[PATCH 0/2] sandbox-seccomp-filter: logging and cleanup fixes
manfred.kaiser at ssh-mitm.at
manfred.kaiser at ssh-mitm.at
Sun May 24 18:12:06 AEST 2026
Dear OpenSSH developers,
the following two patches fix a logging issue and remove a duplicate
syscall entry in sandbox-seccomp-filter.c.
Patch 1 replaces debug() with error() when prctl(PR_SET_SECCOMP) fails.
With debug(), a failure would go unnoticed in normal operation, which is
a security concern as the seccomp sandbox would silently be inactive.
Patch 2 removes a duplicate SC_ALLOW(__NR_clock_gettime64) block that
is already covered at line 297.
Manfred Kaiser
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-sandbox-seccomp-filter-use-error-for-seccomp-setup-f.patch
Type: text/x-patch
Size: 1120 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260524/751aa214/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-sandbox-seccomp-filter-remove-duplicate-SC_ALLOW-__N.patch
Type: text/x-patch
Size: 878 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260524/751aa214/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list