- (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is

not available. Allows use of sshd compiled on host with a filter-capable
   kernel on hosts that lack the support. bz#2011 ok dtucker@

ChangeLog

@@ -1,3 +1,8 @@
+20120706
+ - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
+   not available. Allows use of sshd compiled on host with a filter-capable
+   kernel on hosts that lack the support. bz#2011 ok dtucker@
+
 20120704
  - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
    platforms that don't have it.  "looks good" tim@

sandbox-seccomp-filter.c

@@ -179,6 +179,7 @@ void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
 	struct rlimit rl_zero;
+	int nnp_failed = 0;
 
 	/* Set rlimits for completeness if possible. */
 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
@@ -197,13 +198,18 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
 
 	debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
-	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
-		fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
+	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
+		debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
 		      __func__, strerror(errno));
+		nnp_failed = 1;
+	}
 	debug3("%s: attaching seccomp filter program", __func__);
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
-		fatal("%s: prctl(PR_SET_SECCOMP): %s",
+		debug("%s: prctl(PR_SET_SECCOMP): %s",
 		      __func__, strerror(errno));
+	else if (nnp_failed)
+		fatal("%s: SECCOMP_MODE_FILTER activated but "
+		    "PR_SET_NO_NEW_PRIVS failed", __func__);
 }
 
 void