TL:DR ; nanosleep.
I've upgraded to apt 1.6~alpha2 (amd64)and I'm now getting the following error message.
[21:02] <nicodache@tcherepnin> ~ $ sudo apt-get update
[sudo] Mot de passe de nicodache :
Réception de:1 http://ftp.belnet.be/debian sid InRelease [235 kB]
0% [1 InRelease 2.679 B/235 kB 1%] [Connexion à deb.opera.com (185.26.183.130)]
**** Seccomp prevented execution of syscall 0000000035 on architecture amd64 ****
I've tried to add it into /etc/apt/apt.conf (I just added
APT::Sandbox::Seccomp::Allow { "0000000035";};
to it).
This yields
0% [En cours]EE: : Cannot allow 0000000035: Argument invalide - aptMethod::Configuration (0: Succès)
Cannot allow 0000000035: Argument invalide - aptMethod::Configuration (0: Succès)
Lecture des listes de paquets... Fait
E: Method https has died unexpectedly!
E: Le sous-processus https a renvoyé un code d'erreur (100)
I foolishly looked at man 2 syscalls, and using dec/octal/hexa numbering, tried all the relative syscalls I found in the list presented there, in the order given by the man page (that is, chroot clone delete_module epoll_wait fallocate fgetxattr).
Then I got smarter, and I found arch/x86/entry/syscalls/syscall_64.tbl, which is in a format which made much more sense to me.
[21:44] <nicodache@tcherepnin> /tmp/linux-4.13.10 $ grep ^35 arch/x86/entry/syscalls/syscall_64.tbl
35 common nanosleep sys_nanosleep
And that now works as expected *\o/*
So you may want to add nanosleep, and maybe also clock_nanosleep to the default APT seccomp config.
Cheers (and thanks for that ~alpha2 modifications).
-- N