HomeFreeBSD

openssh: simplify login class restrictions

Description

openssh: simplify login class restrictions

Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.

During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.

Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760

Details

Provenance
emasteAuthored on Aug 31 2021, 7:30 PM
Reviewer
allanjude
Differential Revision
D31760: openssh: simplify login class restrictions
Parents
R10:c511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Branches
Unknown
Tags
Unknown