From b514128890d5cf96a76393e8d261d79e0be7f0e4 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Thu, 26 Oct 2017 17:42:58 +0200
Subject: seccomp: Allow ipc() for fakeroot, and allow sysinfo() for sort

Sorting apparently calls sysconf() which calls sysinfo() to get
free pages or whatever.

Closes: #879814, #879826
---
 methods/aptmethod.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'methods')

diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index f88512564..e406e3c37 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -206,6 +206,7 @@ protected:
 #endif
       ALLOW(sync);
       ALLOW(syscall);
+      ALLOW(sysinfo);
       ALLOW(time);
       ALLOW(truncate);
       ALLOW(truncate64);
@@ -255,6 +256,7 @@ protected:
 	 ALLOW(msgrcv);
 	 ALLOW(msgget);
 	 ALLOW(msgctl);
+	 ALLOW(ipc);
       }
 
       for (auto &custom : _config->FindVector("APT::Sandbox::Seccomp::Allow"))
-- 
cgit v1.2.3