Control: forwarded -1 https://github.com/yrutschle/sslh/issues/450
On Tue, 02 Jun 2026, Daniel Höpfl wrote:n > Package: sslh > Version: 2.1.4-1+b1 > Severity: important > Tags: upstream > > Dear maintainer, > > I use sslh to have both, HTTPs and SSH on one port. > I also monitor the network to detect suspicious requests and I use other > services to regularly update my /etc/hosts.deny. As you point out, this is upstream https://github.com/yrutschle/sslh/issues/450 which is fixed in 2.3.1. It's not the apparmor config; it's the landlock(7) configuration of the executable which restricts sslh from reading /etc/hosts.{allow,deny}. I suspect the fact that this works at all initially is because libwrap is reading those files before the landlock configuration is enforced on the executable. In any event, this will be addressed as soon as I finish updating sslh. -- Don Armstrong https://www.donarmstrong.com To steal ideas from one person is plagiarism; to steal from many is research. -- Steven Wright

