From 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sun, 22 Oct 2017 23:34:03 +0200
Subject: Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.

Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.

We might want to clean up things a bit more and/or move it
somewhere else.
---
 methods/rred.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'methods/rred.cc')

diff --git a/methods/rred.cc b/methods/rred.cc
index 3a3b20286..d4cf1050d 100644
--- a/methods/rred.cc
+++ b/methods/rred.cc
@@ -721,7 +721,10 @@ class RredMethod : public aptMethod {
       }
 
    public:
-      RredMethod() : aptMethod("rred", "2.0", SendConfig), Debug(false) {}
+   RredMethod() : aptMethod("rred", "2.0", SendConfig), Debug(false)
+   {
+      SeccompFlags = aptMethod::BASE | aptMethod::DIRECTORY;
+   }
 };
 
 int main(int argc, char **argv)
-- 
cgit v1.2.3