#include <tunables/global>
-/usr/bin/freshclam {
+/usr/bin/freshclam flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
+ #include <abstractions/openssl>
capability setgid,
capability setuid,
/usr/sbin/clamd {
#include <abstractions/base>
#include <abstractions/nameservice>
+ #include <abstractions/openssl>
# LP: #433764:
capability dac_override,
// DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal
APT::NeverAutoRemove
{
- "^linux-image-4\.9\.0-8-amd64$";
+ "^linux-image-4\.9\.0-11-amd64$";
"^linux-image-4\.9\.0-9-amd64$";
- "^linux-headers-4\.9\.0-8-amd64$";
+ "^linux-headers-4\.9\.0-11-amd64$";
"^linux-headers-4\.9\.0-9-amd64$";
- "^linux-image-extra-4\.9\.0-8-amd64$";
+ "^linux-image-extra-4\.9\.0-11-amd64$";
"^linux-image-extra-4\.9\.0-9-amd64$";
- "^linux-signed-image-4\.9\.0-8-amd64$";
+ "^linux-signed-image-4\.9\.0-11-amd64$";
"^linux-signed-image-4\.9\.0-9-amd64$";
- "^kfreebsd-image-4\.9\.0-8-amd64$";
+ "^kfreebsd-image-4\.9\.0-11-amd64$";
"^kfreebsd-image-4\.9\.0-9-amd64$";
- "^kfreebsd-headers-4\.9\.0-8-amd64$";
+ "^kfreebsd-headers-4\.9\.0-11-amd64$";
"^kfreebsd-headers-4\.9\.0-9-amd64$";
- "^gnumach-image-4\.9\.0-8-amd64$";
+ "^gnumach-image-4\.9\.0-11-amd64$";
"^gnumach-image-4\.9\.0-9-amd64$";
- "^.*-modules-4\.9\.0-8-amd64$";
+ "^.*-modules-4\.9\.0-11-amd64$";
"^.*-modules-4\.9\.0-9-amd64$";
- "^.*-kernel-4\.9\.0-8-amd64$";
+ "^.*-kernel-4\.9\.0-11-amd64$";
"^.*-kernel-4\.9\.0-9-amd64$";
- "^linux-backports-modules-.*-4\.9\.0-8-amd64$";
+ "^linux-backports-modules-.*-4\.9\.0-11-amd64$";
"^linux-backports-modules-.*-4\.9\.0-9-amd64$";
- "^linux-tools-4\.9\.0-8-amd64$";
+ "^linux-tools-4\.9\.0-11-amd64$";
"^linux-tools-4\.9\.0-9-amd64$";
};
/* Debug information:
# dpkg list:
+iF linux-image-4.9.0-11-amd64 4.9.189-3+deb9u1 amd64 Linux 4.9 for 64-bit PCs
ii linux-image-4.9.0-8-amd64 4.9.144-3.1 amd64 Linux 4.9 for 64-bit PCs
-iF linux-image-4.9.0-9-amd64 4.9.168-1+deb9u5 amd64 Linux 4.9 for 64-bit PCs
-ii linux-image-amd64 4.9+80+deb9u7 amd64 Linux for 64-bit PCs (meta-package)
+ii linux-image-4.9.0-9-amd64 4.9.168-1+deb9u5 amd64 Linux 4.9 for 64-bit PCs
+iU linux-image-amd64 4.9+80+deb9u9 amd64 Linux for 64-bit PCs (meta-package)
# list of installed kernel packages:
+4.9.0-11-amd64 4.9.189-3+deb9u1
4.9.0-8-amd64 4.9.144-3.1
4.9.0-9-amd64 4.9.168-1+deb9u5
# list of different kernel versions:
+4.9.189-3+deb9u1
4.9.168-1+deb9u5
4.9.144-3.1
-# Installing kernel: 4.9.168-1+deb9u5 (4.9.0-9-amd64)
+# Installing kernel: 4.9.189-3+deb9u1 (4.9.0-11-amd64)
# Running kernel: 4.9.168-1+deb9u5 (4.9.0-9-amd64)
-# Last kernel: 4.9.168-1+deb9u5
-# Previous kernel: 4.9.144-3.1
+# Last kernel: 4.9.189-3+deb9u1
+# Previous kernel: 4.9.168-1+deb9u5
# Kernel versions list to keep:
-4.9.144-3.1
4.9.168-1+deb9u5
+4.9.189-3+deb9u1
# Kernel packages (version part) to protect:
-4\.9\.0-8-amd64
+4\.9\.0-11-amd64
4\.9\.0-9-amd64
*/
else
xen_rm_opts="no-real-mode edd=off"
fi
- multiboot ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
+ ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
echo '$(echo "$lmessage" | grub_quote)'
- module ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
+ ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
EOF
if test -n "${initrd}" ; then
# TRANSLATORS: ramdisk isn't identifier. Should be translated.
message="$(gettext_printf "Loading initial ramdisk ...")"
sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
- module --nounzip ${rel_dirname}/${initrd}
+ ${module_loader} --nounzip ${rel_dirname}/${initrd}
EOF
fi
sed "s/^/$submenu_indentation/" << EOF
if [ "x$is_top_level" != xtrue ]; then
echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
fi
+ if ($grub_file --is-x86-multiboot2 $current_xen); then
+ xen_loader="multiboot2"
+ module_loader="module2"
+ else
+ xen_loader="multiboot"
+ module_loader="module"
+ fi
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
gettext_printf "Found linux image: %s\n" "$linux" >&2
;intl.use_exceptions = 0
[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
;sqlite3.extension_dir =
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
;intl.use_exceptions = 0
[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
;sqlite3.extension_dir =
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
projects / config / sarah / etc.git / commitdiff