| Age | Commit message (Collapse) | Author |
|---|
|
|
|
add getpid to sandbox, reachable by grace_alarm_handler
reported by Jakub Jelen; bz#2419
Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
|
|
patch from Jakub Jelen
|
|
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
|
|
Also resort and tidy syscall list. Based on patches by Jakub Jelen
bz#2361; ok dtucker@
|
|
patch from Felix von Leitner; ok dtucker
|
|
remind myself to add sandbox violation logging via the log socket.
|
|
__NR_shutdown; some go via the socketcall(2) multiplexer.
|
|
syscall from sandboxes; it may be called by packet_close.
|
|
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
|
|
|
|
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
|
|
not available. Allows use of sshd compiled on host with a filter-capable
kernel on hosts that lack the support. bz#2011 ok dtucker@
|
|
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
|
