WIP: Sandboxing APT
09-13, 16:30–16:55 (Europe/Berlin), Main Hall

A short case study on where we are with sandboxing APT; what gaps there are and what technologies we looked at.


Downloading packages, verifying packages, installing packages, protecting user data from snoopy or broken maintainer scripts. A package manager has a lot of places that can need some sort of sandboxing.

APT currently employs a minimal sandbox using a separate user for downloading, and optionally seccomp. This talk will explore that, the caveats and some more avenues like landlock, running apt in systemd isolation (useful for our apt-based .service units), file descriptor passing into sandbox.

Julian started working on Debian and Ubuntu in his free time in 2007 in the area of package management, contributing to apt itself since 2009, primarily since 2015, and joined Canonical in 2018 where he continued working on apt as well as other system software, testing automation, and boot loaders.

This speaker also appears in: