Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
author: Julian Andres Klode <jak@debian.org> 2017-10-22 23:34:03 +0200
committer: Julian Andres Klode <jak@debian.org> 2017-10-22 23:38:31 +0200
commit: 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree: 3234d16c59f85a84a02371e6ef2f0bc79af42738 /CMakeLists.txt
parent: 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 04a8be22a..1c703307e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -108,6 +108,11 @@ if (UDEV_FOUND)
   set(HAVE_UDEV 1)
 endif()
 
+find_package(Seccomp)
+if (SECCOMP_FOUND)
+  set(HAVE_SECCOMP 1)
+endif()
+
 # Mount()ing and stat()ing and friends
 check_symbol_exists(statfs sys/vfs.h HAVE_VFS_H)
 check_include_files(sys/params.h HAVE_PARAMS_H)
author	Julian Andres Klode <jak@debian.org>	2017-10-22 23:34:03 +0200
committer	Julian Andres Klode <jak@debian.org>	2017-10-22 23:38:31 +0200
commit	32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree	3234d16c59f85a84a02371e6ef2f0bc79af42738 /CMakeLists.txt
parent	9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)