566375f717
privilege separation has been disabled all that time. The logic was changed such that it was only enabled on Interix, instead of only being disabled on Interix as originally intended. While here, pull in patches from MacPorts to enable privsep on Darwin. Bump PKGREVISION.
23 lines
616 B
Text
23 lines
616 B
Text
;; $NetBSD: org.openssh.sshd.sb.in,v 1.1 2015/08/14 08:57:00 jperkin Exp $
|
|
;;
|
|
;; Copyright (c) 2008 Apple Inc. All Rights reserved.
|
|
;;
|
|
;; sshd - profile for privilege separated children
|
|
;;
|
|
;; WARNING: The sandbox rules in this file currently constitute
|
|
;; Apple System Private Interface and are subject to change at any time and
|
|
;; without notice.
|
|
;;
|
|
|
|
(version 1)
|
|
|
|
(deny default)
|
|
|
|
(allow file-chroot)
|
|
(allow file-read-metadata (literal "@VARBASE@"))
|
|
|
|
(allow sysctl-read)
|
|
(allow mach-per-user-lookup)
|
|
(allow mach-lookup
|
|
(global-name "com.apple.system.notification_center")
|
|
(global-name "com.apple.system.logger"))
|