diff options
author | Julian Andres Klode <jak@debian.org> | 2017-10-22 23:34:03 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2017-10-22 23:38:31 +0200 |
commit | 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch) | |
tree | 3234d16c59f85a84a02371e6ef2f0bc79af42738 /doc | |
parent | 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff) | |
download | apt-32bcbd73e0988d2d2237690ffae33b4f5cc5ff81.tar.gz |
Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/examples/configure-index | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 61a749495..f0d81bb7a 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -639,6 +639,9 @@ apt::planner "<STRING>"; apt::system "<STRING>"; apt::acquire::translation "<STRING>"; // deprecated in favor of Acquire::Languages apt::sandbox::user "<STRING>"; +apt::sandbox::seccomp "<BOOL>"; +apt::sandbox::seccomp::allow "<LIST>"; +apt::sandbox::seccomp::trap "<LIST>"; apt::color::highlight "<STRING>"; apt::color::neutral "<STRING>"; |