Bug#880638: release-notes: Document apt sandbox support [buster]

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#880638: release-notes: Document apt sandbox support [buster]
From: Niels Thykier <niels@thykier.net>
Date: Fri, 03 Nov 2017 07:37:12 +0100
Message-id: <[🔎] 150969103297.2406.11516580228555447847.reportbug@mangetsu.thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 880638@bugs.debian.org

Package: release-notes
Severity: wishlist

--- News for apt (libapt-pkg5.0 libapt-inst2.0) ---
apt (1.6~alpha1) unstable; urgency=medium

  All methods provided by apt except for cdrom, gpgv, and rsh now
  use seccomp-BPF sandboxing to restrict the list of allowed system
  calls, and trap all others with a SIGSYS signal. Three options
  can be used to configure this further:

    APT::Sandbox::Seccomp is a boolean to turn it on/off
    APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap
    APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow

  Also, sandboxing is now enabled for the mirror method.

 -- Julian Andres Klode <jak@debian.org>  Mon, 23 Oct 2017 01:58:18 +0200


Seems like it would be prudent to mention that in the release-notes
for buster.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#880638: release-notes: Document apt sandbox support [buster]
  - From: Joost van Baal-Ilić <joostvb-debian-bugs-20171103-2@mdcc.cx>

Prev by Date: Bug#877669: ......Cianix........Free..........Trial..........k1
Next by Date: Bug#878105: release-notes: problems building the release-notes (jessie) for the Debian website
Previous by thread: Bug#877669: ......Cianix........Free..........Trial..........k1
Next by thread: Bug#880638: release-notes: Document apt sandbox support [buster]
Index(es):
- Date
- Thread