From owner-freebsd-current@FreeBSD.ORG Wed Feb 5 07:52:07 2014 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 49508ED; Wed, 5 Feb 2014 07:52:07 +0000 (UTC) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F18161A10; Wed, 5 Feb 2014 07:52:06 +0000 (UTC) Received: from [IPv6:2001:7b8:3a7::b47f:4e8f:d41c:5726] (unknown [IPv6:2001:7b8:3a7:0:b47f:4e8f:d41c:5726]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id E30D95C44; Wed, 5 Feb 2014 08:51:57 +0100 (CET) Subject: Re: sshd sandbox failure Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Content-Type: multipart/signed; boundary="Apple-Mail=_722A8017-1271-4AF7-97C1-44FB5B3AC044"; protocol="application/pgp-signature"; micalg=pgp-sha1 X-Pgp-Agent: GPGMail 2.1 (6062eb4) From: Dimitry Andric In-Reply-To: <1391504775.87254301.zmbcoto6@frv45.fwdcdn.com> Date: Wed, 5 Feb 2014 08:51:51 +0100 Message-Id: <843FE764-A432-497D-AAC7-D06FB71AF57D@FreeBSD.org> References: <1391504775.87254301.zmbcoto6@frv45.fwdcdn.com> To: Vladimir Sharun X-Mailer: Apple Mail (2.1827) Cc: Ian FREISLICH , current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2014 07:52:07 -0000 --Apple-Mail=_722A8017-1271-4AF7-97C1-44FB5B3AC044 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 04 Feb 2014, at 10:08, Vladimir Sharun wrote: > Seems it must be in UPDATING or even in the buildworld: without = capsicum framework support no ssh access to the server anymore. >=20 > I step in the same problem this weekend, thank to the IPMI on the home = testebed I figured out what's the cause. >>=20 >> Since the openssh update in recent -CURRENT, I get these in my >> auth.log until I disable sandbox UsePrivilegeSeparation in = sshd_config. >>=20 >> Feb 3 10:02:14 firewall1 sshd[90062]: fatal: ssh_sandbox_child: = failed to limit the network socket [preauth] >>=20 >> Is there something that I missed during the update? This was an oversight fixed by Pawel in r261499. Pawel, maybe you can add a special note to UPDATING for it? -Dimitry --Apple-Mail=_722A8017-1271-4AF7-97C1-44FB5B3AC044 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlLx7ZsACgkQsF6jCi4glqNOPACePpTuFY9O1GaQtRuIxTN1bnNG Ix4AnjPWAmnoaCTL0VywMnR/EL++2xrE =QA82 -----END PGP SIGNATURE----- --Apple-Mail=_722A8017-1271-4AF7-97C1-44FB5B3AC044--