| Summary: | Selinux based sandbox | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | jchadima | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED WONTFIX | ||||||
| Severity: | normal | CC: | djm, jfch, jjelen | ||||
| Priority: | P2 | ||||||
| Version: | 5.9p1 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
|
Description
jchadima
2011-09-20 16:06:35 AEST
Created attachment 2092 [details]
Patch adding selinux sandbox
Retarget from 6.0 to 6.1 Retarget 6.0 => 6.1 Retarget uncompleted bugs from 6.1 => 6.2 Retarget bugs from 6.1 => 6.2 retarget to openssh-6.3 Retarget to openssh-6.4 Retarget 6.3 -> 6.4 Retarget incomplete bugs / feature requests to 6.6 release Retarget incomplete bugs / feature requests to 6.6 release Retarget to 6.7 release, since 6.6 was mostly bugfixing. Remove from 6.6 tracking bug Retarget incomplete bugs to 6.8 release. These bugs are no longer targeted at the imminent 6.7 release OpenSSH 6.8 is approaching release and closed for major work. Retarget these bugs for the next release. Retarget to 6.9 I'm not sure we want this - everyone is picking up seccomp-bpf on Linux, so supporting (in perpetuity) another sandbox that will only become less used over time doesn't seem like a good idea. (In reply to Damien Miller from comment #17) > I'm not sure we want this - everyone is picking up seccomp-bpf on > Linux, so supporting (in perpetuity) another sandbox that will only > become less used over time doesn't seem like a good idea. Yes, you are right. At this time, there is no need to use SELinux sandbox, when seccomp adds better security and works almost everywhere. We don't use it either so I there is no reason for this bug to rot here. You can close it with appropriate flags. Close all resolved bugs after 7.3p1 release |