Control: forwarded -1 https://github.com/yrutschle/sslh/issues/450

On Tue, 02 Jun 2026, Daniel Höpfl wrote:n
> Package: sslh
> Version: 2.1.4-1+b1
> Severity: important
> Tags: upstream
> 
> Dear maintainer,
> 
> I use sslh to have both, HTTPs and SSH on one port.
> I also monitor the network to detect suspicious requests and I use other 
> services to regularly update my /etc/hosts.deny.

As you point out, this is upstream
https://github.com/yrutschle/sslh/issues/450 which is fixed in 2.3.1.

It's not the apparmor config; it's the landlock(7) configuration of the
executable which restricts sslh from reading /etc/hosts.{allow,deny}.

I suspect the fact that this works at all initially is because libwrap
is reading those files before the landlock configuration is enforced on
the executable.

In any event, this will be addressed as soon as I finish updating sslh.

-- 
Don Armstrong                      https://www.donarmstrong.com

To steal ideas from one person is plagiarism; to steal from many is
research.
 -- Steven Wright

Reply via email to