboxing via rlimit? I'm asking from a linux
distro packaging
point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox?
It looks to
me as if I can only link in one of the sandbox plugins.

An openssh build with seccomp_filter enabled will probably have no sandbox
at all on linux < 3.5. Is that correct? Would it start up linux 3.4 or
3.2 at all?


More information about the openssh-unix-dev mailing list