[apparmor] sshd and hats

Steve Beattie steve at nxnw.org
Fri Oct 2 14:32:18 UTC 2015

On Thu, Oct 01, 2015 at 10:21:38PM -0700, Seth Arnold wrote:
> Hopefully the mediation points are still useful in OpenSSH. Perhaps
> they've changed as much as we have.

I'm not sure they are; the thing I've been meaning to
look at is OpenSSH's sandbox infrastructure to add an
apparmor option (e.g. see the seccomp sandbox discussed in
http://www.chiark.greenend.org.uk/~cjwatson/blog/openssh-6.0p1.html ).
That said, this is a case where I *would* like to stack things by
enabling both the apparmor sandbox and the seccomp sandbox at the same

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151002/408105ad/attachment.pgp>

More information about the AppArmor mailing list