Per Upstream Buig #2509, which I reopened a little while ago, in openssh-7.3, MIPS was one of the archs that gained seccomp sandboxing support via a "whitelist" that was added to configure.ac. From the original Red Hat bug #1195065: + mips-*) + seccomp_audit_arch=AUDIT_ARCH_MIPS + ;; + mipsel-*) + seccomp_audit_arch=AUDIT_ARCH_MIPSEL + ;; + mips64-*) + seccomp_audit_arch=AUDIT_ARCH_MIPS64 + ;; + mips64el-*) + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + ;; The two bits for mips64-* and mips64el-* will fail on N32 userlands because those ABI's need AUDIT_ARCH_MIPS64N32 or AUDIT_ARCH_MIPSEL64N32. Failure to use this and having "UsePrivilegeSeparation sandbox" in sshd_config will cause the child process spawned by the parent sshd process to die with a SIGSYS error. I might have a patch for the Gentoo side later on today, but I've re-opened the upstream bug so they can figure out a way to fix it that works for them. So this is a hybrid of a tracking/upstream bug that will soon have a Gentoo-specific fix (which will probably rely on checking the selected profile or such). Unknown how this will affect the N64 case, let alone multilib installs.
Created attachment 443768 [details, diff] patch for openssh-7.3p1 to changes mips64/mips64el case to use N32 ABI It's a bit of a brutish hack for the mips case until upstream implements a proper fix.
Created attachment 443770 [details, diff] patch to openssh-7.3_p1-r1.ebuild to apply the N32 patch The N32 patch is only applied if $CHOST is "mips64*-unknown-*" and $ABI is "n32".
Forgot to add the rest of the MIPS team.
Fixed with provided patch in openssh-7.3_p1-r5 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82d72deec8357ab399ef96e4d4eda1b64bc37f6f
