[Bug 2142] openssh sandboxing using libseccomp

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 14 11:08:28 EST 2013


--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Sure, but I don't see the point - what's the advantage to using
libseccomp? It looks like it might have some advantages if we were
doing argument inspection, were scared of writing BPF or running a
complex policy but we aren't.

The existing seccomp sandbox will work on any system that has
libseccomp and will do the same thing with fewer dependencies and less
code. Adding another sandbox that does exactly the same thing just
means we need to maintain two sets of code instead of one.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list