/usr/sbin/sshd dpoX {
        /var/run
        /var/run/sshd.pid rw
        /var/run/utmp rw
        /var/log/wtmp w
        /var/log
        /root
	/root/.ssh r
        /proc
	/dev
	/dev/log rw
        /dev/tty rw
	/dev/null rw
        /dev/pts rw
        /dev/ptmx rw
        /var/run/sshd
        /var/mail
        /var/log/lastlog rw
        /usr/lib rx
	/lib rx
	/home
	/etc r
	/etc/grsec h
	/bin/bash x
	/tmp rw
	/ h

	-CAP_ALL
	+CAP_CHOWN
	+CAP_SETGID
	+CAP_SETUID
	+CAP_SYS_CHROOT
	+CAP_SYS_RESOURCE
	+CAP_SYS_TTY_CONFIG

	RES_CRASH 1 10m

	connect {
		0.0.0.0/0:53 dgram udp
	}

	bind {
		0.0.0.0/0:22 stream tcp
	}
}
