Control: tags -1 moreinfo Hi all, On Tue, 12 Feb 2019 21:34:00 +0000 Niels Thykier <niels@thykier.net> wrote: > On Fri, 03 Nov 2017 07:37:12 +0100 Niels Thykier <niels@thykier.net> wrote: > > Package: release-notes > > Severity: wishlist > > > > --- News for apt (libapt-pkg5.0 libapt-inst2.0) --- > > apt (1.6~alpha1) unstable; urgency=medium > > > > All methods provided by apt except for cdrom, gpgv, and rsh now > > use seccomp-BPF sandboxing to restrict the list of allowed system > > calls, and trap all others with a SIGSYS signal. Three options > > can be used to configure this further: > > > > APT::Sandbox::Seccomp is a boolean to turn it on/off > > APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap > > APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow > > > > Also, sandboxing is now enabled for the mirror method. > > > > -- Julian Andres Klode <jak@debian.org> Mon, 23 Oct 2017 01:58:18 +0200 > > > > > > Seems like it would be prudent to mention that in the release-notes > > for buster. > > > > Thanks, > > ~Niels > > > > > > Note tos self/update: The feature is (now) *off* by default (see #890489). So, should we still mention this? At least it should only go into the whats-new section now. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature