On Mon, Mar 03, 2014 at 10:47:43PM +0100, Dimitry Andric wrote: > On 03 Mar 2014, at 21:36, John Baldwin <j...@freebsd.org> wrote: > > On Thursday, February 27, 2014 12:29:02 pm Dag-Erling SmXXrgrav wrote: > >> Author: des > >> Date: Thu Feb 27 17:29:02 2014 > >> New Revision: 262566 > >> URL: http://svnweb.freebsd.org/changeset/base/262566 > >> > >> Log: > >> MFH (r261320): upgrade openssh to 6.5p1 > >> MFH (r261340): enable sandboxing by default > > > > Mails on stable@ suggest that this latter change may be a bit of a POLA > > violation as if people are using a custom kernel configuration that doesn't > > include CAPSICUM they are now locked out of their boxes as sshd fails. It > > seems that this is at least worth a note in UPDATING if not adding a > > workaround to handle the case of a kernel without CAPSICUM. > > Wouldn't it be enough to merge r261499 ("Fix installations that use > kernels without CAPABILITIES support") by pjd?
Yes, my change should be definiately merged with OpenSSH merge. If nobody beats me to it, I should be able to merge it tomorrow. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com
pgp6dSgCuTJph.pgp
Description: PGP signature
