WIP: Sandboxing APT

Julian Andres Klode

Playlists: 'asg2023' videos starting here / audio

A short case study on where we are with sandboxing APT; what gaps there are and what technologies we looked at.

Downloading packages, verifying packages, installing packages, protecting user data from snoopy or broken maintainer scripts. A package manager has a lot of places that can need some sort of sandboxing.

APT currently employs a minimal sandbox using a separate user for downloading, and optionally seccomp. This talk will explore that, the caveats and some more avenues like landlock, running apt in systemd isolation (useful for our apt-based .service units), file descriptor passing into sandbox.