From 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Sun, 22 Oct 2017 23:34:03 +0200 Subject: Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. --- prepare-release | 1 + 1 file changed, 1 insertion(+) (limited to 'prepare-release') diff --git a/prepare-release b/prepare-release index e12ca2dc9..e9e9362da 100755 --- a/prepare-release +++ b/prepare-release @@ -40,6 +40,7 @@ test_deb_control() { | sed -r -e 's#<[^,<>()@]*>##g' \ -e 's#@[^,<>()@]*@##g' \ -e 's#\[linux-any\]*##g' \ + -e 's#\[[^][]*\]*##g' \ -e 's#dpkg-dev \([^)]*\)#dpkg-dev#g' \ -e 's#debhelper \([^)]*\)#debhelper#g' \ -e 's#g\+\+ \([^)]*\)#g++#g' \ -- cgit v1.2.3