summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-10-22 23:34:03 +0200
committerJulian Andres Klode <jak@debian.org>2017-10-22 23:38:31 +0200
commit32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree3234d16c59f85a84a02371e6ef2f0bc79af42738 /doc
parent9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)
downloadapt-32bcbd73e0988d2d2237690ffae33b4f5cc5ff81.tar.gz
Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/configure-index3
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 61a749495..f0d81bb7a 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -639,6 +639,9 @@ apt::planner "<STRING>";
apt::system "<STRING>";
apt::acquire::translation "<STRING>"; // deprecated in favor of Acquire::Languages
apt::sandbox::user "<STRING>";
+apt::sandbox::seccomp "<BOOL>";
+apt::sandbox::seccomp::allow "<LIST>";
+apt::sandbox::seccomp::trap "<LIST>";
apt::color::highlight "<STRING>";
apt::color::neutral "<STRING>";