On 10/02/2015 10:32 AM, Steve Beattie wrote: > On Thu, Oct 01, 2015 at 10:21:38PM -0700, Seth Arnold wrote: >> Hopefully the mediation points are still useful in OpenSSH. Perhaps >> they've changed as much as we have. > > I'm not sure they are; the thing I've been meaning to > look at is OpenSSH's sandbox infrastructure to add an > apparmor option (e.g. see the seccomp sandbox discussed in > http://www.chiark.greenend.org.uk/~cjwatson/blog/openssh-6.0p1.html ).
Works so well that I wonder why "UsePrivilegeSeparation sandbox" isn't the default in Debian/Ubuntu. > That said, this is a case where I *would* like to stack things by > enabling both the apparmor sandbox and the seccomp sandbox at the same > time. This would indeed be a good addition to the rlimits+seccomp sandbox. Thank you both for digging up the old patch and look at it. Regards, Simon
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
