1940 – Selinux based sandbox

Bug 1940 - Selinux based sandbox

Summary: Selinux based sandbox

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.9p1
Hardware:	All Linux

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-20 16:06 AEST by jchadima
Modified:	2016-08-02 10:42 AEST (History)
CC List:	3 users (show)

See Also:

Attachments
Patch adding selinux sandbox (10.82 KB, patch) 2011-09-20 16:07 AEST, jchadima	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jchadima 2011-09-20 16:06:35 AEST

sandboxing appears in openssh 5.9p1. This patch add specific code to use SELinux for sandboxing.

Comment 1 jchadima 2011-09-20 16:07:42 AEST

Created attachment 2092 [details]
Patch adding selinux sandbox

Comment 2 Damien Miller 2012-02-24 10:34:22 AEDT

Retarget from 6.0 to 6.1

Comment 3 Damien Miller 2012-02-24 10:38:00 AEDT

Retarget 6.0 => 6.1

Comment 4 Damien Miller 2012-09-07 11:37:58 AEST

Retarget uncompleted bugs from 6.1 => 6.2

Comment 5 Damien Miller 2012-09-07 11:40:26 AEST

Retarget bugs from 6.1 => 6.2

Comment 6 Damien Miller 2013-03-08 10:23:32 AEDT

retarget to openssh-6.3

Comment 7 Damien Miller 2013-07-25 12:17:40 AEST

Retarget to openssh-6.4

Comment 8 Damien Miller 2013-07-25 12:20:35 AEST

Retarget 6.3 -> 6.4

Comment 9 Damien Miller 2014-02-06 10:17:53 AEDT

Retarget incomplete bugs / feature requests to 6.6 release

Comment 10 Damien Miller 2014-02-06 10:19:48 AEDT

Retarget incomplete bugs / feature requests to 6.6 release

Comment 11 Damien Miller 2014-04-12 14:49:36 AEST

Retarget to 6.7 release, since 6.6 was mostly bugfixing.

Comment 12 Damien Miller 2014-04-12 14:54:50 AEST

Remove from 6.6 tracking bug

Comment 13 Damien Miller 2014-08-30 04:37:52 AEST

Retarget incomplete bugs to 6.8 release.

Comment 14 Damien Miller 2014-08-30 04:39:54 AEST

These bugs are no longer targeted at the imminent 6.7 release

Comment 15 Damien Miller 2015-03-03 07:59:04 AEDT

OpenSSH 6.8 is approaching release and closed for major work. Retarget these bugs for the next release.

Comment 16 Damien Miller 2015-03-03 08:01:46 AEDT

Retarget to 6.9

Comment 17 Damien Miller 2015-05-25 10:06:43 AEST

I'm not sure we want this - everyone is picking up seccomp-bpf on Linux, so supporting (in perpetuity) another sandbox that will only become less used over time doesn't seem like a good idea.

Comment 18 Jakub Jelen 2015-10-23 00:15:07 AEDT

(In reply to Damien Miller from comment #17)
> I'm not sure we want this - everyone is picking up seccomp-bpf on
> Linux, so supporting (in perpetuity) another sandbox that will only
> become less used over time doesn't seem like a good idea.

Yes, you are right. At this time, there is no need to use SELinux sandbox, when seccomp adds better security and works almost everywhere. We don't use it either so I there is no reason for this bug to rot here. You can close it with appropriate flags.

Comment 19 Damien Miller 2016-08-02 10:42:35 AEST

Close all resolved bugs after 7.3p1 release