On Wed, 11 Feb 2015, Dmitry V. Levin wrote: > On Wed, Feb 11, 2015 at 02:46:50PM -0300, Cristian Rodr?guez wrote: > > *SSL libraries or the C library may/will require it. > > In what circumstances do they need it? > Do they need it with GRND_RANDOM bit set? > > Note that this system call equivalents to opening (with subsequent > reading) of /dev/random and /dev/urandom, which is not allowed by this > seccomp filter. IMO they shouldn't need it - we take care to prime both the arc4random and libcrypto pools before sandboxing. I don't mind adding it though, and don't think it hurts. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev