Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
author: Julian Andres Klode <jak@debian.org> 2017-10-22 23:34:03 +0200
committer: Julian Andres Klode <jak@debian.org> 2017-10-22 23:38:31 +0200
commit: 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree: 3234d16c59f85a84a02371e6ef2f0bc79af42738 /methods/copy.cc
parent: 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/methods/copy.cc b/methods/copy.cc
index fd4786ede..cc2fe9ea4 100644
--- a/methods/copy.cc
+++ b/methods/copy.cc
@@ -30,8 +30,10 @@ class CopyMethod : public aptMethod
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
 
    public:
-
-   CopyMethod() : aptMethod("copy", "1.0",SingleInstance | SendConfig) {};
+   CopyMethod() : aptMethod("copy", "1.0", SingleInstance | SendConfig)
+   {
+      SeccompFlags = aptMethod::BASE;
+   }
 };
 
 // CopyMethod::Fetch - Fetch a file					/*{{{*/
author	Julian Andres Klode <jak@debian.org>	2017-10-22 23:34:03 +0200
committer	Julian Andres Klode <jak@debian.org>	2017-10-22 23:38:31 +0200
commit	32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree	3234d16c59f85a84a02371e6ef2f0bc79af42738 /methods/copy.cc
parent	9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)