From 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sun, 22 Oct 2017 23:34:03 +0200
Subject: Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.

Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.

We might want to clean up things a bit more and/or move it
somewhere else.
---
 doc/examples/configure-index | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'doc/examples')

diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 61a749495..f0d81bb7a 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -639,6 +639,9 @@ apt::planner "<STRING>";
 apt::system "<STRING>";
 apt::acquire::translation "<STRING>"; // deprecated in favor of Acquire::Languages
 apt::sandbox::user "<STRING>";
+apt::sandbox::seccomp "<BOOL>";
+apt::sandbox::seccomp::allow "<LIST>";
+apt::sandbox::seccomp::trap "<LIST>";
 apt::color::highlight "<STRING>";
 apt::color::neutral "<STRING>";
 
-- 
cgit v1.2.3