Hi Niels, Thanks for your bugreport! On Fri, Nov 03, 2017 at 07:37:12AM +0100, Niels Thykier wrote: > Package: release-notes > Severity: wishlist > > --- News for apt (libapt-pkg5.0 libapt-inst2.0) --- > apt (1.6~alpha1) unstable; urgency=medium > > All methods provided by apt except for cdrom, gpgv, and rsh now > use seccomp-BPF sandboxing to restrict the list of allowed system > calls, and trap all others with a SIGSYS signal. Three options > can be used to configure this further: > > APT::Sandbox::Seccomp is a boolean to turn it on/off > APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap > APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow > > Also, sandboxing is now enabled for the mirror method. > > -- Julian Andres Klode <jak@debian.org> Mon, 23 Oct 2017 01:58:18 +0200 > > Seems like it would be prudent to mention that in the release-notes > for buster. Are https and debtorrent "methods provided by apt", or are these methods shipped in other optional packages and not yet sandboxed? Is the mirror method now using the same sandboxing implementation? The text could be more clear; for some answers to these questions a proposed enhanced text is: All methods provided by apt (e.g. http, https, debtorrent, ...) except for cdrom, gpgv, and rsh now use seccomp-BPF sandboxing as supplied by the Linux kernel to restrict the list of allowed system calls, and trap all others with a SIGSYS signal. [...] Also, this sandboxing is now enabled for the mirror method. Bye, Joost
Attachment:
signature.asc
Description: Digital signature