From 11392da84903eb024f2709023830f40e1cb5b794 Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Fri, 2 Aug 2019 17:59:03 +0200
Subject: [PATCH] apt: enable seccomp sandbox

---
 apt/files/51apt-sandbox | 1 +
 apt/tasks/main.yml      | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 apt/files/51apt-sandbox

diff --git a/apt/files/51apt-sandbox b/apt/files/51apt-sandbox
new file mode 100644
index 0000000..6f4b434
--- /dev/null
+++ b/apt/files/51apt-sandbox
@@ -0,0 +1 @@
+APT::Sandbox::Seccomp "true";
diff --git a/apt/tasks/main.yml b/apt/tasks/main.yml
index 3af814e..b861f4e 100644
--- a/apt/tasks/main.yml
+++ b/apt/tasks/main.yml
@@ -24,13 +24,16 @@
 
 - meta: flush_handlers
 
-- name: ensure fix of /tmp script bug
+- name: ensure apt and dpkg are configured
   copy:
-    src: 50debconf-exec-tmp
+    src: "{{ item }}"
     dest: /etc/apt/apt.conf.d/
     owner: root
     group: root
     mode: '0644'
+  with_items:
+    - 50debconf-exec-tmp
+    - 51apt-sandbox
   tags:
     - config
     - apt
-- 
GitLab